Cloudflare is a powerful content delivery network (CDN) that helps improve website speed and security. However, sometimes users encounter frustrating error messages like 520, 521, 522, and other 5xx errors. These errors indicate communication issues between Cloudflare and your origin web server, preventing your site from loading properly.
At VeeroTech, we understand how critical website uptime is for your business. This article will guide you through the most common Cloudflare errors—520, 521, 522—and provide step-by-step fixes to get your site back online quickly.
Quick Steps to Fix Cloudflare Errors 520, 521, 522
- Check if your origin web server is online and responsive.
- Verify DNS settings and make sure origin IP matches Cloudflare records.
- Ensure your firewall or security settings are not blocking Cloudflare IP addresses.
- Enable KeepAlive settings on your web server.
- Review server resource usage and upgrade hosting if needed.
- Check SSL/TLS settings for compatibility between Cloudflare and your server.
- Temporarily disable Cloudflare proxy to isolate the issue.
Detailed Explanation and Troubleshooting
1. Check Your Origin Web Server Status
Cloudflare error codes 520, 521, and 522 usually mean Cloudflare cannot properly connect to your origin server.
- Error 520: Unknown error — often caused by server crashes, misconfigurations, or unexpected server responses.
- Error 521: Server refused connection — your origin server is down or rejecting Cloudflare’s requests.
- Error 522: Connection timed out — Cloudflare cannot complete a TCP handshake with the server, often due to overload or firewall blocks.
Use tools like ping, traceroute, or server status dashboards to confirm your origin server is up and accepting connections.
2. Verify DNS Settings and IP Addresses
Make sure your Cloudflare DNS records point to the correct origin IP address provided by your hosting provider. Mismatched IPs will cause connection failures.
3. Allow Cloudflare IPs Through Firewalls and Security Plugins
Your server firewall, security plugins, or .htaccess rules might block Cloudflare IP ranges, causing communication failures.
- Whitelist all Cloudflare IP addresses. Cloudflare provides an official list of IP ranges.
- Review your security software settings and disable any that block or limit Cloudflare’s requests.
4. Enable KeepAlive on Your Web Server
Cloudflare uses KeepAlive headers to maintain open connections. Disabled KeepAlive can cause timeouts (Error 522).
- For Apache servers, add this directive to your .htaccess file or Apache config:
<IfModule mod_headers.c> Header set Connection keep-alive </IfModule> - For Nginx, ensure the
keepalive_timeoutdirective is enabled.
5. Check Your Server’s Resource Usage
Overloaded servers may not respond fast enough, triggering 5xx errors.
- Monitor your CPU, RAM, and bandwidth usage.
- Upgrade your hosting plan if resources are frequently maxed out.
6. Verify SSL/TLS Settings
Misconfigured SSL between Cloudflare and your server can cause connection issues.
- In Cloudflare dashboard, try toggling SSL modes (Flexible, Full, Full (Strict)).
- Ensure your origin server has a valid SSL certificate.
7. Temporarily Disable Cloudflare Proxy
To isolate issues, temporarily set Cloudflare DNS from Proxied (orange cloud) to DNS only (grey cloud) for your domain.
- If errors disappear, the problem lies with the connection between Cloudflare and your server.
- Contact your hosting provider if this occurs.
Conclusion
Cloudflare error codes like 520, 521, and 522 often point to communication problems between Cloudflare’s network and your web server. By checking your server status, DNS settings, firewall rules, and server resources, most issues can be resolved promptly.
If you have any web hosting questions please feel free to reach out to us. We're happy to help.
Our Guiding Principles