osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: minor nit in mod_ssl


It is entirely appropriate to turn down the volume. That's what module-by-module loglevels are there for.


On Mon, Sep 17, 2018, 02:56 Stefan Eissing <stefan.eissing@xxxxxxxxxxxxx> wrote:
Just a quick question, if we can reach consensus here:

mod_ssl/ssl_engine.kernel.c, 353: logs ERR (APLOGNO(02033)) when strict_sni_vhost_check is enabled and a request comes in without SNI.

Question: is a downgrade from ERR to INFO/DEBUG backportable or do we consider this a break of compatibility?


Rationale: This is annoying me in my logs where I scan for errors daily. While I can filter this out, I'd rather have the server behave better by default. The requests at my server are done by scanners, who monitor responses on port 443. Nothing I can do about and they will not go away.

Cheers,

Stefan