|
| Sun ONE Web Proxy Server 3.6 SP2 Administrator's Guide - UNIX Version |
Chapter 13 Proxy Error Log Messages
This chapter defines some of the errors the proxy commonly reports. They are listed alphabetically by the words of the message. The errors are categorized also by severity.
The categories of severity for proxy server error log messages are:
- Catastrophe is a fatal error, a software crash, or other serious error that causes the client to receive no service, partial service, or totally invalid service.
- Failure means something failed, the proxy handled the error, but the error may still cause the proxy to function improperly or to fail to process a request.
- Inform is an informational log entry.
- Misconfig means something was misconfigured in a configuration source such as magnus.conf or obj.conf.
- Warning flags something that could be a normal operational error, but may also be a more serious error such as misconfiguration (e.g., host unreachable).
- Security is information or a warning that indicates if there's reason to believe that someone is trying to intrude through the proxy. This category of errors is Unix-specific.
Proxy Error Messages
The following errors are those that commonly appear in the proxy server's error log.
Catastrophe
cache file size not in sync with cache information.
The system suddenly went down or the file system became full during the cache write, or the cache file has otherwise been truncated. Normally the proxy notices any abnormal conditions, but if an outside agent causes cache files to become corrupt, the proxy will issue this message. The corrupt cache file will be removed and a new one created during the next request.
cannot open file .../.cache-size for writing—the cache may overflow if the condition persists
The proxy failed to write the current cache size to the file that contains it. This could be a temporary condition, but if it persists the proxy will not be able to keep track of its cache size. This can cause the cache to overflow on high-impact systems. It's possible the write permissions aren't correct for the user account the proxy uses.
cannot read header section from the cache file
The cache file is truncated, or permissions are such that the cache file cannot be read. Care should be taken that the cache hierarchy is entirely readable and writable by the proxy user.
caught SIGSEGV or SIGBUS, trying to dump core in admin/config
The proxy encountered an internal software error. Contact iPlanet for help with this error. If you rarely encounter this error and it doesn't affect the proxy service, you can ignore this message.
failed to write cache status file
The write to the cache data directory (CacheRoot/.mc-data) failed. The condition might be temporary (for example, it was caused by a full file system), but if it persists, the proxy might stop caching until the situation is fixed. It's possible the permissions for the proxy's user account aren't specified correctly.
filesystem is full
The cache file system has become full. The proxy will halt any cache writes, and an attempt is made to signal the Cache Manager to activate immediately. Cache writes are resumed after the condition no longer persists. Consider allocating more space to the cache system.
filesystem permission problem in subdir .mc-data under Cache Root
The file system permissions are wrong under CacheRoot/.mc-data. Care should be taken that the entire CacheRoot directory and recursively all its subdirectories are readable and writable by the proxy user.
Failure
cache write aborted
Cache write was aborted because the remote server failed to send the entire document, the client disconnected, or some other error condition occurred.
called with no host name or address (or corrupt) [SSL proxy]
Proxy received an invalid SSL proxying request.
cannot create lock file ... (...)
The proxy failed to create a lock file; this might happen if the system resources are exhausted or the machine load is so high that the process holding the lock cannot get it. In the short term this error is harmless, and the proxy will automatically recover from it. However, if the condition persists for long periods of time it might cause cache overflow or other abnormal behavior. Check the permissions for the proxy's user account and the files under the cache root directory.
cannot open ... for writing -- caching disabled as long as error persists
cannot open cache output file ...
cannot open file .../.cache-size for appending - the cache may overflow if the condition persists
cannot open gc pid file -- cannot signal gc
cannot remove file ... -- may cause disk full detection to failThe file system permissions under the cache root or the server root are wrong, and the proxy cannot open the cache file for writing. On a heavily loaded system this can also be caused by a temporary failure to do disk I/O, which means this error could be ignored unless the condition persists. In the long term, this error can cause various malfunctions of the caching subsystem.
cannot signal gc pid ...; running start-proxy to respawn gc
After the file system full condition the Cache Manager couldn't be signaled to start cleaning the cache. The proxy will automatically attempt to spawn a new cache management process.
can't create socket (...)
can't bind (...)
can't connect (...)
can't get peer name (...)
can't get socket name (...)
can't make ... connection non-blocking
can't make client socket non-blocking (...)
can't make connection to ... non-blocking
can't make identd connection non-blocking (...)
connect failed (...)
connect to ... failed (...)
timed out sending ident requestThe SSL proxying module or the SOCKS daemon couldn't successfully execute the system call in question, as part of establishing a connection to either a remote host, or a remote identity daemon (identd).
can't connect to identd at ... -- access denied
Remote host is not running the identity daemon, and strict identity check is enabled.
can't connect to identd at ... -- error ignored
Remote host is not running the identity daemon, but loose identity check allows the request to be serviced.
can't locate host ...
The SSL proxy module is unable to locate the remote host.
connection timed out after ... seconds idle
The SSL proxy or SOCKS connection has been idle too long.
content-length mismatch; too many bytes received
The proxy received an incorrect amount of data while it was writing to the cache file. This is due to erroneous behavior on the remote server side and causes the cache file to be discarded.
disconnected by client/server/timeout/internal error condition with ... bytes in/outbound data undelivered
SOCKS or SSL proxying connection was terminated prematurely by one of the parties before all the pending data was transferred.
internal netlib timeout; process terminated
Proxy retrieval lasted too long. This is an internal timeout that cleans up processes that suddenly get blocked due to an unexpected error in the network or one of the proxy subsystems.
method without URI
The client sent an invalid proxy request.
no port number specified for host...
bad port number specified in ...Proxy received an invalid SSL proxying request (CONNECT method with no or a bad port number).
proxy retrieve failed: ...
A generic message when the retrieval failed due to a mistyped URL, a nonexisting host name, unreachable host or network, a disabled or overloaded server, or other unexpected network error.
proxy timeout; closing connection
The proxy didn't receive any data from the remote server in the proxy timeout period.
remote closed the connection prematurely (timeout?)
The remote server closed the connection before all the data was received, causing the cache write to abort and discard the cache file.
select over the two connections failed (...)
Unexpected error in SOCKD or SSL proxying module while passing data through the proxy.
while scanning proxy HTTP headers, ...
An error occurred while reading the request headers from the client.
... already locked
The cache file is already locked -- another process is already writing the cache file. This is merely informative, not an error.
cache-size sync in progress; abandoning scheduled sync
cache-size sync lock timed out; breaking it
removing timed-out lock file...
signalled gc to start immediatelyThese errors are informative and self-explanatory.
Warning
terminated, shutting down
Proxy was shut down by the TERM signal.
Security
cannot attempt to access the proxy as a normal HTTP server, URL: ...
Attempt to access the proxy as a normal server; this is usually simply a mistyped admin URL but might also reflect somebody trying to intrude in the local file system of the proxy using evil URLs, such as the ones containing /../. Netscape guards against any such attempts, and accessing the local file system is impossible, except for the admin interface.
denying service of ...
Service was denied by configuration.
SOCKS Error Messages
The SOCKS log file contains both error and access messages. The following are the error messages that may appear in this log.
accept failed on the bound socket (...)
The SOCKS daemon failed to establish the connection from a remote server, requested by the client (SOCKS BIND request).
fatal: error in config file
The configuration file had one or more errors (listed earlier in the log file) that made it futile to start up the SOCKS server
fatal: can't create listening socket
A TCP socket could not be created.
fatal: can't bind to socks port
Another application or daemon is using the SOCKS port.
fatal: can't listen at socket
An internal error occurred during startup.
error: unknown request type 0x0D from host name:port number
Someone tried to use the SOCKS server for something that does not use the SOCKS protocol.
error: auth: can't open password file /etc/filename !
The specified password file does not exist.
error: illegal route: route
The route specified in the configuration file isn't a valid IP address or interface.
error: unknown field in config: text
Something in the configuration file unrecognized.
error: can't open config file '/etc/filename'
The SOCKS server cannot open the specified configuration file.
error: ldap: can't authenticate to server (specific reason)
The bind DN or password was rejected by the LDAP server.
error: ldap: can't connect to servername:port
The specified LDAP server did not answer.
error: ldap: failed LDAP close (specific reason)
The SOCKS server could not close the connection to the LDAP server
error: ldap: server is down -- turning off LDAP auth
The LDAP server has vanished and ns-sockd cannot get in touch with it. ns-sockd will try to contact the LDAP server every few minutes, and once it is contacted, will enable LDAP authentication.
warning: ident: request from host name:port number is some text
The RFC 1413 ident response from that client was some text, not the user name
warning: auth: user user name tried to auth as user name
The user tried to authenticate as a user name even though the ident response was another user name
warning: socks4 request from host name:port number can't authenticate
The configuration file specifies that user name/password authentication is required for this connection. However, the client is using SOCKS4 and cannot authenticate that way. Thus, the client's request is denied and the SOCKS server logs a warning.
warning: request from host name:port number arrived via bad route!
A request arrived from the wrong interface meaning that someone is spoofing an IP address, or the route information in the configuration file is wrong.
warning: request from host name:port number failed ident check
The client did not send the required ident response, so the connection was dropped.
warning: passwd file: line number is bad
The format of the SOCKS5 password file is incorrect at or near the specified line.