We use our nginx error logs to monitor our system closely. Recently, we've been hit with a lot of requests with malicious intent, and thus have blocked their IPs using a "deny " directive. This has worked as expected, but unfortunately, our error logs are still flooded with "error" with "access forbidden by rule...." messages. Why is a successful denial being logby intercollector - Nginx Mailing List - English