Troubleshooting WAF, CDN, and Load balancer

 Troubleshooting issues involving a Web Application Firewall (WAF), Content Delivery Network (CDN), and Load Balancer (LB) can be complex. Here is a step-by-step guide, including testing methods and relevant commands to isolate problems at each level.

### Step 1: Check Basic Connectivity

1. **Ping the Website**:

   ```sh

   ping example.com

   ```

2. **Check DNS Resolution**:

   ```sh

   nslookup example.com

   ```

### Step 2: Verify Load Balancer

1. **Direct Access to Load Balancer**:

   Modify `/etc/hosts` to bypass CDN and WAF, pointing directly to the load balancer’s IP.

   ```sh

   sudo nano /etc/hosts

   ```

   Add the line:

   ```

   LB_IP example.com

   ```

   

2. **Test HTTP Response**:

   ```sh

   curl -I http://example.com

   ```

   Check headers and status code to verify the load balancer is responding correctly.

3. **Check Load Balancer Logs**:

   Access logs on the load balancer to see if requests are hitting it and how they are being routed.

   ```sh

   tail -f /var/log/load_balancer.log

   ```

### Step 3: Verify CDN

1. **Direct Access to CDN**:

   Modify `/etc/hosts` to point to the CDN IP.

   ```sh

   sudo nano /etc/hosts

   ```

   Add the line:

   ```

   CDN_IP example.com

   ```

2. **Test HTTP Response**:

   ```sh

   curl -I http://example.com

   ```

   Check for CDN-specific headers (e.g., `X-Cache`, `X-CDN-Geo`).

3. **Check CDN Logs**:

   Access the CDN management console to review logs and analytics.

### Step 4: Verify WAF

1. **Direct Access to WAF**:

   Modify `/etc/hosts` to point to the WAF IP.

   ```sh

   sudo nano /etc/hosts

   ```

   Add the line:

   ```

   WAF_IP example.com

   ```

2. **Test HTTP Response**:

   ```sh

   curl -I http://example.com

   ```

   Check for WAF-specific headers (e.g., `X-WAF-Status`).

3. **Check WAF Logs**:

   Access the WAF management console or server to review logs for any blocked or flagged requests.

### Step 5: Combined Testing

1. **Normal Access**:

   Reset `/etc/hosts` to its original state to test the complete chain (CDN -> WAF -> LB).

   ```sh

   sudo nano /etc/hosts

   ```

   Remove any custom entries for `example.com`.

2. **Test HTTP Response**:

   ```sh

   curl -I http://example.com

   ```

3. **Trace Route**:

   Use `traceroute` to see the path packets take to reach the server.

   ```sh

   traceroute example.com

   ```

### Analyzing Return Codes and Headers

- **200 OK**: Normal operation.

- **301/302 Redirect**: Ensure redirection is intentional and correctly configured.

- **403 Forbidden**: Likely WAF blocking; check WAF logs.

- **503 Service Unavailable**: Check load balancer health checks and backend servers.

### Commands Summary:

- **Curl with Detailed Output**:

  ```sh

  curl -I -v http://example.com

  ```

- **Check Headers for Specific Components**:

  ```sh

  curl -I -H "Host: example.com" http://WAF_IP

  curl -I -H "Host: example.com" http://CDN_IP

  curl -I -H "Host: example.com" http://LB_IP

  ```

- **Logging into Servers**:

  ```sh

  ssh user@LB_IP

  tail -f /var/log/load_balancer.log

  

  ssh user@CDN_IP

  tail -f /var/log/cdn.log

  

  ssh user@WAF_IP

  tail -f /var/log/waf.log

  ```

### Conclusion

By systematically modifying the `/etc/hosts` file and analyzing the responses and logs from each component (Load Balancer, CDN, WAF), you can isolate where issues might be occurring. Ensure to reset the hosts file after each test to avoid DNS conflicts.