Why Am I Seeing Error Code 523?
If a request goes through WAF over four times, WAF will block the request and return error code 523 to avoid endless loops. If error code 523 is returned for your website requests, check how many WAF instances you are using.
The following figure shows the traffic flow that may cause error code 523.
Cause 1: A website is connected to more than four WAF instances.
Error code 523 will return if a website has been connected to different types of WAF instances such as instances of cloud-CNAME access, dedicated, and cloud-ELB access more than 4 times.
Solution
Route website traffic to bypass redundant WAF instances.
- Log in to the WAF management console.
- In the navigation pane on the left, choose Website Settings.
- Locate the website for which 523 error code is returned, retain one configuration, and delete the website from redundant WAF instances. For details, see Deleting a Website from WAF.
To prevent service interruptions due to such deletions, perform the following operations before removing a website from WAF:
Cloud mode: Go to your DNS provider and resolve your domain name to the IP address of the origin server. Otherwise, the traffic to your domain name cannot be routed to the origin server.
Dedicated mode: Remove redundant WAF instances from the backend server group of the load balancer so that no requests are forwarding to those WAF instances. For details, see Changing a Backend Server Group.
Cause 2: A Third-party Interface That Uses Huawei Cloud WAF Was Called
When a request is forwarded to the third-party API, header and cookie are forwarded without being changed. Only the host is modified. This makes WAF count the requests without clearing historical records.
Solution
Modify the header field in the reverse proxy request. The operations are as follows:
This method can be used only when Nginx is deployed after WAF on the user traffic link.
- Use proxy_set_header to redefine the request header sent to the proxy server. Run the following command to open the Nginx configuration file:
(The following command is used when Nginx is installed in the /opt/nginx/ directory. Change the directory based on your situation.)
vi /opt/nginx/conf/nginx.conf
- Add proxy_set_header X-CloudWAF-Traffic-Tag 0 to the Nginx configuration file. The following is an example:
location ^~/test/ { ...... proxy_set_header Host $proxy_host; proxy_set_header X-CloudWAF-Traffic-Tag 0; ...... proxy_pass http://x.x.x.x; }
Cause 3: Origin Server IP address Was Mistakenly Set to an IP Address of WAF or A Proxy in Front of WAF
If the origin server address is mistakenly set to the back-to-source IP address of WAF or an IP address of the proxy in front of WAF, the website requests go to an endless loop and error code 523 is returned.
Solution
Check the origin server configurations and enter a correct origin server address. For details, see Editing Server Information.
Service Interruption Check FAQs
- How Do I Troubleshoot 404/502/504 Errors?
- Why Is My Domain Name or IP Address Inaccessible?
- How Do I Handle False Alarms as WAF Blocks Normal Requests to My Website?
- Why Does WAF Block Normal Requests as Invalid Requests?
- Why Is the Handle False Alarm Button Grayed Out?
- How Do I Whitelist IP Address Ranges of Cloud WAF?
- What Is the Connection Timeout Duration of WAF? Can I Manually Set the Timeout Duration?
- How Do I Solve the Problem of Excessive Redirection Times?
- Why Are HTTPS Requests Denied on Some Mobile Phones?
- How Do I Fix an Incomplete Certificate Chain?
- Why Does My Certificate Not Match the Key?
- Why Am I Seeing Error Code 418?
- Why Am I Seeing Error Code 523?
- Why Does the Website Login Page Continuously Refreshed After a Domain Name Is Connected to WAF?
- Why Does the Requested Page Respond Slowly After the HTTP Forwarding Policy Is Configured?
- How Can I Upload Files After the Website Is Connected to WAF?
- Why Am I Seeing Error Code 414 Request-URI Too Large?
- What Do I Do If the Protocol Is Not Supported and the Client and Server Do Not Support Common SSL Protocol Versions or Cipher Suites?
- Why Cannot I Access the Dedicated Engine Page?
- Why Is the Bar Mitzvah Attack on SSL/TLS Detected?
- What Do I Do If the CPU Usage of the Origin Server Reaches 100%?
- Why Cannot the Vulnerability Scanning Tool Scan Real Services on My Website Protected with WAF?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore