Custom error codes and access logging

xirtam · Friday at 11:29 AM

I use mod_security to return a custom error code 6xx on some requests, so I can later work them with crowdsec actions.
However any request with non conventional error codes is not logged at all in the webserver access_log.
For example if I have a rule in mod_security that uses deny:403 I get it in the logs. If I change the return code to something like 6xx it doesn't.
Is this expected behaviour or a bug? Maybe a config flag somewhere that can be changed?

LiteCache · 2026-04-11T08:29:22+0100

Any status code smaller 100 and higher 599 is invalid. Using status codes outside this range causes error 500, so this is not a OLS bug or malfunction.

https://www.rfc-editor.org/rfc/rfc9110.html

xirtam · 2026-04-11T08:37:32+0100

LiteCache said:

I see, I read in RFC 2616 it says:

I supposed it would work. Well I'll just use 418.
Anyway logging, even an unknown response, should always be done. In the logs there isn't even a 500 error in place of my 6xx (or a 600 like RFC says). Not being able to understand the response code doesn't mean it shouldn't be logged, just not honored.

LiteCache · 2026-04-11T08:51:26+0100

OLS is not Apache. If OLS doesn't use status code 500 if a status code outside the valid range is used this is just an undefined case in OLS. You can complain about this, but before you do, you should first familiarize yourself with RFC.

btw. Blocking requests by IP address is extremely ineffective. You might as well try tilting at windmills.

xirtam · 2026-04-11T08:59:20+0100

LiteCache said:

I forgot to say I use LSE not OLS. I expect a correct logging nonetheless. No matter what response code is there. Logging should not have anything to do with following up a request or not. It's just that, logging.
About the blocking, this is just one of the solutions in place. These are block rules for specific requests we know are made by scrapers and\or malware and not yet in blocking lists (mod_sec known bad behaviours rules, crowdsec paid lists, etc). We just picked the 666 code for fun, but could just use any regular one like the 418 we ended up using (and was made for fun too, 418 = "I'm a teapot").
We focus on a specific CMS, for which we provide professional hosting, and we have our own set of custom rules created by experience.
Anyway I just wanted to know if it was normal to not have anything logged at all.

Anyway talking about RFC, it's clearly stated that:

So it should at least respond and log a 500 error. LSWS replies my status code 666 actually. that's not the problem. The problem is that the relative logs don't happen. So this is clearly a bug or at least a not compliancy of RFC you quoted.

LiteCache · 2026-04-11T09:05:25+0100

LSE = LSWS (LiteSpeed Enterprise Web Server) also follows RFC, but you should use LSWS support for related questions or issue. The behaviour is different. https://www.litespeedtech.com/support/forum/

xirtam · 2026-04-11T09:09:49+0100

Yeah I know. Anyway the RFC you quoted should be applied regardless of the version. So it applies to both. Even OLS replies correctly with my 666 code. it's just that the logging of such request is bugged and doesn't happen.
having a correct 666 reply and nothing logged it's clearly a bug. if ols\lsws replies to that request it SHOULD log it nonetheless. if you don't want to honor that request is ok, but then RFC says you should answer 500, not 666. and be logged nonetheless.
the problem is not the handling of the request, that again happens correctly with my error code 666, it's the not logging of anything.

LiteCache · 2026-04-11T12:06:20+0100

I appreciate your efforts to block scrapers and other unwanted requests. However, be aware that this isn't possible with conventional methods. The challenge lies in identifying these unwanted requests, but you only have known HTTP parameters at your disposal, which are very easy to mask. So you're fighting an enemy you don't know! So rethink the way you want to block!

FYI: Logging doesn't help!

xirtam · 2026-04-11T12:10:05+0100

LiteCache said:

You clearly didn't understand anything of what I'm doing. I said I already know how to recognize the ones I need to, because we are expert sysadmins who works vertically on this CMS by years. I don't need any help about it.

My only need is that ANY request, bots or not, HAS TO be logged, REGARDLESS of what return code I may set on them. Logging has nothing to do with process the request, you can always discard it, but you MUST log what you do either way. This is BY RFC as I quoted from YOUR RFC link. And both OLS and LSWS don't respect this rule. End of story.

LiteCache · 2026-04-11T12:17:47+0100

xirtam said:

That's a given, but don't try to apply your "personal logic" to how something should work.

xirtam · 2026-04-11T12:36:31+0100

LiteCache said:

No, it's not my personal logic. It's RFC. Quoted from RFC:

"SHOULD process the response as if it had a 5xx" means it HAS to be logged as one too. Process includes logging, if a normal 5xx request is logged by the webserver. Since LS logs them, it should logs invalid statuses too.

LiteCache · 2026-04-11T14:49:09+0100

Congratulations! Sue LiteSpeed for violating the RFC!

xirtam · 2026-04-11T15:01:57+0100

LiteCache said:

You brought up the RFC compliance, not me. I just posted a bug.

Custom error codes and access logging

xirtam

New Member

LiteCache

Active Member

xirtam

New Member

LiteCache

Active Member

xirtam

New Member

LiteCache

Active Member

xirtam

New Member

LiteCache

Active Member

xirtam

New Member

LiteCache

Active Member

xirtam

New Member

LiteCache

Active Member

xirtam

New Member