OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: minor nit in mod_ssl


Can we have set it to info? Debug is very verbose for SSL just to find out why a HTTP request was replied to with a 403.

 

Regards

 

Rüdiger

 

Von: William A Rowe Jr <wrowe@xxxxxxxxxxxxx>
Gesendet: Montag, 17. September 2018 22:27
An: httpd <dev@xxxxxxxxxxxxxxxx>
Betreff: Re: minor nit in mod_ssl

 

On Mon, Sep 17, 2018 at 2:56 AM Stefan Eissing <stefan.eissing@xxxxxxxxxxxxx> wrote:
>
> mod_ssl/ssl_engine.kernel.c, 353: logs ERR (APLOGNO(02033)) when strict_sni_vhost_check is enabled and a request comes in without SNI.
>
> Question: is a downgrade from ERR to INFO/DEBUG backportable or do we consider this a break of compatibility?


 
On Mon, Sep 17, 2018 at 10:43 AM William A Rowe Jr <wrowe@xxxxxxxxxxxxx> wrote:
>
> It is entirely appropriate to turn down the volume. That's what module-by-module loglevels are there for.


This is the loglevel of typical garbage request streams;

[Mon Sep 17 11:44:43.036820 2018] [core:debug] [pid 26317:tid 140199172134656] protocol.c(965): (20014)Internal error (specific information not available): [client 127.0.0.1:34974] Failed to read request header line (null)
[Mon Sep 17 11:44:43.036871 2018] [core:debug] [pid 26317:tid 140199172134656] protocol.c(1318): [client 127.0.0.1:34974] AH00567: request failed: error reading the headers
[Mon Sep 17 15:24:46.146311 2018] [core:debug] [pid 26413:tid 140199180527360] protocol.c(860): [client 127.0.0.1:35330] AH02418: HTTP Request Line; Unrecognized protocol 'HTTP/1.xx' (perhaps whitespace was injected?)

It seems that TLS missing SNI fits this same debug-level pattern of diagnostics.