I've been getting many of these error emails from my django site. They look like they are triggered from some automated exploit. Here is one example.
Referrer: http://example.com/fck/editor/filemanager/upload/test.html
Requested URL: /fck/editor/filemanager/upload/test.html
User agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)
IP address: 127.0.0.1
Please help me answer 2 questions:
How can I configure Django to log the real ip origin of the exploiter, i.e., something along the lines of REMOTE_ADDR instead of the localhost ip.
Is there a way to reject requests with fake referrers to begin with? The requested and referred URLs are certainly not valid links from my own example.com site, and have never been.
Thanks
I figured out my own problem so in case anyone else need this info, here goes...
I kept getting the localhost ip in the error email because my django server lives behind a reverse proxy on the same machine. In this scenario REMOTE_ADDR is always the localhost address.
There is no template or custom error reporting mechanism to get other variables into the broken link email because the email is hardcoded in django's CommonMiddleware The custom error reports mentioned in previous comments has nothing to do with this.
So in order to get the real ip address, I wrote a middleware to replace REMOTE_ADDR with HTTP_X_FORWARDED_FOR. Supposedly there is a security issue involved since HTTP_X_FORWARDED_FOR can be easily faked but that is all that can be done without a CommonMiddleWare patch to actually include both ip variables.