Azure Application Gateway Access logs show 502 with ERRORINFO_NO_ERROR but backend responses are 200 OK

Tinu Thomas 0 Reputation points
2024-04-18T17:23:14.2066667+00:00

I can see a lot of Application Gateway Access logs (200+ in the last 7 days) that show httpstatuscode_d as 502 when I fire the below query:

AzureDiagnostics 

| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayAccessLog" and httpStatus_d == 502

All of the logs have the error_info_s as ERRORINFO_NO_ERROR and the WAFMode_s is DETECTION.

I have looked into the corresponding backend app service transactions for these logs and they all show that the backend calls were successful with 200 OK responses.

My WAF policy mode is DETECTION and not PREVENTION, so my assumption is that it cannot be the firewall?

This is concerning since the testing team has reported seeing these 502 errors while doing a performance testing on the application.

Thanks in advance for the help!

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
960 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 47,421 Reputation points Microsoft Employee
    2024-04-22T12:15:55.4133333+00:00

    Hello @Tinu Thomas ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    As per the Application gateway troubleshooting document,

    User's image

    Refer: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-troubleshooting-502

    502 error is not related to WAF. It could happen due to various reasons.

    Could you please check the backend health of your Application gateway and share the details?

    Refer: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-backend-health-troubleshooting#how-to-check-backend-health

    Also, could you please let me know if you are using HTTP or HTTPS? 502 errors can also occur due to Improper bundling of Certificates.

    Refer: https://learn.microsoft.com/en-us/answers/questions/51336/appgateway-v2-certificate-issue

    Few other steps that you could try:

    • Stop and start Application Gateway.

    https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-faq#how-can-i-stop-and-start-application-gateway

    https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-faq#why-am-i-seeing-502-errors-or-unhealthy-backend-servers-after-i-changed-the-dns-servers-for-the-virtual-network

    • If you are using a custom domain to access the Azure Application gateway, make sure the backend App services are configured with the same custom domain as the hostname in the incoming request should match with the default domain or custom domain hosted in the backend.

    Refer: https://learn.microsoft.com/en-us/azure/application-gateway/configure-web-app?tabs=customdomain%2Cazure-portal

    https://learn.microsoft.com/en-us/azure/architecture/best-practices/host-name-preservation

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments