Let's say we are initiating oauth flow from our server and the provider times out. What do we return as status code? 503 for try again later or 504 to state some other server timed out?
I think 502 are the most appropiate in this case
502 Bad Gateway
A 502 error means that a website server that is serving as a reverse
proxy for the website origin server (for example, a CDN PoP) did not
receive a valid response from the origin server. This may be because
the origin server is experiencing issues, there is an invalid or
incorrect DNS name, or because a firewall on the origin server has
blocked the reverse proxy server request.
This may also occur when requests at the origin server are taking
several minutes to complete and a caching tool such as Varnish Cache
has been instructed to timeout after a set number of seconds. Varnish
Cache has a default timeout of 60 seconds, which section.io recommends
keeping for security and alerting reasons.
504 Gateway Timeout
Similar to the 502 error, the 504 Gateway Timeout error occurs if the
server that is acting as a proxy for the website origin server did not
receive a response from the website origin server within a set time
period. This may indicate an issue with the DNS host or hosting
company, or with the connection or configuration between the reverse
proxy servers and the website origin server.
More info here https://www.section.io/blog/504-503-errors-difference/
There is already an interesting question that has a similar context as yours, and there are a varied number of choices that you choose from.
Maybe have a quick look at this question.
In my opinion, from all the above-mentioned choices of HTTP status codes, I would recommend using 419 that states the following as per the documentation:
419 Authentication Timeout
Not a part of the HTTP standard, 419 Authentication Timeout denotes that previously valid authentication has expired. It is used as an alternative to 401 Unauthorized in order to differentiate from otherwise authenticated clients being denied access to the specific server
Related
Gone through HTTP response codes .. and understands the what these response codes(rcodes) stands for
But I am not sure what rcode will be sent to client/consumer(say browser) in below scenario. I am using NGINX as reverse proxy and Apache as HTTP
server running web application(say app) behind the NGINX.
Couple of scenario
Runtime error occurs in app which by throws rcode as 500(runtime error code by default). My understanding is nginx will continue to throw 500 and not convert
it to 502 ?
App is down or not available. My understanding is nginx will throw 503 not 502 in this case ?
App is taking more time to process than nginx default connection time out. My understanding is nginx will throw 504 in this case ?
If all above points are correct not sure when 502 will be thrown by nginx ? When NGINX will consider the response received from upstream server as invalid response ?
NGINX will not alter the 500 from the app as long as it doesn't step on a problem contacting / fetching data from Apache. E.g. it's a perfectly possible situation that your app will generate a 500, but a problem in NGINX communication against Apache will result in a different 50x, so that 50x is the one the client will see.
If Apache is completely down, you should be getting a 502 (bad gateway), because, in your setup, Apache is the gateway for NGINX. The same will happen if NGINX does not "like" Apache's response in a way, e.g. when Apache sends a response which has headers exceeding NGINX's proxy_buffer_size
Yes, you should be getting 504 (gateway timeout), when Apache/app is timing out in relation to NGINX timeouts
See point 2. And the following: NGINX will simply passthrough whichever response code from the upstream (as in gateway = Apache), so it doesn't need to take any consideration on whether a given response is invalid in terms of response codes, by default.
You can have NGINX take error response codes coming from Apache in consideration and act differently by use of proxy_intercept_errors, which combined with error_page, can allow you to "rewrite" response codes / error messages from Apache, e.g. to "masquarade" app failures as Service Unavailable:
error_page 500 =503 /503.html;
proxy_intercept_errors on;
I am using calculate route API to calculate distance and time from origin to destination. Wanted to validate some error codes that I have observed in error code documentation.
One of which is 500 Internal error.
Description for this says "There is a server configuration issue" can I get a clear reason for cause of this error! What does server configuration Issue mean?!
Response status codes beginning with the digit "5" indicate cases in which the server is aware that it has erred or is incapable of performing the request.
500 Internal Server Error
The server encountered an unexpected condition which prevented it from fulfilling the request.
501 Not Implemented
The server does not support the functionality required to fulfill the request. This is the appropriate response when the server does not recognize the request method and is not capable of supporting it for any resource.
502 Bad Gateway
The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request.
503 Service Unavailable
The server is currently unable to handle the request due to a temporary overloading or maintenance of the server. The implication is that this is a temporary condition which will be alleviated after some delay. If known, the length of the delay MAY be indicated in a Retry-After header. If no Retry-After is given, the client SHOULD handle the response as it would for a 500 response.
504 Gateway Timeout
The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server specified by the URI (e.g. HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed to access in attempting to complete the request.
505 HTTP Version Not Supported
The server does not support, or refuses to support, the HTTP protocol version that was used in the request message. The server is indicating that it is unable or unwilling to complete the request using the same major version as the client, as described in section 3.1, other than with this error message. The response SHOULD contain an entity describing why that version is not supported and what other protocols are supported by that server.
These are both timeout errors, but who is timing out in a 408 vs. a 504?
From w3, 408 is defined as:
The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time.
...And 504 is:
The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server specified by the URI (e.g. HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed to access in attempting to complete the request.
So who is the 'client' in the 408 if not an intermediary server? If it's an actual end user, how does a server know to wait for their request before they have made it?
The client is the browser or client application. The server knows to wait for a request because it has accepted a connection, or already read part of the request, say a header or two.
Amazon documentation tells: http://docs.aws.amazon.com/en_en/elasticloadbalancing/latest/classic/ts-elb-error-message.html#ts-elb-errorcodes-http408
Indicates that the client cancelled the request or failed to send a full request
Mozilla documentation tells: https://developer.mozilla.org/en/docs/Web/HTTP/Status/408
The HTTP 408 Request Timeout response status code means that the server would like to shut down this unused connection. It is sent on an idle connection by some servers, even without any previous request by the client
I am facing this issue since last two 2days.i have also talk to hosting server but nothing happend and i have to resolve this today.can you please help me to resolve.
ERROR 504 - GATEWAY TIMEOUT
Why am I seeing this page?
The server that your request has reached is acting as a gateway or proxy to fulfil the request made by your client.
Web Browser => Web Front-End => Web Back-End
This server (Web Front-End) received an invalid response from an upstream (Web Back-End) server it accessed to fulfil the request.
In most cases this will not mean that the upstream server is down, but rather that the upstream server and the gateway/proxy do not agree on the protocol for exchanging data.
This problem is most commonly caused when there is a problem with IP communications between the Web Front and Back-Ends. Before you attempt to resolve this problem you should clear your browser cache completely.
Our support staff will be happy to assist you in resolving this issue. Please contact our Live Support or reply to any Tickets you may have received from our technicians for further assistance.
If a website depends on an upstream database or other abstracted service or store - basically most websites known to man - then when the upstream requests dies with a timeout, should I return a 503 or a 504?
503 Service Unavailable
The server is currently unavailable (because it is overloaded or down
for maintenance). Generally, this is a temporary state. Sometimes,
this can be permanent as well on test servers.
504 Gateway Timeout
The server was acting as a gateway or proxy and did not receive a
timely response from the upstream server.
The 504 feels more designed for proxy servers, caches or other web infrastructure, but the 503 is not right either since the service is fine, the current request just happened to die, perhaps a search might have been to broad or something.
So which is 'right' according to HTTP?
Luke
503 sounds appropriate if this is a temporary condition that will be resolved simply by waiting. http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html states: "The implication is that this is a temporary condition which will be alleviated after some delay."
500 also sounds appropriate. The RFC states: "The server encountered an unexpected condition which prevented it from fulfilling the request." An unresponsive database is an exceptional/unexpected case.
IMO, what it comes down to is this: Are you providing an error code that will help callers (i.e. HTTP clients) respond to the situation? In this case, there is really nothing a client can do other than to try again later. Given this, I would keep it simple and return 500. I think clients are more likely to care if the site is available and less likely to care about the specific reason. Plus fewer response codes makes it easier to code clients. Again this is just my opinion.