edit-icon download-icon

Unable to access the websites running on ECS Instances

Last Updated: Dec 14, 2018

Note: If any error occurs while you access your website, we recommend searching for the error code and view the description first. A list of error codes is provided, at the end of this document.

Troubleshooting steps:

Network communication errors

Network communication error of Linux instances

  1. Run the network test commands ifconfig and ip addr to check the IP address.

    ifconfig

    ip_addr

  2. Run route -n to check the gateway in the instance routing table.

    gateway

Network communication error of ECS Windows instances

  1. Open CMD and run the network test command ipconfig to check the IP address.

  2. Run route print to check the gateway in the instance routing table.

Note:

Port communication errors

Port communication errors of Linux instances

  1. Run netstat –antpu | grep sshd to view the running status of the sshd service and check whether the port is listened on.

    sshdservice

  2. Run the following commands to check the running status of the service:

    CentOS6:service sshd status
    CentOS7:systemctl status sshd

    • If the sshd service does not run normally, run the following command to manually start the sshd service:

    CentOS6:service sshd restart
    CentOS7:systemctl restart sshd

  3. View sshd AppLog

    • If sshd cannot be started, CentOS 6 prompts an error message, but for CentOS 7 you must check the error message in the secure log. sshd log:/var/log/secure

    • Most sshd startup exceptions can be identified by viewing the error messages in the secure log.

Port communication errors of Windows instances

Run the port test command:

  1. Tasklist /svc | findstr Ter
  2. netstat ano | findstr $PID

remoteport

Firewall configuration errors

Windows instance is accessible once then firewall is turned off

Prerequisites: You must have the access to turn off the firewall.

  1. Change your firewall rule.

  2. Try to connect again.

Linux instance with SSH is accessible once Iptables is turned off

Prerequisites: You have the access to turn off Iptables.

  1. Run iptables -nvL –line-number to view the firewall rules:

    • n Do not check the IP address. With this parameter, the display speed can be immensely improved.

    • v Output the details, including the number of data packets and the total number of bytes through Iptables, and relevant network APIs.

    • L Check all the rules of the current table. The default table is the filter table. If you want to check the NAT table, you can add the parameter -t NAT.

  2. Change the rules.(If you have configured the rules, run cp -a /etc/sysconfig/iptables /etc/sysconfig/iptables.bak to save a copy of the existing Iptables in case you have to retrieve it.)

    1. Run iptables -F to clear all the rules on the instance.

    2. Run iptables -P INPUT DROP to reject all the INPUT requests.

      Note: This action may lead to Internet disconnection. Proceed with caution if you are dealing with online business.

    3. Run the following commands to open port 22:

      1. iptables -A INPUT -p tcp --dport 22 -j ACCEPT
      2. iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
    4. Run the following command to specify an IP that can access port 22:

      1. iptables -I INPUT -s 192.168.1.1 -p tcp --dport 22 -j ACCEPT

      Note: 192.168.1.1 is the IP address of the client.

    5. Run iptables -L to check whether the new rules are enabled.

      iptables -L

    6. Run iptables-save > /etc/sysconfig/iptables to save the new rules.

  3. Run service iptables restart or /etc/init.d/iptables restart to restart Iptables。

  4. Run systemctl reboot to restart the instance and verify the configurations.

  5. Try SSH connection again.

Reconfigure public network rules of security group

Cause: The default rules of the security group does not open the port (such as port 80) used by the website. Follow these steps to open it manually:

  1. Log on to the ECS console and find the instance。
  2. Click the instance ID to enter the details page, then click Instance Security Groups > Configure Rules > Add Security Group Rules.
  3. Create a new rule by adding the port used by the website, and click OK.

For more information, see add a security group rule.

Common errors and descriptions

The common errors and descriptions are as follows:

  • 403: 403 errors are usually because of the lack of permissions. The common solution is to grant permission to specified resources.

    • 403.1 This error occurs because Execute access is not enabled. When you try to run CGI, ISAPI, or other executable programs from a directory that does not allow executables to run, this error is returned.
    • 403.2 This error occurs because Read access is not enabled, or no default webpage is available, or directory browsing is not enabled, or the dictionary where the HTML webpage resides is only enabled executable or script access.
    • 403.3 This error occurs because Write access is not enabled. When you try to upload a file to a directory or modify a file in a directory that does not allow write access, this error is returned.
    • 403.4 This error occurs because SSL is required. You must use HTTPS in the URL.
    • 403.5 This error occurs because your browser does not support 128-bit encryption, but the website hosted on your ECS instance is configured to have a 128-bit Secure Sockets Layer (SSL) connection. Upgrade your browser to resolve this problem.
    • 403.6 This error occurs because your IP address is rejected. If the server defines a list of IP addresses that cannot access the website, and the IP address you are using is in the list, this error message is returned.
    • 403.7 This error occurs because the website requests a client certificate from your Web browser.
    • 403.8 This error occurs because the server has a list of DNS names that are not allowed to access the site, and the DNS name you are using is in this list. Note the difference between 403.6 errors and 403.8 errors.
    • 403.9 This error occurs because too many users are trying to connect to the website. The Web server is throttled by too much traffic.
    • 403.10 This error occurs because the Web server is configured to deny Execute access. When you try to run CGI, ISAPI, or other executable programs from a directory that does not allow executables to run, this error is returned.
    • 403.11 This error occurs because the password to access the website has been changed.
    • 403.12 This error occurs because your client certificate map has been denied access to this website. The website you are trying to view requires the use of a valid client certificate.
    • 403.13 This error occurs because the website you are trying to view requires a valid client certificate, but your certificate is either revoked, or the Web server cannot verify your certificate.
    • 403.14 This error occurs because the website does not have the Directory Browsing feature enabled, but the Web server is configured to deny directory listing.
    • 403.15 This error occurs because when the client connection to the Web server has exceeded its limit.
    • 403.16 This error occurs because of untrusted or invalid client certificate.
    • 403.17 This error occurs because your client certificate is expired or is not yet enabled.
  • 404: It indicates that the status of the webpage is invalid. This error occurs because the Web server cannot locate your request. It can be caused by the following cases:

    • The website cannot be accessed on the requested port.
    • The request is blocked by a Web service extension.
    • The request is blocked by the MIME mapping policy.
    • The website is updated or revised with some contents unchanged, but resources called by these contents are deleted or the paths got changed.
    • The scripts or CSS files you attempt to follow are invalid, but the code to call them still exists.
    • The directory of the resources you are trying to follow is deleted.
    • The URL you are trying to open is rendered invalid because its URL forwarding syntax was changed, or the directory or the directory name of the website was changed, or there is a typo in the URL.
  • 502: The 502 Bad Gateway occurs because the Web server is not properly configured. You can view the Web access logs to verify the setting parameters.

  • 503: 503 is also an error code that indicates the invalid status of a webpage like 404. The difference is that 404 is for Web server errors, and 503 is for Web application errors. It can occur in the following conditions:

    • The network administrator closes the application pool to perform maintenance.
    • The application pool is throttled when your request arrives.
    • The application pool identity is not the built-in identity called Network Service, but an identity configured by the user, which is not included in IIS_WPG group.
    • CPU monitoring is enabled for the application pool, and when the CPU usage exceeds a certain limit, the pool closes. If the executable files (.asp, .aspx) are low in efficiency, it can cause a sustained high CPU that may exceed the CPU limit.
    • The value for application pool queue-length limit is too small (1000 by default).
    • The directory of the resources you are trying to follow is deleted.
    • The URL you are trying to open is rendered invalid because of the reasons such as its URL forwarding syntax was changed, the directory or the directory name of the website was changed, or there is a typo in the URL.
    • The Web server is under a DDoS attack, which floods the targeted Web server’s Apache with superfluous requests in an attempt to overload it and prevent some or all legitimate requests from being fulfilled, even crashes the Web server. Our resolution is to give each Apache a limit of 64 php requests every 19 seconds. Note that we only limit the php requests. The picture requests and HTML requests are not included.
    • The application that is not optimized occupies too many php threads. One request of the application may generate several, or even dozens of php threads. In this case, a few requests can fill up all the 64 php threads, and the 503 error occurs. We recommend you optimize the application and minimize the use of statements such as require.

If the issue is still not resolved, save the output that you have received while troubleshooting, the log and relevant screenshots, and open a ticket for further assistance.

Thank you! We've received your feedback.