502 errors only through Ashburn, VA (IAD)

Why will only one colo (IAD) get 502 errors to a particular site?

Doesn’t Cloudflare monitor these?

Quite often, the server is blocking a Cloudflare IP address. It could just be that there’s more traffic going through IAD, triggering a firewall response at your end.

Cloudflare doesn’t monitor 502 errors because there’s nothing Cloudflare can do about them.


Or is the Cloudflare edge showing this 502 screen?

I thought I implied but should have specified that it’s only people accessing the site through IAD and no others colo. The 502 occurs more often than not (like 98%). It started via IPv6 only but now it’s also IPv4. Some of those users have switched to a VPN to access the site from a location other than IAD. I haven’t experienced it myself, not being on IAD, but 502 is the reported error.

As sdayman already mentioned, which error message do they receive exactly?

But, if you are sure it has nothing to do with your server configuration, you can also open a support ticket.

A user who normally has no problem whatsoever used a VPN to access the site via colo=IAD as verfied by /cdn-cgi/trace. The site uses no IP filtering.

Error 502
Ray ID: 45f0558e0ac856db . 2018-09-23 22:09:11 UTC

To be clear, the page is the full graphic:

Browser (working) -> Ashburn (working) -> Host error (bad gateway)

That all points to something at your host’s end not responding to Cloudflare’s request.

I understand it’s limited to the IAD datacenter, but I advise that in addition to opening a Support ticket here, that you also contact Support at your host and see if they can see any blocked connections.

There were 4 .js resources that would not load, plus a handful of .jpg files. These would get either a 502 or, more commonly, a 522 error. At times in the past, users were getting similar errors for different resources. The symptoms changed almost daily. At one point, users that turned off IPv6 were able to access the site but it was a temporary fix.

Other resources from the same location on the web server would load without a problem.

Ultimately we came up with a workaround for users on IAD with a free VPN that got them away from IAD.

Stopping access to IAD and some combination of turning off IPv6 to get the resources via IPv4 and clearing the Cloudflare cache managed to clear up the problem. Clearing the cache alone did not fix it.

Nothing, repeat, NOT A THING was changed on the web server.

All users on IAD turned off the VPN and are functioning normally, for now.

Anyone else convinced that it’s the Cloudflare cache?

That should have been a case for a support ticket.

1 Like

My guess is some anti-DDOS mechanism used by the server or the host. Maybe the IP addresses being returned from IAD aren’t whitelisted or something of the sort.

This topic was automatically closed after 14 days. New replies are no longer allowed.