[GH-ISSUE #22515] feat: Support Whitelist Filtering in AuditLoggingMiddleware #35258

Closed
opened 2026-04-25 09:29:22 -05:00 by GiteaMirror · 0 comments
Owner

Originally created by @ShirasawaSama on GitHub (Mar 10, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/22515

Check Existing Issues

  • I have searched for all existing open AND closed issues and discussions for similar requests. I have found none that is comparable to my request.

Verify Feature Scope

  • I have read through and understood the scope definition for feature requests in the Issues section. I believe my feature request meets the definition and belongs in the Issues section instead of the Discussions.

Problem Description

Currently, AuditLoggingMiddleware only supports blacklist-based filtering. In my use case, I only need to log administrator operations. Using a blacklist makes configuration cumbersome and less reliable because new endpoints or actions may be added and accidentally get logged or ignored incorrectly.

Desired Solution you'd like

Add support for a whitelist (allowlist) configuration in AuditLoggingMiddleware, allowing users to explicitly specify which routes, actions, or users should be logged. This would make it easier to restrict audit logging to specific operations such as administrator actions.

Alternatives Considered

Continue using the existing blacklist mechanism, but this requires continuously maintaining and updating the exclusion list, which is error-prone and less clear compared to explicitly defining the operations that should be logged.

Additional Context

No response

Originally created by @ShirasawaSama on GitHub (Mar 10, 2026). Original GitHub issue: https://github.com/open-webui/open-webui/issues/22515 ### Check Existing Issues - [x] I have searched for all existing **open AND closed** issues and discussions for similar requests. I have found none that is comparable to my request. ### Verify Feature Scope - [x] I have read through and understood the scope definition for feature requests in the Issues section. I believe my feature request meets the definition and belongs in the Issues section instead of the Discussions. ### Problem Description Currently, AuditLoggingMiddleware only supports `blacklist-based` filtering. In my use case, I only need to log administrator operations. Using a blacklist makes configuration cumbersome and less reliable because new endpoints or actions may be added and accidentally get logged or ignored incorrectly. ### Desired Solution you'd like Add support for a whitelist (allowlist) configuration in `AuditLoggingMiddleware`, allowing users to explicitly specify which routes, actions, or users should be logged. This would make it easier to restrict audit logging to specific operations such as administrator actions. ### Alternatives Considered Continue using the existing blacklist mechanism, but this requires continuously maintaining and updating the exclusion list, which is error-prone and less clear compared to explicitly defining the operations that should be logged. ### Additional Context _No response_
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#35258