I am facing this issue since last two 2days.i have also talk to hosting server but nothing happend and i have to resolve this today.can you please help me to resolve.
ERROR 504 - GATEWAY TIMEOUT
Why am I seeing this page?
The server that your request has reached is acting as a gateway or proxy to fulfil the request made by your client.
Web Browser => Web Front-End => Web Back-End
This server (Web Front-End) received an invalid response from an upstream (Web Back-End) server it accessed to fulfil the request.
In most cases this will not mean that the upstream server is down, but rather that the upstream server and the gateway/proxy do not agree on the protocol for exchanging data.
This problem is most commonly caused when there is a problem with IP communications between the Web Front and Back-Ends. Before you attempt to resolve this problem you should clear your browser cache completely.
Our support staff will be happy to assist you in resolving this issue. Please contact our Live Support or reply to any Tickets you may have received from our technicians for further assistance.
Related
I work in an organisation where a TMG server with port forwarding has been used successfully for a number of years to forward all http traffic to https for a particular web application. This meant that http or https would work on URLs for that web application.
Recently this was seen as a security risk and http is no longer being advertised. For users this has caused an issue where all the links they had which were originally http no longer work and they are having to update all their links to https.
I can't quite figure out what the vulnerability is, and if someone could shed some knowledge I would really appreciate it.
How I understand it, there are 2 paths http and https. The TMG server essentially acts as the gatekeeper that sits in front of the organisations network and forces all http traffic down the https route instead, so at no point is there any http traffic into the network.
Thanks in advance.
I used the security stack exchange site as suggested by Guy Incognito which provided great explanations. https://security.stackexchange.com
See my post here:
https://security.stackexchange.com/questions/234742/is-http-to-https-port-forwarding-a-vulnerability/234751#234751
Let's say we are initiating oauth flow from our server and the provider times out. What do we return as status code? 503 for try again later or 504 to state some other server timed out?
I think 502 are the most appropiate in this case
502 Bad Gateway
A 502 error means that a website server that is serving as a reverse
proxy for the website origin server (for example, a CDN PoP) did not
receive a valid response from the origin server. This may be because
the origin server is experiencing issues, there is an invalid or
incorrect DNS name, or because a firewall on the origin server has
blocked the reverse proxy server request.
This may also occur when requests at the origin server are taking
several minutes to complete and a caching tool such as Varnish Cache
has been instructed to timeout after a set number of seconds. Varnish
Cache has a default timeout of 60 seconds, which section.io recommends
keeping for security and alerting reasons.
504 Gateway Timeout
Similar to the 502 error, the 504 Gateway Timeout error occurs if the
server that is acting as a proxy for the website origin server did not
receive a response from the website origin server within a set time
period. This may indicate an issue with the DNS host or hosting
company, or with the connection or configuration between the reverse
proxy servers and the website origin server.
More info here https://www.section.io/blog/504-503-errors-difference/
There is already an interesting question that has a similar context as yours, and there are a varied number of choices that you choose from.
Maybe have a quick look at this question.
In my opinion, from all the above-mentioned choices of HTTP status codes, I would recommend using 419 that states the following as per the documentation:
419 Authentication Timeout
Not a part of the HTTP standard, 419 Authentication Timeout denotes that previously valid authentication has expired. It is used as an alternative to 401 Unauthorized in order to differentiate from otherwise authenticated clients being denied access to the specific server
We have a payment gateway integration that posts data to a third party URL. The user then completes their payment process and when the transaction is complete the gateway posts back to a URL on our server.
That post is failing and the gateway are reporting the following error:
ERROR 13326: Couldn't speak to ServerResultURL [https://foo.com/bar].
Full Error Details: The underlying connection was closed: An unexpected error occurred on a send.
Response object is null
When I post direct to https://foo.com/bar I get a 200 response as I'd expect so I'm not sure where this is falling down.
This is on an Ubuntu box running nginx.
What could be causing that issue and how can I find more detail about it and a way to resolve it?
EDIT:
For brevity the example above is on a URL of /bar but the reality is that I have a rewrite in place (see below). The URL that actually gets posted to is /themes/third_party/cartthrob/lib/extload.php/cardsave_server/result so I'm not sure if the rewrite below is what's causing an issue.
I would still assume not as I do get a 200 response when posting via POSTMAN.
# http://expressionengine.stackexchange.com/questions/19296/404-when-sagepay-attempts-to-contact-cartthrob-notification-url-in-nginx
location /themes/third_party/cartthrob/lib/extload.php {
rewrite ^(.*) /themes/third_party/cartthrob/lib/extload.php?$1 last;
}
Typical causes of this kind of error
I bet your server is responding to the POST to /bar with something that the gateway (PaymentSense, right?) doesn't expect. This might be because:
The gateway can't reach your Ubuntu box over the network, because a firewall or network hardware between the two is blocking it.
Your https cert is bad / expired / self-signed, and the gateway is refusing the connection.
A misconfiguration of NGINX or your web application software (PHP, I imagine? or whatever nginx is serving up) is causing /bar to respond with some odd response, like a 30x, or a 50x error page, or possibly with just the wrong response, such as an HTML page.
Something else is wrong with the response to the POST.
The script/controller running at /bar could be getting unexpected input in the POST request, so you might want to look at the request coming in.
You have a network connectivity issue.
I'll leave the first two items for you to troubleshoot, because I don't think that's what you're asking in this question.
Troubleshooting NGINX Responses
I recommend configuring it to dump its response into an nginx variable using body_filter_by_lua so that you can see what response is coming out. A good example of how to set this up is available here. I think that will lead you understand why /bar is not behaving.
Troubleshooting NGINX Requests
If that isn't revealing the cause of this, try logging the request data. You can do that with something like:
location = /bar {
log_format postdata $request_body;
access_log /var/log/nginx/postdata.log postdata;
fastcgi_pass php_cgi;
}
Review the request headers and body of this POST, and if the error isn't immediately apparent, try to replay the exact same request (using an HTTP client that gives you complete control, such as curl) and debug what is happening with /bar. Is nginx running the script/controller that you think it should be running when you make an identical POST to /bar? Add logging to the /bar script/controller process.
Use interactive debugging if necessary. (This might require remote Xdebug if you're working with PHP, but no matter what you're using on your server, most web application tools offer some form of interactive debugging.)
Network Troubleshooting
If none of this works, it's possible that the gateway simply can't reach the host and port you're running this on, or that you have some other kind of network connectivity issue. I would run tcpdump on your Ubuntu box to capture the network traffic. If you can recreate this on a quiet (network) system, that will be to your advantage. Still, it's TLS (https), so don't expect to see much other than that the connection opens and packets are arriving. If you find that you need to see inside the TLS traffic in order to troubleshoot, you might consider using mitmproxy to do so.
I'm trying to diagnose a web service that sits behind some load balancers and proxies. Under load, one of the servers along the way starts to return HTTP 504 errors, which indicates a gateway timeout. With that background out of the way, here is my question:
When a proxy makes a request to the destination server, and the destination server receives the request but doesn't respond in time (thus exceeding the timeout), resulting in a 504, what happens when the destination server does eventually respond? Does it know somehow that the requestor is no longer interested in a response? Does it happily send a response with no idea that the gateway already sent HTTP error response back to the client? Any insight would be much appreciated.
It's implementation-dependent, but any proxy that conforms to RFC 2616 section 8.1.2.1 should include Connection: close on the 504 and close the connection back to the client so it can no longer be associated with anything coming back from the defunct server connection, which should also be closed. Under load there is the potential for race conditions in this scenario so you could be looking at a bug in your proxy.
If the client then wants to make further requests it'll create a new connection to the proxy which will result in a new connection to the backend.
Gateway Timeout The proxy server did not receive a timely response from the upstream server in .net application.
Will any changes require in IIS to solve the issue. This issue based on server problem
basically i uploaded more than 200 mb file using .net web application. its working good in dev server but it move to quality server it shows the gateway timeout issue
Kindly help me out to solve the issue.
Thanks in Advance,
SASIDHAR C