Support Forums

502 errors Netlify as proxy for Wordpress (WPEngine)

Hey there!

Our Netlify site name: “vero-next”
Test using this domain: https://www-staging.getvero.com/

We are proxying all requests at https://www-staging.getvero.com/resources/* across to a Wordpress install on WPEngine (raw URL: resources-staging.getvero.com). We have some nginx re-writes which will re-write requests to then raw URL to www-staging.getvero.com UNLESS there is a header present (that header is: X-Vero-Proxied: true for reference, in case you need to do your own raw requests to check headers, etc…

Here’s the re-write rule we’re using:

  from = "/resources/*"
  to = "https://resources-staging.getvero.com/resources/:splat"
  status = 200
  headers = {X-Vero-Netlify = "true", X-Vero-Proxied = "true"}

It is working nicely 97% of the time. However, we’re occasionally seeing periods where we receive 502 responses and a total blank response:

It’s happening often enough that it’s unideal. When we see this and do a cURL, we get a response like this:

git:(develop) ✗ curl -i https://www-staging.getvero.com/resources/
HTTP/2 502
x-nf-request-id: 73eb702f-1d83-4a5e-90d8-8baaf7ab96ac
date: Fri, 25 Jun 2021 07:08:37 GMT

I’ve included a few x-nf-request-ids for reference in the hope this makes it easy to get an answer on what is up:


It might also be worth noting I have rewrites in both netlify.toml and _redirects. I’m not quite sure the order of operations between processing those two, in case that matters. That said, that doesn’t feel like the issue here.

Thanks for any insights :).

Hi, @chexton. I’m showing that all three of those 502s were due to timeouts from the resource being proxied to.

The error message in our backend systems says this:

timed out after 30s while waiting for response headers to arrive

If there are other questions or concerns, please let us know.

1 Like

Thanks @Luke , that’s super helpful. Will chat further with WPEngine.

Hi @Luke (or other Netlify crew). Is it possible your logs contain the IP address of the request that was made to WPEngine. After much back-and-forth, it sounds like they have a “security” layer that might periodically block the proxy requests.

I want to prove this is true before I think about ways around it, and apparently the only way to do that is to confirm the IP request used to make the proxied request is in the blacklist at WPEngine. Is it possible for you to share that IP?

Thanks again.

Hi, @chexton. The IP address the proxy will see is the public IP address of the ADN node (aka CDN node) that handles the HTTP request.

For the three x-nf-request-id's listed above, the same node responded to all three. The IP address that node uses is:


That is the IP address that made the requests to the proxied URL.