diff --git a/README.md b/README.md
index a9463ac..8a17740 100644
--- a/README.md
+++ b/README.md
@@ -85,6 +85,10 @@ SSH.Enabled = false # Default true
 # Used if target not specifies in some [[Domains]] section
 # And for direct access via IP address in manual or self-signed mode
 DefaultTarget = "8080"
+# If true, will filter spam to stdout from http/https servers.
+# Messages like`http: TLS handshake error ...` occur due to
+# bots/crawlers checking all public addresses.
+FilterSpam = true
 # If true will drop privileges if started from root. 
 # Will not be able to save state(tokens) between restarts.
 DropPrivileges = false 
diff --git a/main.go b/main.go
index 7af46b9..3fb505d 100644
--- a/main.go
+++ b/main.go
@@ -44,6 +44,7 @@ type Config struct {
 		Cert  string
 		Key   string
 	}
+	FilterSpam       bool
 	DropPrivileges   bool
 	Listen           string // Interface to listen
 	DefaultTarget    string
@@ -101,6 +102,7 @@ func main() {
 	cfg.SSH.AuthorizedKeys = "~/.ssh/authorized_keys"
 	cfg.Certificate.Type = "self-signed"
 	cfg.DefaultTarget = "8080"
+	cfg.FilterSpam = true      // Less spam like `http: TLS handshake error...`
 	cfg.DropPrivileges = false // Drop privileges if started from root
 	cfg.Listen = "0.0.0.0"
 	cfg.RedirectHTTP = true   // Start server on 80 port that will redirect all to 443 port
diff --git a/ssl-proxy.go b/ssl-proxy.go
index f54fcc9..5a0d086 100644
--- a/ssl-proxy.go
+++ b/ssl-proxy.go
@@ -138,7 +138,13 @@ func startWebServer() {
 			http.Redirect(w, r, "https://"+r.Host+r.RequestURI, http.StatusMovedPermanently)
 		}
 		go func() {
-			err := http.ListenAndServe(cfg.Listen+":80", http.HandlerFunc(redirectTLS))
+			// TODO MaxHeaderBytes and timeouts to read/write/idle
+			httpServer := http.Server{
+				Addr:     cfg.Listen + ":80",
+				Handler:  http.HandlerFunc(redirectTLS),
+				ErrorLog: newServerErrorLog(),
+			}
+			err := httpServer.ListenAndServe()
 			if err != nil {
 				log.Fatal("HTTP redirection server failure", err)
 			}
@@ -159,6 +165,7 @@ func startWebServer() {
 			Addr:      address,
 			TLSConfig: m.TLSConfig(),
 			Handler:   mux,
+			ErrorLog:  newServerErrorLog(),
 		}
 		err = s.ListenAndServeTLS("", "")
 	} else {