Opened 10 years ago
Last modified 4 years ago
#606 new enhancement
lower log level of ngx_http_access_module forbidden access
Reported by: | Jérémy Lal | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | 1.6.x |
Keywords: | Cc: | ||
uname -a: | Linux myhost.host.tld 3.14-2-amd64 #1 SMP Debian 3.14.15-2 (2014-08-09) x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.6.1
TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module --add-module=/build/nginx-naOmgm/nginx-1.6.1/debian/modules/nginx-auth-pam --add-module=/build/nginx-naOmgm/nginx-1.6.1/debian/modules/nginx-dav-ext-module --add-module=/build/nginx-naOmgm/nginx-1.6.1/debian/modules/nginx-echo --add-module=/build/nginx-naOmgm/nginx-1.6.1/debian/modules/nginx-upstream-fair --add-module=/build/nginx-naOmgm/nginx-1.6.1/debian/modules/ngx_http_substitutions_filter_module |
Description
When using the deny/allow ip directives of the ngx_http_access_module,
nginx logs the denied accesses with level "error".
If there are many unauthorized clients, it fills the error log with useless messages,
and changing the log level is not acceptable since it hides legitimate errors.
I propose to set the log_level for "access forbidden by rule" messages to info, notice, or warn
instead of error.
Note:
See TracTickets
for help on using tickets.
See also #2149.