How do I troubleshoot HTTP 502 errors when I make requests through a Classic Load Balancer?

4 minute read

I see HTTP 502 errors when my client makes requests to a website through a Classic Load Balancer (CLB). How can I troubleshoot this?

Short description

HTTP 502 (bad gateway) errors can occur for one of the following reasons:

  • The web server or associated backend application servers running on EC2 instances return a message that can't be parsed by your Classic Load Balancer.
  • The web server or associated backend application servers return a 502 error message of their own.

To find the source of these 502 errors:

If the backend response is the source of the ELB 502 error, the issue might be caused by:

  • A response containing more than one CRLF between each header.
  • A response containing a Content-Length header which contains a non-integer.
  • A response that has more bytes in the body than the Content-Length header value.

If the 502 error is generated by your backend servers, contact your application's owner. If the 502 error is generated by the Classic Load Balancer, the HTTP response from the backend is malformed. Follow these steps to troubleshoot ELB-generated 502 errors:


1.    Check if the response body returned by the backend application complies with HTTP specifications. Refer to the following documentation from RFC Editor:
RFC 7230 - HTTP/1.1: Message Syntax and Routing
RFC 7231 - HTTP/1.1: Semantics and Content
RFC 7232 - HTTP/1.1: Conditional Requests
RFC 7233 - HTTP/1.1: Range Requests
RFC 7234 - HTTP/1.1: Caching
RFC 7235 - HTTP/1.1: Authentication

2.    Confirm that the response header has the correct syntax: a key and the value, such as Content-Type:text. Be sure that Content-Length or transfer encoding is not missed in the HTTP response header. For more information about web server HTTP header fields, see the Internet Assigned Numbers Authority documentation at List of HTTP header fields. Examine the HTTP responses returned by running a command similar to the following:

curl -vko /dev/null server_instance_IP

3.    Check the ELB access log for duplicate HTTP 502 errors. 502 errors for both elb_status_code and backend_status_code indicate that there's a problem with one or more of the web server instances. Identify which web server instances are exhibiting the problem, then check the web server logs of the backend web server instances. See the following log locations for some common web servers and operating systems:

Apache logs

  • The web server logs for CentOS, RHEL, Fedora, and Amazon Linux are located in the /var/log/httpd/ directory.
  • The web server logs for Debian and Ubuntu Linux are located in the /var/log/apache2 and /var/log/lighthttpd/ directory.

NGINX logs

  • The NGINX access log location is defined in the nginx.conf file: access_log /path/to/access.log
  • The default location is /var/log/nginx/access.log

IIS logs

The web server logs for Windows IIS 7, IIS 7.5 and IIS 8.0 are stored in the inetpub\logs\Logfiles directory. For more information about the Internet Information Server (IIS) logs, see Microsoft's documentation at The HTTP status code in IIS 7.0 and later versions. If you confirmed that your 502 errors are ELB-generated and that your backend's response conforms to RFC conventions, contact AWS Support.

Related information

Troubleshoot a Classic Load Balancer: Response code metrics

Tutorial: Create a Classic Load Balancer

Identity and access management for Elastic Load Balancing

Configure health checks for your Classic Load Balancer

Elastic Load Balancing Connection timeout management

AWS OFFICIALUpdated 2 years ago