3

The logic behind the solution I'm designing implies that if an AccessDeniedException is thrown it's an hacking attempt.

It would be nice, for logging purposes, to record those hacking attempts, for example which user (if authenticated) is performin those attacks, and the IP from when those attacks are carried out. I could therefore blacklist IPs or disable the user.

Can I override AccessDeniedException to allow that? Is that advisable? Of course instead of calling directly an AccessDeniedException I could have another service which performs the above mentioned logging actions plus throwing the AccessDeniedException.

Thoughts?

Thanks!

Sergio Negri
  • 2,023
  • 2
  • 16
  • 38
  • 2
    You could have a listener that listen for a `Kernel::EXCEPTION` (`kernel.exception`), then check if it is an `AccessDeniedException` and then do you logic depending on that... I think. – qooplmao Jan 09 '15 at 09:51
  • To better distinguish a real attack (and to store the relative data) I think is more useful putting the logic on a separated listener for each type of common attack or security related issue, like session hijacking, brute forcing on login form, prevent a infinite user session (time based) and so on, but based on `kernel.request`, then you can customize like you want the relative exception thrown or redirect to a customized page to show a nice response to the end user. – gp_sflover Jan 09 '15 at 15:02
  • @gp_sflover I'm sure this solution is more complete, but I have no clue how to implement it. Will have to look more the documentation :/ – Sergio Negri Jan 11 '15 at 17:44
  • @SergioNegri See http://symfony.com/doc/current/cookbook/service_container/event_listener.html and http://symfony.com/doc/current/cookbook/logging/monolog.html. – Johan Apr 29 '15 at 13:02

0 Answers0