I am experiencing connection problems and HTTP errors with my Load Balancer

You may experience connection problems and HTTP errors when attempting to connect to an application served via your Load Balancer.

This page helps you find solutions to some of these most common errors.

I am getting a 400 Bad Request error when accessing my application through my Load BalancerLink to this anchor

You may find that when attempting to connect to the domain linked to your Load Balancer / the application being served by your backend servers, you receive a 400 Bad Request error.

CauseLink to this anchor

400 Bad Request errors occur when the backend servers cannot process a request due to client-side issues, or an incompatibility in the way that requests are passed through the Load Balancer and received by the backend server.

SolutionsLink to this anchor

• Try accessing your application directly, and not through your Load Balancer, to eliminate the possibility that the problem does not come from the Load Balancer. Use a tool such as cURL or Postman to compare headers and body content to check how the Load Balancer is modifying requests.
• Check your Load Balancer’s Grafana dashboard for any additional information about the way the request was handled.
• Verify your certificate and SSL bridging/offloading/passthrough settings. For example, if SSL is terminated at the Load Balancer, but the backend expects HTTPS, requests may be rejected.
• Check if Proxy Protocol is enabled on your Load Balancer. If your backend server is not configured to handle Proxy Protocol headers correctly, it may reject the requests. Try disabling Proxy Protocol on your Load Balancer to see if it resolves the issue. If the issue is resolved when Proxy Protocol is disabled, ensure your backend server is correctly configured for Proxy Protocol before re-enabling.

I am getting a 503 Service Unavailable error when trying to access my application through my Load BalancerLink to this anchor

You may find that when attempting to connect to the domain linked to your Load Balancer / the application being served by your backend servers, you receive a 503 Service Unavailable error.

CauseLink to this anchor

503 Service Unavailable errors occur when backend servers are unable to handle requests due to overload or maintenance issues. It indicates that the server cannot currently fulfill the request, but may be able to in the future.

SolutionsLink to this anchor

• Check the health of your backend servers. If the servers are failing their health checks, this is likely to be the reason for the error. Investigate the reason for the failing health check, and reconfigure your server or health check settings as necessary.
• Check that your Load Balancer is not exceeding its bandwidth. Each Load Balancer type has a maximum bandwidth it can handle. If you are exceeding this bandwidth, a 503 error is likely. Check your Load Balancer’s metrics, and resize your Load Balancer if necessary.
• Check your Load Balancer’s backend protection settings, and compare with Cockpit data. If backend protection compared to request/connection volume is set in such a way that all backend servers are becoming overloaded, you may need to add additional backend servers or adjust your backend protection settings.

I am getting SSL protocol errors when trying to access my application through my Load BalancerLink to this anchor

You may find that when attempting to connect to the domain linked to your Load Balancer / the application being served by your backend servers, you receive an error similar to one of the following

ERR_SSL_PROTOCOL_ERROR

SSL_ERROR_PROTOCOL_VERSION_ALERT

This site can't provide a secure connection
OpenSSL/3.0.14: error:0A00010B:SSL routines::wrong version number

CauseLink to this anchor

There is a mismatch between the SSL/TLS protocol versions or configurations between the client and the Load Balancer / its backend servers. This can prevent you from being able to establish a secure connection to your application.

SolutionLink to this anchor

• Check that the client or backend servers are not using older SSL protocols such as SSLv2 or SSLv3, which are considered insecure.
• Ensure that you have correctly configured SSL bridging, offloading or passthrough on your Load Balancer, depending on your use case.
• Ensure that you have not confused activation of the Proxy Protocol setting as anything to do with SSL bridging, offloading or passthrough, as it is unrelated.