Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

How Do I Troubleshoot 404/502/504 Errors?

Updated on 2024-04-12 GMT+08:00

If an error, such as 404 Not Found, 502 Bad Gateway, or 504 Gateway Timeout, occurs after a domain name is connected to WAF, use the following methods to locate the cause and remove the error:

404 Not Found

Scenario 1: When a visitor accesses your website, the page shown in Figure 1 is displayed.
Figure 1 404 page
Cause: The port added to a URL is incorrect.
  • A non-standard port is configured when a domain name is connected to WAF. No port is added or the origin server port instead of the non-standard port is used to access the website. For example, use https://www.example.com or https://www.example.com:80 to access the website.

    Solution: Add the non-standard port to the URL and access the origin server again, for example, https://www.example.com:8080.

  • No non-standard port is configured when a domain name is added to WAF. A non-standard port or the origin server port is used to access the website. For example, use https://www.example.com:8080 to access the website.
    NOTE:

    If no non-standard port is configured, WAF protects services on port 80/443 by default. To protect services on other ports, re-configure domain settings.

    Solution: The domain name needs to be accessed directly. For example, https://www.example.com.

Scenario 2: When a visitor accesses your website, another 404 error page is displayed instead of the page shown in Figure 1.

Cause: The website does not exist or has been deleted.

Solution: Check your website.

502 Bad Gateway

Scenario: Website access is normal after the WAF configuration is complete. However, after a certain period of time, a 502 Bad Gateway error is reported frequently.
NOTE:

If your web server is not deployed on the cloud, consult your server provider about whether the server has default block settings. If there are default block settings, ask the service provider to remove them.

Possible causes are as follows:

  • Cause 1: Your website is using another security protection software. The software considers back-to-source IP addresses of WAF as malicious and blocks the requests forwarded by WAF. As a result, the site becomes inaccessible.

    Solution: Add the WAF IP address ranges to the whitelist of the firewall (hardware or software), security protection software, and rate limiting module.

  • Cause 2: Multiple backend servers are configured. However, one backend server is unreachable.
    Perform the following steps to check whether the origin server configuration is correct:
    1. Log in to the management console, click Service List in the upper part of the page, and choose Security > Web Application Firewall.
    2. In the navigation pane, choose Website Settings.
    3. In the Protected Website column, click the domain name to go to the Basic Information page.
    4. In the Server Information area, click . On the displayed page, check whether the client protocol, server protocol, origin server address, and port used by the origin server are correct.
    5. Run the curl command on the host to check whether each origin server can be properly accessed.
      curl http://xx.xx.xx.xx:yy -kvv

      xx.xx.xx.xx indicates the IP address of the origin server. yy indicates the port of the origin server. xx.xx.xx.xx and yy must belong to the same origin server.

      NOTE:
      • The host where the curl command can be run must meet the following requirements:
        • The network communication is normal.
        • The curl command has been installed. curl must be manually installed on the host running the Windows operating system. curl is installed along with other operating systems.
      • You can also enter http://origin server address:origin server port in the address bar of the browser to check whether the origin server can be properly accessed.

      If connection refused is displayed, the origin server is unreachable and website cannot be accessed. Perform the following operations:

      • Check whether the server is running properly. If it is not, restart the server.
      • Add the WAF IP address ranges to the whitelist of the firewall (hardware or software), security protection software, and rate limiting module.
  • Cause 3: Origin server performance

    Solution: Contact your website owner to rectify the fault.

504 Gateway Timeout

Scenario: After the configuration of connecting a domain name to WAF is complete, your website works properly. However, with the increasing traffic volume, the number of 504 errors also increases. If you directly access the IP address of the origin server, the 504 error code is returned sometimes.

The possible causes are as follows:

  • Cause 1: Backend server performance issues (such as too many connections or high CPU usage)
    Solution:
    1. Optimize the server configuration, including TCP network parameters and ulimit parameters.
    2. To handle large-scale service increase, use method 1 or method 2 to perform the processing.

      Method 1: Add a backend server group to the ELB load balancer.

      Method 2: Create an ELB. Use the EIP of ELB as the IP address of the server to connect to WAF.
      1. Log in to the management console, click Service List in the upper part of the page, and choose Security > Web Application Firewall.
      2. In the navigation pane, choose Website Settings.
      3. In the Protected Website column, click the domain name to go to the Basic Information page.
      4. In the Server Information area, click . On the displayed page, click Add.
    3. If the Client Protocol is HTTPS, you can use HTTPS on the WAF side. However, it is recommended that HTTP (Server Protocol) to forward the requests to your web server, lowering the computational demands on backend servers.
  • Cause 2: The WAF back-to-source IP addresses are not whitelisted or your origin server port is not enabled.

    Solution: Whitelist the WAF back-to-source IP addresses in the corresponding ECS security groups.

  • Cause 3: The origin server has a firewall and the firewall blocks the WAF IP addresses.

    Solution: Whitelist the WAF back-to-source IP addresses in the corresponding ECS security groups or uninstall the firewall software except WAF.

  • Cause 4: Connection timeout and read timeout

    Solution

    • Database queries are slow.
      • Tune services to shorten the query duration and improve user experience.
      • Modify the request interaction mode so that the persistent connection can have some data transmitted within 60 seconds, such as ACK packets, heartbeat packets, keep-alive packets, and other packets that can keep the session alive.
    • It takes a long time to upload large files.
      • Tune services to shorten the file upload time.
      • An FTP server is recommended for file upload.
      • Upload the file through an IP address or a domain name that is not protected by WAF.
      • The default timeout period for a dedicated WAF instance to respond origin servers is 180s.
    • The origin server is faulty.

      Check whether the origin server works properly.

  • Cause 5: The bandwidth of the origin server exceeds the upper limit.

    Solution: Increase the bandwidth of the origin server.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback