Note: If any error occurs while you access your website, we recommend searching for the error code and view the description first. A list of error codes is provided, at the end of this document.
- Based on the error code, you can determine which of the following categories the error belongs to:
- Network communication errors
- Port communication errors
- Firewall configuration errors
Network communication errors
Network communication error of Linux instances
Run the network test commands
ip addrto check the IP address.
route -nto check the gateway in the instance routing table.
Network communication error of ECS Windows instances
Open CMD and run the network test command
ipconfigto check the IP address.
route printto check the gateway in the instance routing table.
- If the NIC driver is disabled or the NIC driver is configured inappropriately, check the NIC driver and reinstall it.
- For network testing tools, see link testing tool for ping packet loss or ping failure.
Port communication errors
Port communication errors of Linux instances
netstat –antpu | grep sshdto view the running status of the sshd service and check whether the port is listened on.
Run the following commands to check the running status of the service:
service sshd status
systemctl status sshd
- If the sshd service does not run normally, run the following command to manually start the sshd service:
service sshd restart
systemctl restart sshd
View sshd AppLog
If sshd cannot be started, CentOS 6 prompts an error message, but for CentOS 7 you must check the error message in the secure log. sshd log:
Most sshd startup exceptions can be identified by viewing the error messages in the secure log.
Port communication errors of Windows instances
Run the port test command:
Tasklist /svc | findstr “Ter”
netstat –ano | findstr “$PID”
Firewall configuration errors
Windows instance is accessible once then firewall is turned off
Prerequisites: You must have the access to turn off the firewall.
Change your firewall rule.
Try to connect again.
Linux instance with SSH is accessible once Iptables is turned off
Prerequisites: You have the access to turn off Iptables.
iptables -nvL –line-numberto view the firewall rules:
n Do not check the IP address. With this parameter, the display speed can be immensely improved.
v Output the details, including the number of data packets and the total number of bytes through Iptables, and relevant network APIs.
L Check all the rules of the current table. The default table is the filter table. If you want to check the NAT table, you can add the parameter
Change the rules.(If you have configured the rules, run
cp -a /etc/sysconfig/iptables /etc/sysconfig/iptables.bakto save a copy of the existing Iptables in case you have to retrieve it.)
iptables -Fto clear all the rules on the instance.
iptables -P INPUT DROPto reject all the INPUT requests.
Note: This action may lead to Internet disconnection. Proceed with caution if you are dealing with online business.
Run the following commands to open port 22:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
Run the following command to specify an IP that can access port 22:
iptables -I INPUT -s 192.168.1.1 -p tcp --dport 22 -j ACCEPT
Note: 192.168.1.1 is the IP address of the client.
iptables -Lto check whether the new rules are enabled.
iptables-save > /etc/sysconfig/iptablesto save the new rules.
service iptables restartor
/etc/init.d/iptables restartto restart Iptables.
systemctl rebootto restart the instance and verify the configurations.
Try SSH connection again.
Reconfigure public network rules of security group
Cause: The default rules of the security group does not open the port (such as port 80) used by the website. Follow these steps to open it manually:
- Log on to the ECS console and find the instance.
- Click the instance ID to enter the details page, then click Instance Security Groups > Configure Rules > Add Security Group Rules.
- Create a new rule by adding the port used by the website, and click OK.
For more information, see add a security group rule.
Common errors and descriptions
The common errors and descriptions are as follows:
403: 403 errors are usually because of the lack of permissions. The common solution is to grant permission to specified resources.
- 403.1 This error occurs because Execute access is not enabled. When you try to run CGI, ISAPI, or other executable programs from a directory that does not allow executables to run, this error is returned.
- 403.2 This error occurs because Read access is not enabled, or no default webpage is available, or directory browsing is not enabled, or the dictionary where the HTML webpage resides is only enabled executable or script access.
- 403.3 This error occurs because Write access is not enabled. When you try to upload a file to a directory or modify a file in a directory that does not allow write access, this error is returned.
- 403.4 This error occurs because SSL is required. You must use HTTPS in the URL.
- 403.5 This error occurs because your browser does not support 128-bit encryption, but the website hosted on your ECS instance is configured to have a 128-bit Secure Sockets Layer (SSL) connection. Upgrade your browser to resolve this problem.
- 403.6 This error occurs because your IP address is rejected. If the server defines a list of IP addresses that cannot access the website, and the IP address you are using is in the list, this error message is returned.
- 403.7 This error occurs because the website requests a client certificate from your Web browser.
- 403.8 This error occurs because the server has a list of DNS names that are not allowed to access the site, and the DNS name you are using is in this list. Note the difference between 403.6 errors and 403.8 errors.
- 403.9 This error occurs because too many users are trying to connect to the website. The Web server is throttled by too much traffic.
- 403.10 This error occurs because the Web server is configured to deny Execute access. When you try to run CGI, ISAPI, or other executable programs from a directory that does not allow executables to run, this error is returned.
- 403.11 This error occurs because the password to access the website has been changed.
- 403.12 This error occurs because your client certificate map has been denied access to this website. The website you are trying to view requires the use of a valid client certificate.
- 403.13 This error occurs because the website you are trying to view requires a valid client certificate, but your certificate is either revoked, or the Web server cannot verify your certificate.
- 403.14 This error occurs because the website does not have the Directory Browsing feature enabled, but the Web server is configured to deny directory listing.
- 403.15 This error occurs because when the client connection to the Web server has exceeded its limit.
- 403.16 This error occurs because of untrusted or invalid client certificate.
- 403.17 This error occurs because your client certificate is expired or is not yet enabled.
404: It indicates that the status of the webpage is invalid. This error occurs because the Web server cannot locate your request. It can be caused by the following cases:
- The website cannot be accessed on the requested port.
- The request is blocked by a Web service extension.
- The request is blocked by the MIME mapping policy.
- The website is updated or revised with some contents unchanged, but resources called by these contents are deleted or the paths got changed.
- The scripts or CSS files you attempt to follow are invalid, but the code to call them still exists.
- The directory of the resources you are trying to follow is deleted.
- The URL you are trying to open is rendered invalid because its URL forwarding syntax was changed, or the directory or the directory name of the website was changed, or there is a typo in the URL.
502: The 502 Bad Gateway occurs because the Web server is not properly configured. You can view the Web access logs to verify the setting parameters.
503: 503 is also an error code that indicates the invalid status of a webpage like 404. The difference is that 404 is for Web server errors, and 503 is for Web application errors. It can occur in the following conditions:
- The network administrator closes the application pool to perform maintenance.
- The application pool is throttled when your request arrives.
- The application pool identity is not the built-in identity called Network Service, but an identity configured by the user, which is not included in IIS_WPG group.
- CPU monitoring is enabled for the application pool, and when the CPU usage exceeds a certain limit, the pool closes. If the executable files (.asp, .aspx) are low in efficiency, it can cause a sustained high CPU that may exceed the CPU limit.
- The value for application pool queue-length limit is too small (1000 by default).
- The directory of the resources you are trying to follow is deleted.
- The URL you are trying to open is rendered invalid because of the reasons such as its URL forwarding syntax was changed, the directory or the directory name of the website was changed, or there is a typo in the URL.
- The Web server is under a DDoS attack, which floods the targeted Web server’s Apache with superfluous requests in an attempt to overload it and prevent some or all legitimate requests from being fulfilled, even crashes the Web server. Our resolution is to give each Apache a limit of 64 php requests every 19 seconds. Note that we only limit the php requests. The picture requests and HTML requests are not included.
- The application that is not optimized occupies too many php threads. One request of the application may generate several, or even dozens of php threads. In this case, a few requests can fill up all the 64 php threads, and the 503 error occurs. We recommend you optimize the application and minimize the use of statements such as require.
If the issue is still not resolved, save the output that you have received while troubleshooting, the log and relevant screenshots, and open a ticket for further assistance.