What Should I Do If Error 500, 502, or 504 Is Reported When I Access My Website After I Enable Basic Web Protection for My Domain Name?
Errors 500, 502, or 504 may be displayed when you access your website after enabling basic web protection for it. The error page may also display connection failure with WAF and your website, as shown in Figure 1.
There are many possible causes, such as firewall interception, incorrect origin server configuration, insecure HTTPS/WebSockets versions, and back-end server performance problems.
The following are the possible causes and solutions:
- Interception by the firewall, security protection software installed on the back-end server, or the rate limiting policy
Symptom: Error 502 is reported at high possibility a while after basic web protection is enabled for a domain name.
Solution: Add the proxy IP address range to the whitelist of the firewall (hardware or software), security protection software, or rate limiting module.
- Incorrect origin server configuration
Symptom: After basic web protection is enabled for your domain name, you access your website but error 502 or 500 is reported at high possibility (when multiple back-end servers are configured).
Solution: Locate the target domain name in the domain name list, click Edit in the Operation column to check whether the forwarding protocol, IP address, and port number are correct.
As shown in Figure 2, you can try to visit http://xx.xx.xx.108:80 and https://xx.xx.xx.108:443 to check whether the back-end service port is enabled.
- Insecure HTTPS/WebSockets versions
Symptom: After basic web protection is enabled, you access your website and error 502 is reported at high possibility for HTTPS/WebSockets services. However, if you visit by IP address, you can access your website.
Solution: An earlier SSL version has serious security risks. WAF supports TLS1.2 and later. If such error is displayed because an early version of SSL is used by your server, upgrade your SSL version.
You can try to visit https://www.ssllabs.com/ssltest/index.html to check the SSL version.- If the OS of your web server is earlier than Windows Server 2008, the SSL protocol does not support TLS1.2 and later. In this case, you need to upgrade the server OS to Windows Server 2008 or later (or a new version of Linux) and enable TLS1.2 in services such as IIS.
- If your web server does not run Windows, check whether the SSL protocol is TLS1.2 or later.
- Poor back-end server performance
Symptom: After basic web protection is enabled, your service works properly. However, when the number of access requests increases, error 502 or 504 increases as well. If you directly access your web server, there is also possibility that the error is returned.
Solution:
- Optimize the server configuration, including TCP network parameters and Ulimit parameters.
- Increase the number of back-end ECSs to support increasing requests. AAD supports multiple back-end servers.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot