I had written a few rewrite rules to disable HTTP TRACE and TRACK as part of VAPT. When looking at the httpd
logs, a dozen of [rewrite:trace3]
warning messages are logged per request and the actual error messages were lost. Below are the warning message snippets. This article will show you how to stop the Apache mod_rewrite log messages.
[Wed Nov 24 14:42:27.764555 2021] [rewrite:trace3] [pid 26610] mod_rewrite.c(470): [client 192.168.6.115:20746] 192.168.6.115 - - [portal.tg.com/sid#55fa32ce9f48][rid#55fa32f64fe0/initial] [perdir /var/www/html/admin/] add path info postfix: /var/www/html/admin/login -> /var/www/html/admin/login/ [Wed Nov 24 14:42:27.764657 2021] [rewrite:trace3] [pid 26610] mod_rewrite.c(470): [client 192.168.6.115:20746] 192.168.6.115 - - [portal.tg.com/sid#55fa32ce9f48][rid#55fa32f64fe0/initial] [perdir /var/www/html/admin/] strip per-dir prefix: /var/www/html/admin/login/ -> login/ [Wed Nov 24 14:42:27.764667 2021] [rewrite:trace3] [pid 26610] mod_rewrite.c(470): [client 192.168.6.115:20746] 192.168.6.115 - - [portal.tg.com/sid#55fa32ce9f48][rid#55fa32f64fe0/initial] [perdir /var/www/html/admin/] applying pattern '.*' to uri 'login/' [Wed Nov 24 14:42:27.764781 2021] [rewrite:trace5] [pid 26610] mod_rewrite.c(470): [client 192.168.6.115:20746] 192.168.6.115 - - [portal.tg.com/sid#55fa32ce9f48][rid#55fa32f64fe0/initial] setting env variable 'HTTP_AUTHORIZATION' to '' [Wed Nov 24 14:42:27.764793 2021] [rewrite:trace3] [pid 26610] mod_rewrite.c(470): [client 192.168.6.115:20746] 192.168.6.115 - - [portal.tg.com/sid#55fa32ce9f48][rid#55fa32f64fe0/initial] [perdir /var/www/html/admin/] add path info postfix: /var/www/html/admin/login -> /var/www/html/admin/login/
How to stop Apache mod_rewrite log message?
Generally, mod_rewrite applies each rule and tests whether it should be applied or not, and captures this event in the log file. This additional level of logging is not enabled by default, someone has explicitly enabled it in the server config and inadvertently left it enabled. Search for the below entry either in the webserver config file (httpd.conf
) or in your virtual host configuration.
LogLevel rewrite:trace3
You can either remove it or comment it out or set it to the default as below:
LogLevel warn
For more LogLevel directives refer to Apache documentation.