Web Application Firewall (WAF) troubleshooting guide
The WAF is optimized for all types of websites, including those on a CMS or built with custom code, but settings adjustments might be necessary to ensure proper function for your site. If you're experiencing any issues, use this guide to help troubleshoot.
HTTP status errors
The WAF will rarely produce errors but there are aspects of the firewall that might cause your hosting server to respond with an error. Listed below are some common HTTP status errors that you might encounter and information on next steps to take to troubleshoot.
| Error Code | Explanation |
|---|---|
| 302 | Redirect loops are usually identified with an error in the browser and aren't caused by the firewall, but the firewall can be caching the bad behavior. Check the firewall SSL settings, if the Protocol Redirection setting is set to 'HTTP only site' or 'HTTPS only site', switch to 'Disabled'. |
| 401 | These are messages from the host indicating you are required to log in to see this resource. |
| 404 | The 404 Not Found error can affect your whole site or just a single URL or resource.
|
| 500 and 501 | These are typically accompanied by an Internal Server message. They will always originate on the hosting server and are usually related to some misconfiguration. Check the hosting error logs to find the cause. |
| 502 | These errors are normally caused by a firewall on the hosting server blocking the WAF IPs. Be sure the following firewall IP ranges are allowed on any security plugin/software enabled on the hosting server:
|
| 503 | These are due to resource issues, misconfigurations, or database errors. Similar to the 502 error, a 503 error can also occur due to blocked firewall IPs. Check the host’s access and error logs to find a cause. This could also be due to abnormal load due to a DDoS attack. Website Errors: 503 Service Temporarily UnavailableCheck my account's resource usage |
| 504 | Most often 504s are caused by the host failing to respond to a request within the firewall timeout limit, but can also be caused by a firewall on the hosting server blocking the WAF IPs. If you are unable to find the cause, open a ticket to request the firewall error logs and verify them with the hosting server error logs to find the cause. 502, 504 or redirect error when I open my website after Web Application Firewall (WAF) setup |
Caching issues
SSL certificate errors
The SSL certificate applied to the WAF can be configured in one of two ways:
- GoDaddy/Starfield: The system generates an SSL for your site automatically after the DNS change, which causes a brief interruption of functionality while the certificate is generated and validated.
It isn’t possible to use the included SSL without experiencing a bit of downtime during the initial setup via this method. Uploading a custom SSL is the only way to avoid this window of downtime. If you use the included SSL certificate, it will auto renew every 90 days.
- Custom SSL: This is the most straightforward approach if you already have an SSL certificate. Copy and paste the content of the SSL certificate (.crt) and private key (.key) to our system prior to the DNS change. Once the DNS propagation completes and the firewall is enabled, the browser will see the custom SSL certificate you've uploaded.
You will need to renew your custom SSL certificate manually and upload it to the firewall settings again when the certificate has reached the expiration date.
Configure my SSL certificate to work with the Web Application Firewall (WAF)
WAF signature block
- Allow access to a file or folder that shows an Access Denied security warning
- WAF block signatures
- If you need help troubleshooting and resolving these issues, it’s important to give our team the entire text content of the block message, include: IP address, URL, and block ID. It’s also useful to know how to replicate the block.
More info
- Prevent Web Application Firewall (WAF) bypass
- If you're still encountering issues, please feel free to request website security help.