When an application malfunctions, crashes, or delays, you may see the following message:
As the image describes, Sucuri WAF cannot get a response from the site’s hosting server. To resolve this issue, carefully read each of the following common causes topics and follow the instructions correctly.
Contact your hosting provider or system administrator to make sure there the server is not overloaded or if they have changed your hosting IP address.
If you are managing your own server or want to be sure that the analyzes you have received is accurate, retrieve the server usage statistics and internal logs from the past hours, access and errors logs, including those generated by the operating system itself.
Sucuri’s support team is unable to assist on hosting server troubleshooting, but most of the time the issue is regarding a resouce shortage, a broken software update or even a security block (more on this later). Compare the 5xx access log entries’ timestamps (if any) with the error logs of the operating system and web server as any suspicious error entries on the logs could provide valuable information upon online searching.
In case the hosting IP address has changed, please proceed to this article (click here).
Security Softwares Blockage
Sucuri WAF is based on reverse proxying technology. This allows us to inspect every single network packet sent to your website and stop malicious requests from even reaching your site. However, at the network level, your hosting server will see that the entire traffic is coming from specific locations on the world and these locations are the Sucuri Firewall points of presence (PoPs).
For security softwares running on the hosting side, this may seem like an attack as the traffic volume is concentrated on a few dozen of IP addresses, but they are actually Sucuri’s IP addresses. If the traffic isn’t comming from Sucuri data centers, then it’s a problem cause it’s necessary to set up bypass prevention rules to prevent anyone from acessing your website without the Sucuri protection, but this is a matter for another article.
To tell your server security softwares not to block any of the Sucuri Firewall IP addresses, you simply need to contact your hosting provider or system administrator and ask them to whitelist our IP addresses:
220.127.116.11/23 18.104.22.168/22 22.214.171.124/22 126.96.36.199/22 2a02:fe80::/29
If you are managing your own server, check which security software is running on the server and look in their documentation for whitelisting IP addresses. The most common software used are mod_security, fail2ban, CSF, iptables or even security plugins running on your CMS.
Our IP addresses ranges are proprietary and rarely change, and if we do, we will notify you by email in advance.
To protect your website against a few types of DDoS attacks, Sucuri WAF has a timeout of 180 seconds. From our experience this is more than enough time for a regular application to respond and should not cause any issues under normal circustances.
If the application takes more than 180 seconds to response, the WAF will serve a 504 error message. This is likely an application malfunction and that needs to be investigated by the development team.
Unfortunately, it is not currently possible to customize the response timeout, but there are some workarounds that may be helpful in resolving this issue:
- Optimize your database
Most databases engines have bult-in optimizing functions that reorganizes the data reducing space and improving I/O efficiency. We recommend checking with your hosting provider or system administrator how to do this procedure correctly in your database engine.
If you are running a popular CMS such as WordPress, Drupal or similar, the chances are you’re running MySQL/MariaDB database and you will likely find a software called phpMyAdmin or Adminer on your hosting panel. Check this article to understand how to proceed with the optimization but remember to backup all your data before.
- Fractionate the process
If timeout occurs only when performing long or resource-intensive operations such as product import/export, bulk edits, etc., consider splitting the process into smaller processes.
This should aliviate the load on the server and allow the operation to run smoothly.
- Control the output
Programming languages usually have functions to control the output of a request, either to buffer so it’s served as a single part (Output Buffering) or to send chunked responses (Streaming).
To avoid timeouts, you must change the application code to implement the streaming technique. That way responses in fixed or variable length chunks are sent to the browser while the web server is still working on the request.
Be aware that this must be done by a professional and may require profound structural changes in the application. To understand more about HTTP Output Buffering and Streaming, we recommend reading this article.
- Bypass the WAF
Sometimes it may not be viable to split the process or change the code; therefore, your last option would be to bypass WAF on the connection so that your request goes directly to the hosting server. This is described in great detail in this article.
Big HTTP Headers
In rare cases, your application may be sending giant HTTP headers (larger than 16 KB) and the request would time out. The best way to eliminate this possibility is by opening your browser’s Developer Tools and inspecting the size of the response headers.
Based on cases we received until this date, the issue was due to the applcication using a lot of "Set-Cookies" headers for tracking purporses or was repeatedly sending the same HTTP headers.
If you have followed all the procedures specified in this article but your site is still unresponsive, please open a support ticket so we can try to help you.