When a request is blocked because of a too long header line (like a cookie, but not limited to), there is no indication in the error log if you're at WARN level. This kind of problem will not be detected by administrators (nor in case of attack, neither in case of genuine requests).