I am not opposed. However, there is an explanation added to the request error 
notes, which normally appears in the 403 response if I am not mistaken?

-Stefan

> Am 20.09.2018 um 11:40 schrieb Plüm, Rüdiger, Vodafone Group 
> <ruediger.pl...@vodafone.com>:
> 
> Can we have set it to info? Debug is very verbose for SSL just to find out 
> why a HTTP request was replied to with a 403.
>  
> Regards
>  
> Rüdiger
>  
> Von: William A Rowe Jr <wr...@rowe-clan.net> 
> Gesendet: Montag, 17. September 2018 22:27
> An: httpd <dev@httpd.apache.org>
> Betreff: Re: minor nit in mod_ssl
>  
> On Mon, Sep 17, 2018 at 2:56 AM Stefan Eissing <stefan.eiss...@greenbytes.de> 
> wrote:
> >
> > mod_ssl/ssl_engine.kernel.c, 353: logs ERR (APLOGNO(02033)) when 
> > strict_sni_vhost_check is enabled and a request comes in without SNI. 
> >
> > Question: is a downgrade from ERR to INFO/DEBUG backportable or do we 
> > consider this a break of compatibility?
> 
> 
>  
> On Mon, Sep 17, 2018 at 10:43 AM William A Rowe Jr <wr...@rowe-clan.net> 
> wrote:
> >
> > It is entirely appropriate to turn down the volume. That's what 
> > module-by-module loglevels are there for.
> 
> 
> This is the loglevel of typical garbage request streams;
> 
> [Mon Sep 17 11:44:43.036820 2018] [core:debug] [pid 26317:tid 
> 140199172134656] protocol.c(965): (20014)Internal error (specific information 
> not available): [client 127.0.0.1:34974] Failed to read request header line 
> (null)
> [Mon Sep 17 11:44:43.036871 2018] [core:debug] [pid 26317:tid 
> 140199172134656] protocol.c(1318): [client127.0.0.1:34974] AH00567: request 
> failed: error reading the headers
> [Mon Sep 17 15:24:46.146311 2018] [core:debug] [pid 26413:tid 
> 140199180527360] protocol.c(860): [client127.0.0.1:35330] AH02418: HTTP 
> Request Line; Unrecognized protocol 'HTTP/1.xx' (perhaps whitespace was 
> injected?)
> 
> It seems that TLS missing SNI fits this same debug-level pattern of 
> diagnostics.

Reply via email to