Online transaction failures often show up as "500: Internal Server Error" in web server access logs. In many instances determining the root cause of the failure is a difficult task. It could either be a bug associated with a specific HTTP request alone or the result of an undesirable state created by previous HTTP transactions. The latter case, which we call workload dependent faults, are relatively difficult to diagnose or even reproduce. In this paper we present a methodology to detect and identify such disruptive workload pattern for any web based IT system - in other words determine a specific set of HTTP transactions (or URL's) causing an internal error on the access of a specific URL. Only web server logs are used as input.