Troubleshooting Guide

This guide covers common issues encountered when deploying and operating AtomicEdge WAF protection, along with systematic diagnostic procedures.

DNS and Connectivity Issues

Site Not Loading After DNS Change

Symptoms: Site returns connection timeout or DNS resolution errors after pointing DNS to edge endpoints.

Diagnostic Steps:

Verify DNS propagation:

dig example.com A +short
nslookup example.com

Expected output should show edge endpoint IP, not origin IP.

Test from multiple DNS servers:

dig @8.8.8.8 example.com A +short
dig @1.1.1.1 example.com A +short

Check local DNS cache:

# Clear cache and test again
# Windows
ipconfig /flushdns

# macOS
sudo dscacheutil -flushcache

# Linux
sudo systemd-resolve --flush-caches

Solutions:

Wait for DNS propagation (up to 48 hours, typically 5-30 minutes)
Lower TTL values before making DNS changes
Test using edge endpoint IP directly: curl -H "Host: example.com" http://[edge-ip]/
Verify origin server backend IP is correctly configured

DNS Points to Edge but Site Shows Errors

Symptoms: DNS resolves correctly but site returns 502 Bad Gateway or 504 Gateway Timeout.

Diagnostic Steps:

Verify origin server is running:

curl -I http://[origin-ip]/

Test edge to origin connectivity:

curl -H "Host: example.com" http://[edge-ip]/

Check origin firewall rules allow edge endpoint IPs
Verify backend IP configuration in site settings matches actual origin IP

Solutions:

Ensure origin server web service is running
Add edge endpoint IPs to origin firewall whitelist
Verify backend port configuration (80 vs 443)
Check origin server logs for connection attempts
Confirm origin web server accepts requests with correct Host header

Partial Site Loading

Symptoms: Main page loads but assets (CSS, JS, images) return 404 or timeout.

Diagnostic Steps:

Check browser developer console for failed requests
Identify specific URLs that fail
Test failed URLs directly with curl
Check if failed requests use different hostname (CDN, etc.)

Solutions:

Ensure all hostnames used by site are added to AtomicEdge
Configure CDN or asset domain DNS separately
Check for absolute URLs pointing to origin IP
Verify origin server asset paths are accessible

SSL/TLS Certificate Issues

SSL Certificate Errors

Symptoms: Browser shows certificate warnings, “Your connection is not private” errors.

Diagnostic Steps:

Check certificate status:

openssl s_client -connect example.com:443 -servername example.com

Verify DNS points to edge endpoint (certificate issuance requires this)
Check certificate age – initial issuance takes 1-5 minutes
Verify no CAA records block certificate issuance:

dig example.com CAA

Solutions:

Wait 5 minutes after DNS configuration for initial certificate
Ensure DNS correctly points to edge endpoint
Check CAA records don’t restrict certificate authority
Verify port 80 is accessible for HTTP validation
Contact support if certificate doesn’t issue within 10 minutes

Mixed Content Warnings

Symptoms: HTTPS site shows mixed content warnings, some resources load over HTTP.

Diagnostic Steps:

Check browser console for mixed content warnings
Identify HTTP URLs in HTTPS page
Search site code for hard-coded HTTP URLs

Solutions:

Update site to use protocol-relative URLs (//example.com/asset.js)
Use HTTPS for all embedded resources
Configure site to use relative URLs
Enable HSTS security header to prevent HTTP downgrade

Certificate Mismatch

Symptoms: Certificate shows wrong domain name.

Diagnostic Steps:

Verify DNS points to correct edge endpoint
Check certificate Common Name and Subject Alternative Names
Confirm site is added in dashboard with correct domain

Solutions:

Ensure site is added with exact domain name
Verify DNS uses correct edge endpoint IP
Wait for DNS propagation if recently changed
Check for typos in dashboard domain configuration

WAF Blocking Issues

Legitimate Traffic Blocked

Symptoms: Users report 403 Forbidden errors, legitimate operations fail.

Diagnostic Steps:

Reproduce the error
Check security logs for blocked requests
Identify rule ID causing the block
Review request parameters that triggered rule

Solutions:

Add triggered rule ID to disabled rules list
Test that operation now succeeds
Document reason for disabling rule
Monitor for similar blocks

Admin Area Not Accessible

Symptoms: Site administrators cannot access admin panel.

Diagnostic Steps:

Test admin login
Check security logs for blocks
Verify IP whitelist configuration if using Page Protection
Test from different network

Solutions:

Add admin IPs to Page Protection whitelist
Disable rules blocking admin operations
Check for rate limiting on login endpoint
Verify admin credentials are correct

Form Submissions Fail

Symptoms: Contact forms, registration forms, or other submissions return errors.

Diagnostic Steps:

Reproduce form submission
Check browser console for errors
Review security logs for blocked POST requests
Test with simplified form data

Solutions:

Identify and disable rules blocking form data
Check for XSS rules triggered by HTML in fields
Verify CSRF tokens are not blocked
Test with reduced input length
Disable rules for specific form endpoints

API Requests Blocked

Symptoms: API calls return 403 errors, integrations fail.

Diagnostic Steps:

Test API endpoint directly:

curl -X POST https://example.com/api/endpoint \
  -H "Content-Type: application/json" \
  -d '{"test":"data"}'

Check security logs for rule triggers
Verify API authentication headers
Test with minimal payload

Solutions:

Disable rules blocking legitimate API patterns
Add API client IPs to whitelist
Configure separate rules for API endpoints
Test with different payload structures
Verify Content-Type headers are preserved

Performance Issues

Slow Page Load Times

Symptoms: Site loads significantly slower after enabling protection.

Diagnostic Steps:

Test page load time:

curl -w "@curl-format.txt" -o /dev/null -s https://example.com/

Format file (curl-format.txt):

time_namelookup: %{time_namelookup}
time_connect: %{time_connect}
time_appconnect: %{time_appconnect}
time_pretransfer: %{time_pretransfer}
time_starttransfer: %{time_starttransfer}
time_total: %{time_total}

Compare with direct origin access
Check origin server load
Verify network path to origin

Solutions:

Check origin server performance
Verify origin can handle traffic volume
Review origin server logs for slow queries
Consider origin optimization (caching, database tuning)
Verify network connectivity between edge and origin

High Latency

Symptoms: Request times are consistently high.

Diagnostic Steps:

Test latency components:

curl -w "DNS: %{time_namelookup}\nConnect: %{time_connect}\nTTFB: %{time_starttransfer}\n" \
  -o /dev/null -s https://example.com/

Test from multiple geographic locations
Check origin server response time
Verify edge endpoint connectivity

Solutions:

Optimize origin server performance
Enable origin caching
Check for slow database queries
Verify network connectivity
Contact support if edge processing is slow

Timeout Errors

Symptoms: Requests timeout after long wait, 504 Gateway Timeout errors.

Diagnostic Steps:

Test request completion time:

time curl https://example.com/slow-endpoint

Check origin server timeout settings
Verify origin server processes request
Check origin server logs for errors

Solutions:

Optimize slow endpoints
Increase origin server timeout limits
Check for long-running database queries
Verify origin server resources (CPU, memory)
Consider breaking up long operations

Access Control Problems

IP Whitelist Not Working

Symptoms: Whitelisted IPs are still blocked.

Diagnostic Steps:

Verify IP address format:

curl https://ifconfig.me

Check IP whitelist configuration
Test from whitelisted IP
Review security logs for blocks

Solutions:

Verify exact IP address (not range)
Check for IPv4 vs IPv6 differences
Ensure whitelist is saved and deployed
Test that IP matches whitelist entry exactly
Consider dynamic IP changes

Page Protection Not Blocking

Symptoms: Protected pages are accessible from non-whitelisted IPs.

Diagnostic Steps:

Verify Page Protection is enabled
Check protected path configuration
Test from non-whitelisted IP
Verify deployment completed

Solutions:

Ensure Page Protection is enabled
Verify protected paths are correct
Check path matching (exact vs prefix)
Confirm whitelist is not too broad
Test with curl from non-whitelisted IP

Geographic Blocking Not Working

Symptoms: Traffic from blocked countries is not blocked.

Diagnostic Steps:

Verify geographic blocking is enabled
Test from blocked country (using VPN)
Check IP geolocation database
Review security logs

Solutions:

Enable geographic blocking feature
Verify country list is correct
Test with known IPs from blocked countries
Check for VPN or proxy bypass
Verify configuration is deployed

Rate Limiting Issues

Rate Limiting Too Aggressive

Symptoms: Legitimate users are rate limited, can’t complete normal operations.

Diagnostic Steps:

Check rate limit configuration
Review security logs for rate limit triggers
Test operation frequency
Verify user IP is not shared (proxy, NAT)

Solutions:

Increase events per minute threshold
Add legitimate IPs to rate limit whitelist
Configure per-path rate limits
Consider shared IP scenarios (corporate proxy)
Monitor after adjustment

Rate Limiting Not Effective

Symptoms: Attacks continue despite rate limiting, brute force succeeds.

Diagnostic Steps:

Verify rate limiting is enabled
Check configuration for protected endpoints
Review logs for rate limit triggers
Test that limits are enforced

Solutions:

Enable rate limiting feature
Configure appropriate limits for endpoints
Add critical paths (login, API) to protection
Consider geographic blocking for attack sources
Use stricter response (drop instead of 403)

Logging and Monitoring

No Logs Appearing

Symptoms: Security logs or access logs are not showing recent data.

Diagnostic Steps:

Verify traffic is flowing through edge
Check DNS points to edge endpoint
Test that requests generate logs
Verify log retention settings

Solutions:

Confirm DNS is correctly configured
Test that traffic routes through protection
Check date filter settings in dashboard
Verify account has logging enabled
Contact support if logs are missing

Cannot Filter Logs

Symptoms: Log filtering doesn’t return expected results.

Diagnostic Steps:

Verify filter syntax
Check date range
Test with broader filters
Review available fields

Solutions:

Use correct field names
Adjust date range to include events
Test with single filter criterion
Check for typos in filter values
Clear filters and start fresh

Logs Show Unexpected Blocks

Symptoms: Logs show blocked requests that should be allowed.

Diagnostic Steps:

Review blocked request details
Identify triggered rule
Verify whitelist configuration
Check rule group settings

Solutions:

Disable problematic rules
Add IPs to whitelist
Configure exceptions for specific paths
Review false positive patterns
Document expected behavior

Integration Issues

WordPress Plugin Conflicts

Symptoms: WordPress plugins malfunction after enabling protection.

Diagnostic Steps:

Identify affected plugin
Test plugin functionality
Check security logs for blocks
Test with plugin disabled

Solutions:

Disable rules blocking plugin operations
Add admin IPs to whitelist
Test with WordPress-specific rules only
Contact plugin vendor for compatibility
Document plugin-specific rule disabling

CDN Compatibility

Symptoms: CDN and AtomicEdge conflict, double protection or loops.

Diagnostic Steps:

Check DNS configuration
Verify CDN and WAF placement
Test request flow
Review headers

Solutions:

Use AtomicEdge in front of CDN, or
Use CDN in front of AtomicEdge (pass-through mode)
Avoid double protection
Configure CDN to preserve headers
Test thoroughly after integration

Load Balancer Issues

Symptoms: Load balancer health checks fail after enabling protection.

Diagnostic Steps:

Identify health check endpoint
Test health check request
Check security logs for blocks
Verify health check IP

Solutions:

Whitelist load balancer IPs
Disable rules for health check endpoint
Configure health check to use expected pattern
Verify health check method (GET, HEAD)
Test health check succeeds

Emergency Procedures

Complete Site Outage

If site is completely inaccessible:

Verify origin server is running
Check DNS resolution
Test edge endpoint connectivity
Review recent configuration changes

Emergency bypass:

Change DNS back to origin IP
Wait for DNS propagation (or use low TTL)
Monitor origin access
Diagnose issue with protection disabled
Fix and re-enable gradually

Attack in Progress

If site is under active attack:

Review security logs for attack pattern
Enable geographic blocking for source countries
Enable rate limiting for attacked endpoints
Consider changing response to “drop” for attack traffic
Monitor logs continuously
Document attack characteristics

Configuration Rollback

If recent change caused issues:

Note exact change made
Revert change in dashboard
Verify deployment completes
Test that issue is resolved
Review logs to confirm
Plan alternative approach

Getting Help

Before Contacting Support

Collect diagnostic information:

Site domain name
Approximate time of issue
Specific error messages
Steps to reproduce
Recent configuration changes
Security log excerpts
Browser console output
Curl command output

Support Information

When contacting support, provide:

Complete description of issue
Diagnostic steps already taken
Configuration details
Log excerpts showing the problem
Expected vs actual behavior
Business impact of issue

Self-Service Resources

Dashboard documentation
Security log analysis tools
Configuration examples
Community forum
Knowledge base articles

Most issues can be resolved through log analysis and rule tuning. Systematic diagnosis identifies the root cause efficiently.