Re: mod_reqtimeout logging
On Thursday 10 February 2011, Daniel Ruggeri wrote: On 2/10/2011 2:21 AM, Nick Gearls wrote: Probably not, but as we specify the time-outs to allow all normal requests (we hope), I'd like to be warned when an attack occurs, but also if one of my genuine customers is blocked (to possibly fine-tunes the time-outs). We should figure out what the general case would be for users. Since per-module logging levels is a reality, it's a trivial matter to let the server admin decide if they want to log these messages. My concern with putting it at WARN level (and a server admin doesn't want these messages), they may accidentally suppress other warnings. I may be speaking out of turn, though, since I don't know what messages this module emits and at what levels. For trunk, WARN is OK becasue the admin can set mod_reqtimeout's loglevel separately and mod_reqtimeout doesn't log anything else. For 2.2.x, I am reluctant to bump it to warn, as this may become too noisy. And the acess log should already record the timeouts with status 408. Another option would be to set an environment variable, so I could check it and handle my notification manually. Maybe I misunderstand the idea, but why wouldn't creating a 'LogTimeoutErrors' (or something to that effect) directive be The Right Thing to do in this case? For 2.2.x we would need something like that to make it configurable. But do we really need that?
Re: mod_reqtimeout logging
Probably not, but as we specify the time-outs to allow all normal requests (we hope), I'd like to be warned when an attack occurs, but also if one of my genuine customers is blocked (to possibly fine-tunes the time-outs). Another option would be to set an environment variable, so I could check it and handle my notification manually. On 9/2/2011 18:13, Eric Covener wrote: On Wed, Feb 9, 2011 at 10:28 AM, Nick Gearlsnickgea...@gmail.com wrote: Hello, When an attack (timeout) is detected, it is logged at the info level. Shouldn't this be considered as a warning? Can it know when one of the timeouts looks malicious vs. just being delayed?
Re: mod_reqtimeout logging
On 2/10/2011 2:21 AM, Nick Gearls wrote: Probably not, but as we specify the time-outs to allow all normal requests (we hope), I'd like to be warned when an attack occurs, but also if one of my genuine customers is blocked (to possibly fine-tunes the time-outs). We should figure out what the general case would be for users. Since per-module logging levels is a reality, it's a trivial matter to let the server admin decide if they want to log these messages. My concern with putting it at WARN level (and a server admin doesn't want these messages), they may accidentally suppress other warnings. I may be speaking out of turn, though, since I don't know what messages this module emits and at what levels. Another option would be to set an environment variable, so I could check it and handle my notification manually. Maybe I misunderstand the idea, but why wouldn't creating a 'LogTimeoutErrors' (or something to that effect) directive be The Right Thing to do in this case? -- Daniel Ruggeri
Re: mod_reqtimeout logging
On Wed, Feb 9, 2011 at 10:28 AM, Nick Gearls nickgea...@gmail.com wrote: Hello, When an attack (timeout) is detected, it is logged at the info level. Shouldn't this be considered as a warning? Counters would be nice for this since you want to know something about the big picture before worrying about it. Really, it would be great to have a general framework for maintaining counters of different types of events, for consumption by various sorts of modules. (SNMP,, server-status display, logging current values at intervals, alerting when certain counters are increasing too quickly, etc.).
RE: mod_reqtimeout logging
I am as well. WARN sounds good. Regards Rüdiger -Original Message- From: Jim Jagielski Sent: Mittwoch, 9. Februar 2011 16:40 To: dev@httpd.apache.org Subject: Re: mod_reqtimeout logging I'd be +1 on moving it higher... On Feb 9, 2011, at 10:28 AM, Nick Gearls wrote: Hello, When an attack (timeout) is detected, it is logged at the info level. Shouldn't this be considered as a warning? Regards, Nick
mod_reqtimeout logging
Hello, When an attack (timeout) is detected, it is logged at the info level. Shouldn't this be considered as a warning? Regards, Nick
Re: mod_reqtimeout logging
I'd be +1 on moving it higher... On Feb 9, 2011, at 10:28 AM, Nick Gearls wrote: Hello, When an attack (timeout) is detected, it is logged at the info level. Shouldn't this be considered as a warning? Regards, Nick
Re: mod_reqtimeout logging
On Wed, Feb 9, 2011 at 10:28 AM, Nick Gearls nickgea...@gmail.com wrote: Hello, When an attack (timeout) is detected, it is logged at the info level. Shouldn't this be considered as a warning? Can it know when one of the timeouts looks malicious vs. just being delayed? -- Eric Covener cove...@gmail.com