Error codes displayed when visiting server policy
There are some predefined web pages with error codes that will replace HTML pages:
Go to System > Config > Replacement Message, click the Predefined or User Defined items to check details.
Error code 503 (Server Unavailable)
Possible causes
- Server Health Check is ON while the back-end server status is Down.
- Server Health Check is OFF and the back-end server status is Down.
-
When
replacemsg-on-connect-failure
is enabled, and the back-end server status is unstable, in this situation the health check is still UP while the connection to back-end server may be failed.Please note that the predefined HTTP HC is set with Interval 10, Timeout 3, and Retry_Times 3, so the back-end server status may change from UP to Down in 23 (the 1st HC starts just when back-end server gets down) or 30 seconds (the back-end server gets down just after the previous HC succeeds).
config server-policy policy
edit "1"
set replacemsg-on-connect-failure enable
set tcp-conn-timeout 10
next
end
- Server policy uses content routing without setting default and no content route is matched.
Troubleshooting methods
-
How to judge whether the error code 503 is returned by the back-end server or by FortiWeb?
The Response Bytes in Traffic log is usually larger than 1K when it’s from FortiWeb. This is a simple way (but not always correct) to judge when you cannot see the response page.
-
Disable replacement-on-connect-failure
If this option is enabled, when the health check is disabled and the backend server is not responsive, FortiWeb will send the 503 error code to the client.
When enabled, you should also configure
tcp-conn-timeout
to specify the timeout value. When the health check is disabled and the back-end server is not responsive, FortiWeb will wait for such specified time until it sends the 503 error code.config server-policy policy
edit "1270571790_api_test_com"
set replacemsg-on-connect-failure disable
next
end
- Remove the web protection profile or modules included in the server-policy
-
Bypass waf functions:
config server-policy policy
edit "1270571790_api_test_com"
set noparse enable
next
end
Please note: do not enable noparse on content routing, otherwise content routing will not work.
Error code 500 (Internal Server Error)
- This error is returned w hen the visit is recognized as an attack and denied by WAF modules.
-
Sometimes when WAF features fail to process the traffic flow, for example, when a rewrite/redirect rule is configured but failed to correctly handle the request, FortiWeb will respond 500. In this situation, please collect
diagnose debug flow
logs for further analysis.