An "error" that maybe should be an "info" or "debug"

Maxim Dounin mdounin at
Fri Jan 24 15:46:22 UTC 2014


On Thu, Jan 23, 2014 at 06:22:40PM +0100, Albert Casademont Filella wrote:

> Hi all,
> We have a media server and we protect certain files from being accessed by
> external ips, we just allow access from our static ip. Everything works ok
> and a 403 is thrown to those who try to access the files.
> server {
>     listen ***;
>     root   ***;
>     {some other settings}
>     # protect original image files
>     location ~* "/[0-9]+\.(jpg|jpeg|tif|tiff|png|gif)$" {
>         allow ***;
>         deny all;
>     }
> }
> However, an entry like this is logged in the error.log
> 2014/01/23 17:44:44 [error] 31071#0: *2701529 access forbidden by rule,
> client: ***, server: ***, request: "GET /29531.png HTTP/1.1", host: "***"
> Is this really an nginx error? Couldn't this be lowered to an "info" or
> "debug" level message?

While this isn't an nginx error, it's either user or a configuration 
error, and lowering the logging level will likely result in 
confusion if the access is forbidden unintentionally and/or for 
other reasons it's not clear why the error is returned.

Currently, the error_log with a higher level can be used in a 
particular location if such errors are common and shouldn't be 
logged.  If it doesn't work for you for some reason, than adding 
something similar to log_not_found and/or limit_req_log_level 
directives can be considered.

Maxim Dounin

More information about the nginx-devel mailing list