503's in Cache Analytics - But Can't Find Them!

Howdy folks – I’ve been trying to track down a high rate of 503 errors shown in Cache Analytics but no matter where I look or grep through in my logs I can’t seem to find them.

Should a 503 in Cache Analytics map up to a 503 on my server in my logs? I’ve even searched the logs for some very specific URL’s with small volumes but I only find 200 OK status in my logs for them.

Might the 503’s represent that a request was intercepted by CF firewall rules (captcha/browser challenge)? Or does anyone have any explanation on what these can be? I have read through some of the help docs and posts about 503’s and some say they can mean multiple things. I am not finding any explanations so far that sound conclusive.

If 50% of my pageviews are resulting in a 503 it should be obvious in my logs or testing the site but this is not what I’m seeing.

Thanks in advance for any help.

If your service is not available it maybe also was not able to log the event as it never knew it should have been available.

Also these are not the PageViews, I think these are requests. If I call a site, it will in average call up to 70 requests. So may some of these requests fail?

Can you share your domain?

These stats are limited to just the base html/php, excluding everything else. So essentially it is a pageview (or should be). I have also cut this report down to just a few URL’s so I could take the member numbers you see there and grep through ALL my logs looking for the 503’s.

The only explanation if my server is generating them would seem to be that I am not logging them. But I’ve tried to rule that out, and I should be getting complaints about this if they are real 503’s. I am getting complaints about the CF challenges people are getting but not a single complaint about 503’s.

I’d rather not post the domain here, but I don’t think there is anything to see there anyway. These stats are from a tightly controlled subdomain where we are testing cloudflare on a small portion of suspicious traffic, and on a single page.

I am expecting to see a large number of challenges so if 40-50% are being intercepted by challenges and that is what this 503 stat is – this would make perfect sense. I’m wondering if anyone can confirm or deny the plausibility of this theory.

The ratio of 503 to 200 requests isn’t as bad on the php page underlying the “members” URL’s in the screen shot of my original post. Those get rewritten to this php page. This is still a high number of 503’s and I would expect them to be easy to find in the logs by volume. Unfortunately, since stats in analytics are rolled up without URL parameters, I may not have a way to correlate the stats here with specific requests like I should be able to do with the “members” links.

Screenshot 2020-12-09 at 5.28.57 PM

This screen shot seems to confirm that they will not be found in my server logs… “not served by origin or cache - response generated by Cloudflare”

So I think this suggests that challenge pages do have a 503 status code? So do 403 correlate to challenge fails? And then are these requests counted twice in most cases… once as a 503 challenge and then again as either 200 or 403?

Correct. JS Challenge page will return 503.

Yes.

The result should match with the Firewall Events.

1 Like

Thanks @erictung

You specifically said “JS challenge will return 503” – does this mean that captcha interceptions do not?

1 Like

Captchas will get 403 instead. Just tested.

1 Like

Oh cool… thanks for doing that!! I see – so 503’s are js challenge and then 403 are captchas. This makes perfect sense with the numbers I am seeing.

Thanks again for testing and figuring this out!

I wonder if this should be added to the community help pages? I’m new around here so am unsure how that is done. The current page for 503 does not seem to explain this.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.