2010/4/29 Mark Thomas <ma...@apache.org>: > This was prompted by [1]. For a number of mal-formed requests, the > CoyoteAdaptor will reject them before they reach the access log valve. There > is currently no means of logging these rejected requests in Tomcat.
Some requests are rejected by a connector, if it cannot parse the request. Some are rejected even earlier, at connection stage (e.g. in endpoint), if there are no resources to process it. HTTPS requests can be rejected during negotiation phase. Are we going to log at all places where connector calls response.setStatus(400) ? I think that if response status is sent, it can be logged in access log, but I am not sure that this will provide much help for the administrator. "There was something that resulted in response 400". Maybe consider some different log as well, e.g. some special log category in the log subsystem. The message format can be arbitrary, e.g. looking at the example in logs.html, see "client denied by server configuration" message there -- who knows what it means? Also, one can consider that the connection attempts can be rejected at any network device along the way, and HTTP requests can be rejected by any HTTP proxy. Those will never end in our AccessLogs. We can consider our own premature rejections in the same way: these are something different from "processed requests". Based on the above, it sounds as "1.". Can the solution be pluggable, e.g. to do not always use the logging subsystem and e.g. to allow to perform some filtering, DoS protection before logging? If we go with "2.": Regarding which AccessLog instance to use: I am fine with logging such requests at the ROOT application. That is where all funny random requests from bots end anyway. One has to select the correct host, though. By the way, there is also one thing where our Access Log differs from the one provided by HTTPD: processing of "%t" element: Tomcat and HTTPD 1.3 log the time when the request processing was completed (time when the log statement was written) The current versions of HTTPD, starting with 2.0, log the time when the request was received. Some links: HTTPD 2.2: http://httpd.apache.org/docs/2.2/logs.html http://httpd.apache.org/docs/2.2/mod/mod_log_config.html http://httpd.apache.org/docs/2.2/mod/mod_log_forensic.html HTTPD 1.3: http://httpd.apache.org/docs/1.3/logs.html Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
