My team uses the django.utils.log.AdminEmailHandler, but along with a filter I wrote - infrastructure.log.SkipNessusScanFilter
So, the security team moved its Tenable Nessus scanner from on-premise to the cloud (for public sites), and as usual, the scanner is misconfigured to use an IP address rather than the service URL, so that they are testing Django's built-in security (ALLOWED_HOSTS) rather than anything more. But since they are coming from AWS IPs now, my whitelist of scan IPs is no longer effective, and we again receive something like 5000 emails for a typical scan. While I can fix that by filtering out instead exceptions about SuspiciousOperation, I have a bigger problem - we will be going to cloud, and AWS SES charges $0.10 for each 1000 emails. Even though a misconfiguration would only mean $1.50 or so in charges, a targeted DoS attack (against a government site), could be a much more expensive proposition. While adding a filter for maybe django.core.exceptiopns.SuspiciousOperation or django.db.utils.OperationalError should be easy, achieving the rich formatting while putting the data into an ORM model (with a CLOB) would consume a lot more development cycles. Maybe there is an existing Django package that already addresses these issues? Maybe others have home grown solutions they can propose? Thanks in advance, -Dan -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/d5a7bd5c-2ad2-467a-a6ba-e6b6aaa50ab1%40googlegroups.com.
