Created attachment 35967 [details] Patch suggestion to replace APLOG_DEBUG with APLOG_INFO With changes for https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25 important: Apache HTTP Request Parsing Whitespace Defects (CVE-2016-8743) http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions was introduced and defaults to strict in 2.4.24 It took me two days on prod environemnt to understand why HTTP Requests got rejected with HTTP 400 Bad Request. If I would have had LogLevel core:debug it would have been faster, but this is not the expected LogLevel on Prod Systems. [Thu Jun 14 09:38:22.660889 2018] [core:debug] [pid x:tid x] protocol.c(839): [client XXX:38308] AH03448: HTTP Request Line; Excess whitespace (disallowed by HttpProtocolOptions Strict I suggest to replace in server/protocol.c around line 820 all APLOG_DEBUG with APLOG_WARNING or APLOG_INFO So that the reason gets obvious in logs, like it was done with eg. APLOGNO(00561) if (deferred_error != rrl_none) { if (deferred_error == rrl_badmethod) ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03445) "HTTP Request Line; Invalid method token: '%.*s'", field_name_len(r->method), r->method); else if (deferred_error == rrl_badmethod09) ... else if (deferred_error == rrl_badprotocol) ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02418) "HTTP Request Line; Unrecognized protocol '%.*s' " "(perhaps whitespace was injected?)", field_name_len(r->protocol), r->protocol); r->status = HTTP_BAD_REQUEST; goto rrl_failed; } Sorry I am not to test compile the attached patch suggestion!