Solution for 502 Bad Gateway | Prevent Server Errors

Fix for 502 Bad Gateway when loading your website

Visiting your website and see that it keeps loading? After a long wait, the annoying message appears: 502 Bad Gateway. What exactly does this mean, and what can you do to prevent this?

 502 bad gateway message

What causes a 502 Bad Gateway?

When your website throws a 502 error, it means that something is wrong between the server and an external connection. The most common cause is PHP processes crashing due to a stuck external connection. This is mostly annoying, but there are ways to reduce the risk of this happening again.

How does it work?

To understand the problem, it is good to understand how PHP requests are handled. With every request to your website, a PHP worker is deployed to process that request. Once it is done, the worker is released for new requests.

But imagine that your application (e.g. cURL or Guzzle) calls an external service, like a weather report. Normally this takes less than a second. But if that external service is slow or unresponsive, your application will be waiting, and the PHP worker will be busy.

If this happens repeatedly, all PHP workers can become busy, and new visitors will no longer be able to access the site, resulting in a 502 Bad Gateway.

What can you do to prevent this?

Unfortunately, there is no permanent solution to this problem. Even increasing the number of PHP workers only helps temporarily. But there are some steps you can take to reduce the chance of problems:
  1. Control which cURL requests your application makes and only do so when strictly necessary.
  2. Use APM tools such as New Relic or Datadog to quickly see which external endpoint is crashing.
  3. Reduce the standard cURL request timeout from 30 seconds to, for example, 5 seconds.
  4. Have a workaround in place that allows you to temporarily pause external connections.
By following these steps, you will reduce the chances of encountering a 502 Bad Gateway error and keep your website running smoothly.

    • Related Articles

    • Protect your website against Clickjacking

      Some time ago we received a report via our security bounty program . An observant participant had discovered that our website was vulnerable to clickjacking. Clickjacking is a technique in which malicious parties trick users into clicking on ...

    • Common HTTP Error Codes and Solutions

      It can happen that your website suddenly becomes unavailable, with a three-digit error code on your screen. What now? We discuss the six most common HTTP error codes, what they mean, and how to fix them. 401 Error - Unauthorized A 401 error means ...

    • Limiting the nuisance of Bots, Crawlers and Spiders

      Bots and crawlers help search engines like Google find and rank your website. But too much activity from these bots can slow down your website’s performance. Here, we’ll discuss how to stop unwanted bots and make your website run faster and more ...

    • The 404 Feeling – What To Do

      We all know it: you click on a link and suddenly you see a 404 page – “Page not found”. This simply means that the page you were looking for does not exist (anymore). Very frustrating, especially if you just saw that one interesting link and wanted ...

    • Suppress SSH login notifications

      We regularly see that the so-called deploy services suffer from output that we generate when logging in via SSH (e.g. pre-login/motd). This output has the function to show the user important information, but in the case of automatic processes this is ...