id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
2149	disable access forbidden by rule in error_log	peter.volkov@…		"There are lot's of cases (see below) when we do not want to log errors cause by **deny** rule in nginx:

{{{
2021/03/11 00:12:44 [error] 45842#0: *7562867097 access forbidden by rule, ...
}}}

For example our current use-case, we've used deny to disable DOS attack on our service and as a result, we have a huge error_log. To disable this message we have to set the level of logging to critical. This is bad since we'll lose useful errors. We need a configuration option (maybe similar to log_not_found) to disable this logging.


Look there was a lot of request on mailing list:

http://mailman.nginx.org/pipermail/nginx/2010-October/023273.html
http://mailman.nginx.org/pipermail/nginx/2017-July/054346.html
http://mailman.nginx.org/pipermail/nginx-ru/2015-July/056294.html
http://mailman.nginx.org/pipermail/nginx-ru/2016-January/057388.html
(and more!)

serverfault:
https://serverfault.com/questions/782321/nginx-deny-ip-access-forbidden-by-rule-in-error-log
https://serverfault.com/questions/743337/disable-nginx-logging-for-forbidden-by-rule
(and more!)

stackoverflow easily searchable lots of posts on this subject as well. Lots of people need some kind of solution here."	defect	closed	minor		nginx-core	1.18.x	duplicate		peter.volkov@…	Linux m9-vss1-dvr1 5.4.80-gentoo-r1 #2 SMP Tue Dec 1 13:39:43 -00 2020 x86_64 Intel(R) Xeon(R) CPU E5-2680 v4 @ 2.40GHz GenuineIntel GNU/Linux	"nginx version: nginx/1.18.0
built with OpenSSL 1.1.1d  10 Sep 2019
TLS SNI support enabled
configure arguments: --prefix=/usr --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error_log --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --with-cc-opt=-I/usr/include --with-ld-opt=-L/usr/lib64 --http-log-path=/var/log/nginx/access_log --http-client-body-temp-path=/var/lib/nginx/tmp/client --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --with-compat --with-http_v2_module --with-pcre --without-http_grpc_module --without-http_ssi_module --without-http_upstream_hash_module --without-http_upstream_zone_module --with-http_flv_module --with-http_geoip_module --with-http_mp4_module --with-http_realip_module --with-http_secure_link_module --with-http_stub_status_module --with-http_realip_module --add-module=external_module/nginx_upstream_check_module-9aecf15ec379fe98f62355c57b60c0bc83296f04 --add-module=external_module/nginx-push-stream-module-0.5.4 --add-module=external_module/ngx_http_geoip2_module-3.3 --with-http_ssl_module --without-stream_access_module --without-stream_geo_module --without-stream_limit_conn_module --without-stream_map_module --without-stream_return_module --without-stream_split_clients_module --without-stream_upstream_hash_module --without-stream_upstream_least_conn_module --without-stream_upstream_zone_module --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --user=nginx --group=nginx"