On 2/10/2011 2:21 AM, Nick Gearls wrote:
Probably not, but as we specify the time-outs to allow all normal requests (we hope), I'd like to be warned when an attack occurs, but also if one of my genuine customers is blocked (to possibly fine-tunes the time-outs).
We should figure out what the general case would be for users. Since per-module logging levels is a reality, it's a trivial matter to let the server admin decide if they want to log these messages. My concern with putting it at WARN level (and a server admin doesn't want these messages), they may accidentally suppress other warnings. I may be speaking out of turn, though, since I don't know what messages this module emits and at what levels.
Another option would be to set an environment variable, so I could check it and handle my notification manually.
Maybe I misunderstand the idea, but why wouldn't creating a 'LogTimeoutErrors' (or something to that effect) directive be The Right Thing to do in this case?
-- Daniel Ruggeri
