Home / server / Questions / 743337
Accepted
Mr.Boon
Asked: 2015-12-16 23:01:54 +0800 CST

Disable Nginx Logging for "forbidden by rule"

  • 772

In my Nginx config I have some IP blocks in place, to fight off spammers & bots.

This is very effective, but as a result, my error logs get filled up super fast with error messages like these:

2015/12/16 00:56:28 [error] 27748#0: *120462 access forbidden by rule, client: 167.114.xxx.xxx, server: bla bla ....

Now I don't want to fully disable error logging, as I want to find out what is going wrong when something goes wrong. I just want to disable logging of these "forbidden by rule" messages.

Any idea how to do this?

nginx

3 Answers

  1. Best Answer

    As mentioned here, use conditional logging (access_log directive):

    Enabling Conditional Logging

    Conditional logging allows excluding trivial or non-important log entries from the access log. In NGINX, conditional logging is enabled by the if parameter of the access_log directive.

    For example, it makes possible to exclude requests with HTTP status codes 2XX (Success) and 3XX (Redirection):

    map $status $loggable {
    ~^[23]  0;
    default 1; }

access_log /path/to/access.log combined if=$loggable;

    EDIT: as @zsero described in comment, conditional logging is only supported with the access_log - not with the error_log directive.

    • 3

  2. There is better solution, suggested by upstream - to use geo block with if to reject requests like:

    geo $blocked {
    default 0;
    1.1.1.1/32 1;
}
...
server {

  if ($blocked) {
    return 444;
  }
}
    • 2

  3. I used this nginx config to ignore malicious requests on hidden files:

    location ~ /\.(?!well-known).* {
    return 444;
}

    Returning a 444 (Connection Closed Without Response) closes the connection and doesn't log any error.

    • 2