3

I have some mod_rewrite rules to redirect junk requests made by bots to a static 404 page, like:

RewriteRule ^(.*)\.asp(.*)$ https://%{SERVER_NAME}/errors/404.html [L,R=301,NC]

I have a few dozen of these rules. However, upon inspecting my Apache error log, I'm seeing, for every single request, a log entry is being created for every single rule, like:

[Wed May 30 10:52:59.740327 2018] [rewrite:trace3] [pid 2021:tid 140011088312064] mod_rewrite.c(476): [client 10.91.178.131:62065] 10.91.178.131 - - [example.com/sid#7f56e5f7bc18][rid#7f56dc0100a0/initial] applying pattern '^(.*)\\.asp(.*)$' to uri '/admin/', referer: https://example.com/admin/record/149/

Why is Apache applying every rule to every URL when they obviously don't match? This is ballooning my error log, and making it virtually impossible to find actual error messages. How do I stop this, or at the very least, stop Apache from spamming the log file with these entries?

Cerin
  • 3,600
  • 19
  • 61
  • 79

1 Answers1

3

Why is Apache applying every rule to every URL when they obviously don't match?

It's not necessarily applying the rule, it's testing whether it should be applied, and that's what this "debugging" log entry is for. This additional level of logging is not enabled by default - someone has explicitly enabled this in the server config and seemingly (inadvertently) left it enabled. This should never be enabled permanently on a production server.

On Apache 2.4+ look for the LogLevel directive in your server config / virtual host. For example:

LogLevel rewrite:trace3

Note, however, that it's possible to set the log level of several modules (or all modules) with a single directive. Setting the LogLevel to debug, trace1 .. trace8 is considered "debug"-level. The higher the level, more messages are logged.

And either remove it, comment it out, or set it to the default:

LogLevel warn

Reference:
https://httpd.apache.org/docs/2.4/mod/core.html#loglevel

MrWhite
  • 12,647
  • 4
  • 29
  • 41