We were again hit by a DoS attack resulting in a very high load of the service. Thus, the service was having a hard time to process the legitimate requests in a timely fashion.
The service is reverse-proxied. The front proxy returns a HTTP 502 to clients when the backend service does not reply fast enough: that is the error that users were seeing during the attack.
We blocked the IP subnet responsible for the attack. Immediately, the workload started to drop. It reached back its usual level in a couple of minutes: the service was back, fully operational.