- Más nuevo
- Más votos
- Más comentarios
Since you mentioned use of Target group and HTTP error, I am assuming you are using an ALB. Please correct me if my assumption is not accurate. The ALB will respond with the HTTP 403 error if you are using WAF with the ALB and that is restricting access to your load balancer. As explained in document below: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-troubleshooting.html#load-balancer-http-error-codes "You configured an AWS WAF web access control list (web ACL) to monitor requests to your Application Load Balancer and it blocked a request."
However WAF will not impact health checks, if your health checks are failing with HTTP 403 error, it will be because your target instances are responding with that HTTP error codes. Here are couple of things you can do to test which will verify if target is responding with 403 or not. From a test instance/another instance that belong to the same VPC as the target instance run the following Tests:
- Curl command test : "curl -IvKL http://<IP address of target instance>:<port number>/<path>"
(please note the parameters will change from this test based on your configuration, for example if the ALB forward the traffic to HTTP on port 80 then the test will have port number as 80. Similarly if no path is configured you do not need to add "/") - Run Telnet test : telnet <IP address of target instance> <port number>
Make sure that the target instances are allowing traffic in from Test instances for the above test to work successfully. The tests above will bypass the load balancer completely and will tell if it is the ALB responding with 403 or is it your target instance.
Further you can also check following metrics and data on ALB to determine the cause of the HTTP 403 error:
- We have these 2 metrics "HTTPCode_ELB_4XX_Count" and "HTTPCode_Target_4XX_Count" which tell if it is the ALB generating 403 errors or is it the target instance. You can review these metrics to determine who is responding with 403 error. Here is the document which talks in details about these metrics : https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html.
- ALB also has access logs, enabling access logs will give you information on each requests made to ALB. You can enable access logs if not already done, and analyze the logs to determine cause of HTTP 403 error. Here is the link talking in detail about access logs : https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html.
In addition to above you can also try the following:
- Make sure the webserver is running and HTTP ports are open.
- Try to reboot instance and see if that helps.
- Here is link to knowledge center article which talks on troubleshooting health check failure for the ALB, you can verify steps mentioned in this to further investigate : https://aws.amazon.com/premiumsupport/knowledge-center/elb-fix-failing-health-checks-alb/.
- If the above does not work you can open up case with AWS premium support (ELB team) and we can help you troubleshoot this issue further.
I hope the above information helps.
Contenido relevante
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 3 años
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 2 años