httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <>
Subject Re: no http-404 errors in ErrorLog
Date Fri, 08 Feb 2013 05:38:02 GMT

Am 07.02.2013 21:54, schrieb Stefan Fritsch:
> On Thursday 07 February 2013, Reindl Harald wrote:
>> ErrorLog "/var/log/apache_error.log"
>> LogLevel info
>> what is here "fixed in 2.4.1"?
>> httpd-2.4.3 does not log 404 errors in ErrorLog
>> imagine admins like me with some hundret vhosts and all
>> of the systems and templates are developed inside the
>> own company - fine with httpd-2.4 you have to grab in
>> each access-log to see typos - that is impossible
>> the "opening for a denial of service attack on the disk
>> space of the server" is simply borked because the same
>> would affect CustomLog and if you do not want 404 in
>> the ErrorLog use a higher LogLevel
>> additionally if your server allows a DOS to the disk
>> space from single client-IPs you should consider
>> learning to use rate-controls in front of the httpd
> The level was changed to info, because the gazillions of error log 
> entries caused by bots and missing favicon.ico files were not 
> considered to be very valuable.

"touch /vhost/favicon" and you are done

hopefully with "info" we do not get gazillions other messages
in prdocutin which is hard to say now on a small testbed

> Switching the loglevel to info works for me:

interesting - now it works here too, yes i had hard restarted httpd

> If you can provide a simple example config that sets the loglevel for 
> core to info but does not log these messages, please file a (new) PR 
> in bugzilla.

i will do if this happens again

> As a workaround, you may want to look at mod_log_debug's LogMessage. 
> That can do logging conditional on the status and also catches cases 
> where some modules set the status to 404 without logging something to 
> the error log

hmm sounds interesting

on the other hand i try to load as less modules as possible to
minimize ressource usage and possible vulerabilities, code
which is not loaded does not make troubles over the long :-)

View raw message