500-class response codes indicate a server failure occurred while the WAF processed a request.
When integrated with the StackPath WAF, it's possible you may encounter 502 or 504 errors. These errors are commonly caused by either incorrect settings, origin server firewalls, origin server issues or connection timeouts.
You can use this document to learn how to prevent and troubleshoot 502 and 504 errors that your users may see.
|502 - Bad Gateway
You use the edge server (WAF) as a proxy, and then the WAF receives an invalid response from the origin server, also known as the upstream server.
|504 - Gateway Timeout
You use the edge server (WAF) as a proxy, and then the WAF does not receive a timely response from the origin server.
Troubleshooting 502 Errors
Review common causes for 502 errors and how to troubleshoot them:
|The WAF does not connect to the correct server.
Ensure that the IP address set in your origin is correct.
If you use a domain as your origin, then ensure that the domain resolves to the correct IP address.
A firewall (or other security device) blocks the request.
Verify that your firewall does not drop requests from the WAF.
Verify that DDoS protection settings have not been triggered by origin pull requests from the WAF.
Disable CMS security plug-ins, and then refresh your site.
Verify that you have allowlisted StackPath IP blocks on your server's firewall.
The domain is not resolving properly
Verify that your DNS records are properly configured and propagated.
Origin pull encounters a redirect loop
cURL the origin URL to see where the redirect is going.
Troubleshooting 504 Errors
By default, the WAF will maintain a connection with an origin before the connection times out for 10 seconds.
- This time limit is configured to avoid negatively affecting the network and overall performance of the WAF.
Review the following ways to troubleshoot a 504 error:
- Verify that the host header is set correctly in the StackPath Control Portal.
- Verify that the HTACCESS file is correct on the server, especially if WordPress has been recently reinstalled or restored.
- Verify that you have allowlisted StackPath IP blocks on your server's firewall.
- To learn more, see Review and Allowlist CDN / WAF IP Blocks.
- Verify that the server is not having problems at the WordPress, the Apache/NGINX/WebServer, or at the Operating System level, such as:
- Permissions issues in the operating system
- Database corruption
- Server hardware/infrastructure issues
- Issues with server's resources (RAM, Disk i/o, CPU)
- Server issues that prevent WordPress from properly accessing its database or other resources
- If you are unsure how or what to check or you do not have access to your server's operating system, then contact your hosting provider.
Viewing 5xx Errors in the Browser
A 502 or a 504 error in the browser indicates that the web server is unable to respond to the WAF's initial request to your server for that HTML, which will return a 5xx error.
Review the following table to view examples of different message types you may see in a browser:
|502 Error Examples
|504 Error Examples
Each error has multiple examples with different wording, which can vary from site to site; however, all examples indicate the same overall message.
Viewing 5xx Errors in the Terminal
To view these errors via terminal, use a cURL command to send an HTTP request to your site via your Edge Address.
cURL against the edge address to make sure that the WAF is proxying the connection to the origin.
Review the following example:
curl -I myEDGEADDRESS.stackpathcdn.com
HTTP/1.1 504 Gateway Timeout
date: Thu, 13 Dec 2018 14:53:45 GMT
In the above example, note that:
- A response of 504 Gateway Timeout is present
- The X-HW header ends in p, which indicates that this request was proxied to the origin.
- The X-HW is inserted by StackPath and indicates where an asset is served from, what PoP the request is going to, and if the response came from CDN cache (if applicable) or from a proxied connection to the origin.
When the WAF proxies a request, the WAF passes the request to the origin server and then reports to the browser what was received. In this case, the server gave a 504.