502 Gateway error from some countries


#1

I’ve read a lot of the 502 errors here on the community and https://support.cloudflare.com/hc/en-us/articles/218378978-What-should-I-do-after-seeing-a-502-or-504-gateway-error-on-my-site-

My host says they can’t see a problem anywhere and say it’s a cloudflare issue. Ho Hum.

I’m getting the typical 502 Bad Gateway page when viewing the site from Thailand or Singapore or Randomly in the USA. Using a VPN I have no issue from other countries.

I use SSL from Cloudflare.

I used challenge on one country last week (I’m now going to disable that, just in case that’s the issue)

I’ve submitted a support request.

Nothing is showing on any logs as errors. There’s been no outage or attacks that I can see.

This just started happening.

I disabled the orange cloud which also meant no SSL. So Https doesn’t work. But when I do this, the site from all countries works fine on http. If I enable the orange cloud again and try from Singapore I get an immediate 502.

Just wondering if anyone could share some insight into why the site is working on http and not https from some countries. I’m basically trying to understand where the problem is coming from given the above?


#2

Anybody?


#3

Hi @dtheme, do you see the name “cloudflare” appear at the bottom of the error message, like this https://support.cloudflare.com/hc/article_attachments/115004017672/error-502.png? If you cannot see that page, the 502 error is not coming from Cloudflare, and instead is coming from your origin server. If you can see that error page, then please include a copy of it with the ticket to the support team.

I did a quick check from the US and see ssl is active and the site loads securely…from here. If you want to share the domain with the community, perhaps someone in Singapore can can try to reproduce the error.


#4

Hi @cloonan Thanks for the reply.

The support team was just in touch and I’ve sent them the details.

It’s the Cloudflare branded 502 which from reading the support articles indicate it’s a host or origin server issue. However I spent a few hours with them last night and they are 100% saying there is no error from their side and no errors over the past week.

No cloudflare IPs are blocked by them either.

When Cloudflare is disabled and I access the site via http (as I lose ssl when I turn off cloudflare) there are also no 502s. So again the host is saying “Cloudflare is the issue”.

It’s a little bit like being stuck in the middle :confused:

The site is 100% giving 502s from Thailand and Spain. A VPN also confirms this on multiple devices. I’ve had people confirm this. And Google webmasters is giving me 524s.

Interestingly the branded Cloudflare 502 is preceded by a very fast 522 (timeout) before moving to a 502 page.

I’m a little bit at a loss as to what’s happening. I did put up a “challenge” on one country two weeks ago. I don’t know if that has any bearing on the issue. I removed the challenge last night.

Other than than, I’m a bit stumped!


#5

Hi @dtheme, a couple of ideas come to mind that may help:

  1. On the support ticket, would you please include a traceroute from a location that is successful and one that fails?
  2. If you want to share the domain name with the community, you may be able to get some other eyes on this

Here is information on traceroute


#6

Hi @cloonan

Yes, I’ve replied to the support ticket with traceroute details of both working and non-working locations.

Unfortunately it seems the support ticket did not log as I got a auto reply saying I should reply with a link to the support page. I’ve now replied both to the email and copied pasted the reply to the support ticket page.

The site is here.

I’ve tried removing a subdomain from cloudflare to let DNS propagation again as a test but the same issue some 24 hours later.

It’s now 1 week since this started.

Again, the host is adamant it is not them with CF whitelisted etc. They also point out the 522 error from Cloudflare before the 502 page takes over.

Thailand / Spain locations 100% not working and of course Google websmasters is now full of 522 errors too.

(edit)

So from a test subdomain. I can confirm that via http and grey cloud on Cloudflare the page goes through fine everywhere. But the moment I turn on the orange cloud I get the 522 and 502.

I’m at a loss as to what’s happening or how to fix it…


#7

I have the same exact problem. This started happening recenlty


#8

@avinesh.harnarain what countries are giving you the 502?


#9

Hi, @cloonan

Is there any way I can decipher the issue with traceroute myself?

I’ve sent the traceroutes to support but not heard back in 48 hours now. I’ve a host telling me it’s not them and Cloudflare saying it is, requesting traceroutes and then silence.

I’ve some choices to make and all I really need to do is ascertain if it’s the host or Cloudflare that’s causing this!

Any help would be appreciated.


#10

@dtheme it looks like your origin is actually not allowing TCP connections to us from all of our IP space, this is causing Error 522: Connection timed out among other errors. Can you confirm the ticket # you have with support?


#11

Hi @simon

Thank you so much. At least I have a more definitive head start on what’s happening. I’ve just told my host this (even though they’ve been denying it all week). Waiting on their reply again.

My CF ticket is #1559087


#12

OK - I have asked Support to take a look - I don’t want to share specifics here as it would need to reveal your origin IP address, but I suspect your host is blocking or rate limiting specific Cloudflare IPs, and having them whitelist our entire range ( https://www.cloudflare.com/ips ) should resolve this.


#13

Right now it is Spain and its some US users. We have two websites running on the same server/IP/Port and only one domain is giving us the issue


#14

Thank you @simon. My host says they have whitelisted CF and other domains on their server are working through CF.

I’ve escalated their side of it to the point of leaving the host. They said they’d get the admin to reply to me shortly.


#15

You might try contacting Cloudflare support and opening a ticket describing everything that’s happened to you.


#16

@simon @cloonan

Finally, after basically saying I was leaving my host escalated the issue and indeed Cloudflare IPs were blocked. Everything is now working well again.

Thank you for the support here.

I would really be great if Cloudflare had an option to test if a host was blocking their IPs. After reading through reams of similar errors here on the support site it seems to be a common occurrence.

If such a “self test” was available it might help users of Cloudflare pinpoint the problem quickly and efficiently without taxing Cloudflare support. Just an idea!