Issue with CloudFlare response
Hi guys, I have a page where I can filter a list of results.
the website is hosted on IIS.
my query parameters are like so:
the issue is, if I search for any dates where startDateMax is less than the 14th of March, the response is correct.
if I search anything from the date of 14th march or later on, without the other parameters changed,
I get the error
with status 502.
so the URL for the correct response would be this:
I believe this is an issue with CloudFlare because:
I connecting with Remote Desktop to the server, accessed the same URLs from the website's local IP (bypassing CloudFlare)
and the pages load correctly.
I also see no errors in my IIS logs or Event Viewer.
and if i check in CF > Analytics & Logs > HTTP Traffic and I find those calls, the Edge status codes are all , same thing with the Origin Status code.
any ideas? and thank you in advance
33 Replies
Can you share an example URL where we can reproduce the issue?
I'm afraid I can't unfortunately since that would be our client's page and needs credentials to access.
I am unable to replicate that in other pages
also if I check in Security > analytics for those calls I see 200 OK responses from both origin and edge
Could you share the full headers for both a successful and a failed request? Just remove any private info from the headers.
I'm trying to replicate the issue, but it doesn't happen for me. Is this a free Cloudflare account or paid?
it's a free Cloudflare account.
the error request has this data:
Response Headers:
===================================================
and this is the successful request data
Response Headers:
I have no idea why x-from-options header is there multiple times, might have to check the response from the server directly,
also is it possible to check somewhere in cloudflare the exact response from an HTTP request?
Can you check that the error isn't actually from your origin?
curl -svo /dev/null https://sub.example.com/path?query --connect-to ::SERVER_IP
Replace the domain/path/query and SERVER_IP
got this response running that so I guess the origin IS returning an error right?
but why if I access that same request from within the server's browser, there's no issue and the page loads correctly
No, that looks all good. And that was with the query string that caused the error when requested via Cloudflare?
yes that's the one with the cloudflare error
Oh, I just noticed the end "client returned ERROR on write of 13529 bytes"
That does not look good. Does the same happen if you use a "good" query string?
yes actually same error with a "good" query string:
not sure if it's worth mentioning, I copied the curl from the browser because I also needed the cookies since I need to be authenticated for that request.
I also had to add -k flag for self-signed certificates
Are you piping the curl output somewhere instead of using -o /dev/null ?
I gave it a try with an output to a .txt file for both the successful request and the error one.
both request filled the text files with the appropriate HTML codes and no errors were there
i guess the error before was because /dev/null was not a correct output directory
Hmm, sry for the late reply. I'm really out of ideas then.
Did the issue only start recently?
can you give the actual url? either here, or put it in a support ticket and post the ticket number here. I can glance at the logs for clues, no guarantee I'll find anything though
this just sounds weird and I don't have any guesses
yep it's only started recently.
it actually happened maybe about 2 weeks ago or more, then it resolved on it's own and now it's back again.
seems I can't create a support ticket with my account so this is the actual URL
(with error: )
tested just now:
https://hippodromecasino.smartrota.com/site/The-Hippodrome-Casino-Ltd/Gaming-Staff/manager-dashboard/occurrence-list?contractOption=All&occurrenceRule=&occurrenceType=&selectedName=&startDate=15%2f04%2f2025&startDateMax=30%2f04%2f2025
you won't be able to access the page since it'll redirect to the login, but if there's anything other info I could give let me know.
appreciate both your guys help
I don't have any logs captured for 502s on that zone. must not happen often enough, we don't store every request
I could retry right now if you're free to look
just gave it a go again right now, with the same url
the chance of catching a log line is low, let me get a trace token for you
okay, add this header to the request (good for a single use, and expires very quickly):
made a request with that header included just now
didn't catch it, must have been too late. let me make you a new id
try with that one
they really don't last long
done
got it this time. okay, let's see what happened
perfect
let me know if I can be of any help
wow okay, did not see that one coming. connection reset by peer
the origin is either closing the connection or crashing or something, when presented with this query
I hope this is somehow helpful - it's definitely not on our end
we got a whole chunk of response sent, and then it died
huh strange one for sure, I'll see if I can find something out
thank you again
so you got a partial response then it just ended?
it did something for about a second, sent us about 82kb of data, and then the connection died without finishing the response
that's a weird enough failure mode that it must have eluded our usual "report the error to the customer" logging pipeline
really weird one for sure, considering I don't get any errors or info in Event Viewer, IIS logs or even Sys32/HTTPErr files of the server
but this also wouldn't explain why it doesn't fail if I access it directly from the server IP right? or is there an explanation for that I'm missing
yeah beats me. must be something different about the request received through the CDN
connection reset is a weird failure mode so it could also be something at the network level. all we really know is that we received a RST packet for this socket
I'll likely have to compare the requests with Wireshark to see if I can find a difference between the CF forwarded one and the one being sent directly
Just another quick question: Could you check which http versions Cloudflare and direct visitors used to connect to the server?
they all are HTTP/2 version
I was able to get the logs, I guess it was taking some time for them to show up and this is the data I got now,
notice the 995 sc-win32-status code of the last request
the second and third (last) requests both failed when going through CF with the Bad Gateway error but seems only the third one returned the 995 code which translates to
the website's timeout limit was 120 seconds, even changed it to 300 but got 995 again when time-taken is 10565(ms)
I'm also not sure the headers from the cloudflare request are quite right (Connection close):
I've removed some uneccessary ones