[4.1.x] Fix #542 - Disable confusing log lines

(cherry picked from commit fdffb4a)
irrdnet · Aug 24, 2021 · 8efe5a8 · 8efe5a8
1 parent 672908e
commit 8efe5a8
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/irrd/server/access_check.py b/irrd/server/access_check.py
@@ -6,7 +6,7 @@
 logger = logging.getLogger(__name__)
 
 
-def is_client_permitted(ip: str, access_list_setting: str, default_deny=True) -> bool:
+def is_client_permitted(ip: str, access_list_setting: str, default_deny=True, log=True) -> bool:
     """
     Determine whether a client is permitted to access an interface,
     based on the value of the setting of access_list_setting.
@@ -17,8 +17,9 @@ def is_client_permitted(ip: str, access_list_setting: str, default_deny=True) ->
     try:
         client_ip = IP(ip)
     except (ValueError, AttributeError) as e:
-        logger.error(f'Rejecting request as client IP could not be read from '
-                     f'{ip}: {e}')
+        if log:
+            logger.error(f'Rejecting request as client IP could not be read from '
+                         f'{ip}: {e}')
         return False
 
     if client_ip.version() == 6:
@@ -32,12 +33,13 @@ def is_client_permitted(ip: str, access_list_setting: str, default_deny=True) ->
 
     if not access_list_name or not access_list:
         if default_deny:
-            logger.info(f'Rejecting request, access list empty or undefined: {client_ip}')
+            if log:
+                logger.info(f'Rejecting request, access list empty or undefined: {client_ip}')
             return False
         else:
             return True
 
     allowed = any([client_ip in IP(allowed) for allowed in access_list])
-    if not allowed:
+    if not allowed and log:
         logger.info(f'Rejecting request, IP not in access list {access_list_name}: {client_ip}')
     return allowed
diff --git a/irrd/server/whois/query_parser.py b/irrd/server/whois/query_parser.py
@@ -682,8 +682,8 @@ def handle_nrtm_request(self, param):
         if source not in self.all_valid_sources:
             raise WhoisQueryParserException(f'Unknown source: {source}')
 
-        in_access_list = is_client_permitted(self.client_ip, f'sources.{source}.nrtm_access_list')
-        in_unfiltered_access_list = is_client_permitted(self.client_ip, f'sources.{source}.nrtm_access_list_unfiltered')
+        in_access_list = is_client_permitted(self.client_ip, f'sources.{source}.nrtm_access_list', log=False)
+        in_unfiltered_access_list = is_client_permitted(self.client_ip, f'sources.{source}.nrtm_access_list_unfiltered', log=False)
         if not in_access_list and not in_unfiltered_access_list:
             raise WhoisQueryParserException('Access denied')