[ZT] Gateway will respond 502 Bad Gateway when receiving HTTP_1_1_REQUIRED

kyouheicf · web-flow · commit ff444a6224c5 · 2024-10-09T17:41:47.000+09:00
PCX-14005
diff --git a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
@@ -174,3 +174,9 @@ To enable software rasterization:
 By default, the WARP client blocks outgoing SMTP traffic on port `25` to prevent users from abusing our service to send spam. Modern email service providers use port `587` or `465` to encrypt emails over a TLS/SSL connection. For more information, refer to [What SMTP port should be used?](https://www.cloudflare.com/learning/email-security/smtp-port-25-587/).
 
 If you need to unblock port `25`, contact your account team.
+
+## I see `502 Bad Gateway` when browsing to a website.
+
+This issue can occur when communicating with the origin that partially support HTTP/2. In these scenarios, the connection from Gateway to the website starts using HTTP/2 but request a downgrade to HTTP/1.1 for some requests. For instance, [servers like IIS don't support auth (and possibly other cases) over HTTP/2](](https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported)). Such the website may send back a `RST_STREAM` frame with the error code `HTTP_1_1_REQUIRED`, which indicates that the browser should retry over HTTP/1.1. Gateway currently translates any received upstream `RST_STREAM` to a pseudo socket close, so you see this as a `502 Bad Gateway` exception page, and the browser doesn't know why it failed.
+
+Gateway do not support for this downgrade mechanism whereby Gateway will re-issue requests over HTTP/1.1 when receiving the `HTTP_1_1_REQUIRED` error code. To make the connection from Gateway to the website successfully, you will need to disable HTTP/2 at the origin.
