Environment
Novell iChain 2.3 Support Pack 4
ic23sp4ir1a.exe applied
Secured protected resource configured
Access control text based logging enabled (enabled by default)
Situation
iChain 2.3 setup with numerous secure protected resources, implying
authentication and access control required for these resources.
Periodically, the iChain server console would display either of the
following messages when users accessed these resources:
- ACL: ** WARNING ** : URL, too long
- ACL: ** WARNING ** : Destination Host, too long
- ACL: ** WARNING ** : Source Host, too long
- ACL: ** WARNING ** : URL, too long
- ACL: ** WARNING ** : Destination Host, too long
- ACL: ** WARNING ** : Source Host, too long
Resolution
Cosmetic warning for administrators and can be ignored. Turning off
access control logging will also prevent the error being displayed
at the server console.
Additional Information
When logging the access control information, we allocate a 4k
buffer for each log entry. This 4k needs to handle all information
about the request e.g. username information, IP address
information, source and destination host information, matches,
URLs, etc. To make sure that all the information is handled within
this buffer, we limit the URL field entry, as well as the source
and destination Host field entries.
If the Hosts DNS name is greater than 256 bytes, we will display the first 256 bytes and display the HOST WARNINGs above.
If the URL size is greater than 512 bytes, we will log the first 512 bytes and display the URL WARNING message above.
If the Hosts DNS name is greater than 256 bytes, we will display the first 256 bytes and display the HOST WARNINGs above.
If the URL size is greater than 512 bytes, we will log the first 512 bytes and display the URL WARNING message above.