The existing logging around HTTP connections is poor. Some improvements that could be made:
- There are several messages that are logged on every connection creation and disconnect, sometimes resulting in large amounts of un-informative log spam. These could be moved to a higher vlog level.
- More vlog-ing in general could be added to help in debugging issues.
- The frequent "auth failed" message that gets logged in the not-actually-an-error situation that a client doesn't send an auth header on its first connection attempt until it sees the WWW-Authenticate can be misleading.