Error analytics
Error Analytics per domain are available within Zone Analytics. Error Analytics allows insight into overall errors by HTTP error code and provides the URLs, source IP addresses, and Cloudflare data centers needed to diagnose and resolve the issue. Error Analytics are based on a 1% traffic sample.
To view Error Analytics:
- Log in to the Cloudflare dashboard.
- Click the appropriate Cloudflare account for your site, then pick the domain.
- Next, click the Analytics & Logs app icon.
- Click Add filter, select Edge status code or Origin status code and choose any 5xx error code that you want to diagnose.
Error 500: internal server error
Error 500 generally indicates an issue with your origin web server. Error establishing database connection is a common HTTP 500 error message generated by your origin web server. Contact your hosting provider to resolve.
Resolution
Provide details to your hosting provider to assist troubleshooting the issue.
However, if the 500 error contains “cloudflare” or “cloudflare-nginx” in the HTML response body, provide
Cloudflare support with the following information:
- Your domain name
- The time and timezone of the 500 error occurrence
- The output of www.example.com/cdn-cgi/trace from the browser where the 500 error was observed (replace www.example.com with your actual domain and host name)
Error 502 bad gateway or error 504 gateway timeout
An HTTP 502 or 504 error occurs when Cloudflare is unable to establish contact with your origin web server.
There are two possible causes:
- (Most common cause) 502/504 from your origin web server
- 502/504 from Cloudflare
502/504 from your origin web server
Cloudflare returns an Cloudflare-branded HTTP 502 or 504 error when your origin web server responds with a standard HTTP 502 bad gateway or 504 gateway timeout error:
Resolution
Contact your hosting provider to troubleshoot these common causes at your origin web server:
- Ensure the origin server responds to requests for the hostname and domain within the visitor’s URL that generated the 502 or 504 error.
- Investigate excessive server loads, crashes, or network failures.
- Identify applications or services that timed out or were blocked.
502/504 from Cloudflare
A 502 or 504 error originating from Cloudflare appears as follows:
If the error does not mention “cloudflare,” contact your hosting provider for assistance on 502/504 errors from your origin.
Resolution
To avoid delays processing your inquiry, provide these required details to
Cloudflare Support:
- Time and timezone the issue occurred.
- URL that resulted in the HTTP 502 or 504 response (for example:
https://www.example.com/images/icons/image1.png) - Output from browsing to
www.example.com/cdn-cgi/trace (replace
www.example.com with the domain and host name that caused the HTTP 502 or 504 error)
Error 503: service temporarily unavailable
HTTP error 503 occurs when your origin web server is overloaded. There are two possible causes discernible by error message:
- Error doesn’t contain “cloudflare” or “cloudflare-nginx” in the HTML response body.
Resolution: Contact your hosting provider to verify if they rate limit requests to your origin web server.
- Error contains “cloudflare” or “cloudflare-nginx” in the HTML response body.
Resolution: A connectivity issue occured in a Cloudflare data center. Provide
Cloudflare support with the following information:
- Your domain name
- The time and timezone of the 503 error occurrence
- The output of
www.example.com/cdn-cgi/trace from the browser where the 503 error was observed (replace
www.example.com with your actual domain and host name)
Error 520: web server returns an unknown error
Error 520 occurs when the origin server returns an empty, unknown, or unexpected response to Cloudflare.
Resolution
Contact your hosting provider or site administrator and request a review of your origin web server error logs for crashes and to check for these common causes:
- Origin web server application crashes
- Cloudflare IPs not allowed at your origin
- Headers exceeding 16 KB (typically due to too many cookies)
- An empty response from the origin web server that lacks an HTTP status code or response body
- Missing response headers or origin web server not returning
proper HTTP error responses.upstream prematurely closed connection while reading response header from upstreamis a common error we may notice in our logs. This indicates the origin web server was having issues which caused Cloudflare to generate 520 errors.
If 520 errors continue after contacting your hosting provider or site administrator, provide the following information to
Cloudflare Support:
- Full URL(s) of the resource requested when the error occurred
- Cloudflare cf-ray from the 520 error message
- Output from
http://www.example.com/cdn-cgi/trace (replace
www.example.com with your hostname and domain where the 520 error occurred) - Two
HAR files:- one with Cloudflare enabled on your website, and
- the other with
Cloudflare temporarily disabled.
Error 521: web server is down
Error 521 occurs when the origin web server refuses connections from Cloudflare. Security solutions at your origin may block legitimate connections from certain
Cloudflare IP addresses.
The two most common causes of 521 errors are:
- Offlined origin web server application
- Blocked Cloudflare requests
Resolution
Contact your site administrator or hosting provider to eliminate these common causes:
- Ensure your origin web server is responsive
- Review origin web server error logs to identify web server application crashes or outages.
- Confirm
Cloudflare IP addresses are not blocked or rate limited - Allow all
Cloudflare IP ranges in your origin web server’s firewall or other security software - Confirm that — if you have your SSL/TLS mode set to Full or Full (Strict) — you have installed a Cloudflare Origin Certificate
- Find additional troubleshooting information on the
Cloudflare Community.
Error 522: connection timed out
Error 522 occurs when Cloudflare times out contacting the origin web server. Two different timeouts cause HTTP error 522 depending on when they occur between Cloudflare and the origin web server:
- Before a connection is established, the origin web server does not return a SYN+ACK to Cloudflare within 15 seconds of Cloudflare sending a SYN.
- After a connection is established, the origin web server doesn’t acknowledge (ACK) Cloudflare’s resource request within 90 seconds.
Resolution
Contact your hosting provider to check the following common causes at your origin web server:
- (Most common cause)
Cloudflare IP addresses are rate limited or blocked in .htaccess, iptables, or firewalls. Confirm your hosting provider allows Cloudflare IP addresses. - An overloaded or offline origin web server drops incoming requests.
- Keepalives are disabled at the origin web server.
- The origin IP address in your Cloudflare DNS app does not match the IP address currently provisioned to your origin web server by your hosting provider.
- Packets were dropped at your origin web server.
If you are using Cloudflare Pages, verify that you have a custom domain set up and that your CNAME record is pointed to your custom Pages domain. Instructions on how to set up a custom Pages domain can be found here.
If none of the above leads to a resolution, request the following information from your hosting provider or site administrator before
contacting Cloudflare support:
- An
MTR or traceroute from your origin web server to a
Cloudflare IP address that most commonly connected to your origin web server before the issue occurred. Identify a connecting Cloudflare IP recorded in the origin web server logs. - Details from the hosting provider’s investigation such as pertinent logs or conversations with the hosting provider.
Error 523: origin is unreachable
Error 523 occurs when Cloudflare cannot contact your origin web server. This typically occurs when a network device between Cloudflare and the origin web server doesn’t have a route to the origin’s IP address.
Resolution Contact your hosting provider to exclude the following common causes at your origin web server:
- Confirm the correct origin IP address is listed for A or AAAA records within your Cloudflare DNS app.
- Troubleshoot Internet routing issues between your origin and Cloudflare, or with the origin itself.
If none of the above leads to a resolution, request the following information from your hosting provider or site administrator:
- An
MTR or traceroute from your origin web server to a
Cloudflare IP address that most commonly connected to your origin web server before the issue occurred. Identify a connecting Cloudflare IP from the logs of the origin web server. - If you use Railgun (deprecated) via a Cloudflare Hosting Partner, contact your hosting provider to troubleshoot the 523 errors.
- If you manage your Railgun (deprecated) installation, provide the following:
- A
traceroute to your origin web server from your Railgun server. - The most recent syslog file from your Railgun server.
- A
Error 524: a timeout occurred
Error 524 indicates that Cloudflare successfully connected to the origin web server, but the origin did not provide an HTTP response before the default 100 second connection timed out. This can happen if the origin server is simply taking too long because it has too much work to do — e.g. a large data query, or because the server is struggling for resources and cannot return any data in time.
Resolution
Here are the options we’d suggest to work around this issue:
- Implement status polling of large HTTP processes to avoid hitting this error.
- Contact your hosting provider to exclude the following common causes at your origin web server:
- A long-running process on the origin web server.
- An overloaded origin web server.
- Enterprise customers can increase the 524 timeout up to 6000 seconds using the proxy_read_timeout API endpoint.
- If you regularly run HTTP requests that take over 100 seconds to complete (for example large data exports), move those processes behind a subdomain not proxied (grey clouded) in the Cloudflare DNS app.
- If error 524 occurs for a domain using Cloudflare Railgun (deprecated), ensure the lan.timeout is set higher than the default of 30 seconds and restart the railgun service.
Error 525: SSL handshake failed
525 errors indicate that the SSL handshake between Cloudflare and the origin web server failed. Error 525 occurs when these two conditions are true:
- The
SSL handshake fails between Cloudflare and the origin web server, and - Full or Full (Strict) SSL is set in the Overview tab of your Cloudflare SSL/TLS app.
Resolution
Contact your hosting provider to exclude the following common causes at your origin web server:
- No valid SSL certificate installed
- Port 443 (or other custom secure port) is not open
- No
SNI support - The cipher suites accepted by Cloudflare does not match the cipher suites supported by the origin web server
Additional checks
- Check if you have a certificate installed on your origin server. You can check this article for more details on how to run some tests. In case you don’t have any certificate, you can create and install our free Cloudflare origin CA certificate. Using Origin CA certificates allows you to encrypt traffic between Cloudflare and your origin web server.
- Review the cipher suites your server is using to ensure they match what is supported by Cloudflare.
- Check your server’s error logs from the timestamps you see 525s to ensure there are errors that could be causing the connection to be reset during the SSL handshake.
Error 526: invalid SSL certificate
Error 526 occurs when these two conditions are true:
- Cloudflare cannot validate the SSL certificate at your origin web server, and
- Full SSL (Strict) SSL is set in the Overview tab of your Cloudflare SSL/TLS app.
Resolution
Request your server administrator or hosting provider to review the origin web server’s SSL certificates and verify that:
- Certificate is not expired
- Certificate is not revoked
- Certificate is signed by a
Certificate Authority (not self-signed) - The requested or target domain name and hostname are in the certificate’s Common Name or Subject Alternative Name
- Your origin web server accepts connections over port SSL port 443
- Temporarily pause Cloudflare and visit
https://www.sslshopper.com/ssl-checker.html#hostname=www.example.com (replace www.example.com with your hostname and domain) to verify no issues exists with the origin SSL certificate:
If the origin server uses a self-signed certificate, configure the domain to use Full SSL instead of Full SSL (Strict). Refer to recommended SSL settings for your origin.
527 Error: Railgun Listener to origin error
A 527 error indicates an interrupted connection between Cloudflare and your origin’s
Railgun server (rg-listener). Common causes include:
- Firewall interference
- Network incidents or packet loss between the Railgun server and Cloudflare
Common causes of 527 errors include:
- Connection timeouts
- LAN timeout exceeded
- Connection refusals
- TLS/SSL related errors
If contacting Cloudflare support, provide the following information from the Railgun Listener:
- The full content of the railgun.conf file
- The full content of the railgun-nat.conf file
- Railgun log files that detail the observed errors
Connection timeouts
The following Railgun log errors indicate a connection failure between the Railgun Listener and your origin web server:
connection failed 0.0.0.0:443/example.com: dial tcp 0.0.0.0:443: i/o timeout
no response from origin (timeout) 0.0.0.0:80/example.com
Resolution
Contact your hosting provider for assistance to test for connectivity issues between your origin web server and your Railgun Listener. For example, a netcat command tests connectivity when run from the Railgun Listener to the origin web server’s SERVERIP and PORT (80 for HTTP or 443 for HTTPS):
LAN timeout exceeded
The following Railgun Listener log error is generated if the origin web server does not send an HTTP response to the Railgun Listener within the 30 second default timeout:
connection failed 0.0.0.0:443/example.com: dial tcp 0.0.0.0:443: i/o timeout
The time is adjusted by the lan.timeout parameter of the railgun.conf file.
Resolution
Either increase the lan.timeout limit in railgun.conf, or review the web server configuration. Contact your hosting provider to confirm if the origin web server is overloaded.
Connection refusals
The following errors appear in the Railgun logs when requests from the Railgun Listener are refused:
Error getting page: dial tcp 0.0.0.0:80:connection refused
Resolution
Allow the IP of your Railgun Listener at your origin web server’s firewall.
The following errors appear in the Railgun logs if TLS connections fail:
connection failed 0.0.0.0:443/example.com: remote error: handshake failure
connection failed 0.0.0.0:443/example.com: dial tcp 0.0.0.0:443:connection refused
connection failed 127.0.0.1:443/www.example.com: x509: certificate is valid for
example.com, not www.example.com
Resolution
If TLS/SSL errors occur, check the following on the origin web server and ensure that:
- Port 443 is open
- An SSL certificate is presented by the origin web server
- the SAN or Common Name of the origin web server’s SSL certificate contains the requested or target hostname
- SSL is set to Full or Full (Strict) in the Overview tab of the Cloudflare SSL/TLS app
Error 530
HTTP error 530 is returned with an accompanying 1XXX error displayed. Search for the specific
1XXX error within the Cloudflare Help Center for troubleshooting information.
- Gathering information to troubleshoot site issues
- Contacting Cloudflare Support
- Customizing Cloudflare error pages
- MTR/Traceroute Diagnosis and Usage
- Cloudflare Community Tips
502 Bad Gateway is a common HTTP error status code that occurs mostly due to server-side issues. That is, the error is related to the server of a website, and not the client (your browser).
Sometimes, Cloudflare can also trigger the 502 Bad Gateway error if it cannot reach the origin server or if its services are down. The error looks like this 👇🏻
Though it’s a temporary error, it can appear quite frequently depending on your hosting provider and website setup.
So why does this error occur, and how can you fix a 502 Bad Gateway Cloudflare error?
Let’s find out.
What Does 502 Bad Gateway Cloudflare Error Mean?
A 502 Bad Gateway Error occurs when Cloudflare cannot establish a valid connection with your website’s origin web server. While this error message relates to the server-side (i.e. your web host), it can also happen if Cloudflare service is down or not correctly configured.
Was that a horrible explanation? Sorry, let me try again.
(Or click here if you’re just looking for how to fix this 502 Bad Gateway Cloudflare error)
Every time you visit a website, the browser sends a request to the origin server. The server then processes the request and sends it back to the browser with an HTTP status code.
But when you’re using Cloudflare on your website, the request is sent to Cloudflare before it reaches the client.
And a 502 Bad Gateway error occurs when Cloudflare cannot establish a valid connection with your website’s origin web server.
While this error message relates to the server-side, it can also happen if Cloudflare service is down or not configured correctly.
Different Variations of a 502 Bad Gateway Error
Based on your web server and browser, you might see a different 502 error, but they all mean the same thing:
- 502 Bad Gateway
- Error 502
- 502 Proxy Server
- HTTP 502
- 502 Proxy Error
- Temporary Error (502)
- HTTP Error 502 – Bad Gateway
- 502 Bad Gateway Nginx
- 502 Server Error: The web server encountered a temporary error and could not complete your request
- 502. That’s an error
- 502 Service Temporarily Overloaded
Some websites can also customize how a bad 502 gateway error looks.
However, all variations have the same meaning that the server acting as a proxy has not received a valid response from the origin server.
Causes for a Cloudflare 502 Bad Gateway Error
The two possible causes for this error are:
- 502 status code from the origin web server
- 502 error from Cloudflare
Error code from the origin server is most common as excessive server loads or network failures can result in server downtime.
If you have a WordPress website, then too many MySQL connections or low PHP memory limits can lead to request timeout. As a result, the website starts loading slowly and gives 502 errors.
Several other reasons can lead to a bad gateway error—incorrect DNS records, request block by a firewall, service failure (like PHP-FPM and cache services), or plugin/theme conflict in WordPress.
How to Fix a 502 Bad Gateway Cloudflare Error
- Clear Your Cache And Reload The Page
- Check Your DNS Servers
- Check Your Web Hosting
- Disable Cloudflare Proxy
- Plugin/Theme Conflict in WordPress
When a 502 Bad Gateway error occurs, it’s mostly related to the server-side response, but Cloudflare can also cause this error. So below are a few ways you can apply to fix the problem and get your website up and running.
1. Clear Your Cache And Reload The Page
Little is more frustrating than your IT guy telling you to reset your modem or turn your computer off and on again.
But they do it for a reason: it’s the most common (and easiest) way to fix the issue.
Cloudflare-related 502 Bad Gateway errors often occur due to temporary connection problems.
So simply waiting 5 minutes and reloading the page can do the trick.
If you still see a 502 bad gateway error, then clear your browser cache and reload the page again.
To clear the browser cache, you can hold down Ctrl + F5 for Windows and Linux browsers, and Cmd + Shift + R for Chrome and Safari on Mac.
This shortcut (known as a “hard refresh”) will bypass the cache for the specific page that you’re on, and the site will come back if it’s just a temporary connection issue.
2. Check Your DNS Servers
Sometimes, DNS can also cause 502 bad gateway errors.
If you’ve recently changed your web hosting service or moved to a different IP address, then it’s recommended to wait for 24 hours for the DNS changes to resolve.
You can also change your DNS to any third-party DNS servers like Google DNS to see if that solves the 502 error.
3. Check Your Web Hosting
The most common cause of Cloudflare 502 Bad Gateway error is when the web hosting server is down — especially on shared hostings where servers kill the processes that take too long to complete.
When that happens, Cloudflare returns a Cloudflare branded HTTP 502 bad gateway error.
To fix this, you can contact your hosting provider to make sure that the web server is performing correctly.
Sometimes, a sudden increase in traffic can also cause the web server to crash. When that happens, the server becomes temporarily overloaded, resulting in loss of a connection between the server and Cloudflare.
Servers can get overloaded due to excessive CPU and memory usage as well.
A lot of hostings also put servers into maintenance without any notification. The only way to solve the problem, in this case, is to wait for the hosting to finish the server maintenance.
So if the problem is on the host end, it’s best to contact the hosting customer support as they will help you faster.
4. Disable Cloudflare Proxy
If your hosting and DNS is fine, you can disable Cloudflare’s proxy for a while, and then visit the site again. If you’re using a dedicated CDN (content delivery network) in addition to Cloudflare, you can disable that too.
Cloudflare and CDNs can also experience system outages, that rarely happens, but a possible situation.
If the 502 error goes away after you disable Cloudflare proxy, then you will have to contact the Cloudflare support to find out the cause of the issue.
Also, if you see the following screen, then the error is because of Cloudflare.
To troubleshoot this, you can keep the Cloudflare proxy disabled, and share the following details with Cloudflare support:
- Time and timezone when the error occurred
- Website URL
Cloudflare usually replies within 1 to 3 business days to users on the free plan. You can also post your issue on the Cloudflare community platform, where other users might help you faster.
Before raising the problem in the Cloudflare support center, it’s good to check their System Status to make sure that Cloudflare services are working fine, and only you’re facing the 502 bad gateway error.
5. Plugin/Theme Conflict in WordPress
If you’re on a WordPress website, then some plugins and themes can also cause 502 errors when PHP scripts take too long for execution.
To check, go to “Plugins” in your WordPress dashboard (yourwebsite.com/wp-admin/), disable all the plugins, and see if the site works.
If this fixes the error, then activate the plugins one by one and reload the site after each activation. When you see the 502 error, you’ve found the cause of the problem.
But if you can’t access your WordPress dashboard, then you can disable the plugins via FTP by changing the name of the “Plugins” folder to something else (like “Old_Plugins”).
Once you have found the issue causing plugin/theme, you can contact their developers and notify them about the problem.
Summary
Bad Gateway errors are unexpected and can be frustrating. The best way to solve it is to see if the DNS is working fine, and your web server is running properly. You can also check the server error logs to pinpoint the issue triggered by any recently added application.
If it’s a Cloudflare issue, keep the proxy disabled and raise a ticket on their customer support.
Finally, if nothing works, reach out to your hosting provider and let them know about the error. They can identify the problem from their end and help you fix it as well.
If you’re looking for (free) tips to optimize your site speed with Cloudflare and rank higher on Google,
you can follow me on Twitter 👉🏻 @bitofseo.
Please DM me if you have any questions about this Cloudflare article (or have some feedback to make it better 😄️).
| pcx_content_type | title | source |
|---|---|---|
|
troubleshooting |
Troubleshooting Cloudflare 5XX errors |
Troubleshooting Cloudflare 5XX errors – Cloudflare Help Center
Error analytics
Error Analytics per domain are available within Zone Analytics. Error Analytics allows insight into overall errors by HTTP error code and provides the URLs, source IP addresses, and Cloudflare data centers needed to diagnose and resolve the issue. Error Analytics are based on a 1% traffic sample.
To view Error Analytics:
- Log in to the Cloudflare dashboard.
- Click the appropriate Cloudflare account for your site, then pick the domain.
- Next, click the Analytics & Logs app icon.
- Click Add filter, select Edge status code or Origin status code and choose any 5xx error code that you want to diagnose.
Error 500: internal server error
Error 500 generally indicates an issue with your origin web server. Error establishing database connection is a common HTTP 500 error message generated by your origin web server. Contact your hosting provider to resolve.
Resolution
Provide details to your hosting provider to assist troubleshooting the issue.
However, if the 500 error contains “cloudflare” or “cloudflare-nginx” in the HTML response body, provide Cloudflare support with the following information:
- Your domain name
- The time and timezone of the 500 error occurrence
- The output of www.example.com/cdn-cgi/trace from the browser where the 500 error was observed (replace www.example.com with your actual domain and host name)
{{
}}
If you observe blank or white pages when visiting your website, confirm
whether the issue occurs when temporarily pausing
Cloudflare
and contact your hosting provider for assistance.
{{}}
Error 502 bad gateway or error 504 gateway timeout
An HTTP 502 or 504 error occurs when Cloudflare is unable to establish contact with your origin web server.
There are two possible causes:
- (Most common cause) 502/504 from your origin web server
- 502/504 from Cloudflare
502/504 from your origin web server
Cloudflare returns an Cloudflare-branded HTTP 502 or 504 error when your origin web server responds with a standard HTTP 502 bad gateway or 504 gateway timeout error:
Resolution
Contact your hosting provider to troubleshoot these common causes at your origin web server:
- Ensure the origin server responds to requests for the hostname and domain within the visitor’s URL that generated the 502 or 504 error.
- Investigate excessive server loads, crashes, or network failures.
- Identify applications or services that timed out or were blocked.
502/504 from Cloudflare
A 502 or 504 error originating from Cloudflare appears as follows:
If the error does not mention “cloudflare,” contact your hosting provider for assistance on 502/504 errors from your origin.
Resolution
To avoid delays processing your inquiry, provide these required details to Cloudflare Support:
- Time and timezone the issue occurred.
- URL that resulted in the HTTP 502 or 504 response (for example: https://www.example.com/images/icons/image1.png)
- Output from browsing to _www.example.com/cdn-cgi/trace_ (replace _www.example.com_ with the domain and host name that caused the HTTP 502 or 504 error)
Error 503: service temporarily unavailable
HTTP error 503 occurs when your origin web server is overloaded. There are two possible causes discernible by error message:
- Error doesn’t contain “cloudflare” or “cloudflare-nginx” in the HTML response body.
Resolution: Contact your hosting provider to verify if they rate limit requests to your origin web server.
- Error contains “cloudflare” or “cloudflare-nginx” in the HTML response body.
Resolution: A connectivity issue occured in a Cloudflare data center. Provide Cloudflare support with the following information:
- Your domain name
- The time and timezone of the 503 error occurrence
- The output of _www.example.com/cdn-cgi/trace_ from the browser where the 503 error was observed (replace www.example.com with your actual domain and host name)
Error 520: web server returns an unknown error
Error 520 occurs when the origin server returns an empty, unknown, or unexpected response to Cloudflare.
Resolution
{{
}}
A quick workaround while further investigating 520 errors is to either
make the record
DNS-only
in the Cloudflare DNS app or temporarily pause
Cloudflare.
{{}}
Contact your hosting provider or site administrator and request a review of your origin web server error logs for crashes and to check for these common causes:
- Origin web server application crashes
- Cloudflare IPs not allowed at your origin
- Headers exceeding 16 KB (typically due to too many cookies)
- An empty response from the origin web server that lacks an HTTP status code or response body
- Missing response headers or origin web server not returning proper HTTP error responses.
upstream prematurely closed connection while reading response header from upstreamis a common error we may notice in our logs. This indicates the origin web server was having issues which caused Cloudflare to generate 520 errors.
{{
}}
520 errors are prevalent with certain PHP applications that crash the
origin web server.
{{}}
If 520 errors continue after contacting your hosting provider or site administrator, provide the following information to Cloudflare Support:
- Full URL(s) of the resource requested when the error occurred
- Cloudflare cf-ray from the 520 error message
- Output from _http://www.example.com/cdn-cgi/trace_ (replace _www.example.com_ with your hostname and domain where the 520 error occurred)
- Two HAR files:
- one with Cloudflare enabled on your website, and
- the other with Cloudflare temporarily disabled.
Error 521: web server is down
Error 521 occurs when the origin web server refuses connections from Cloudflare. Security solutions at your origin may block legitimate connections from certain Cloudflare IP addresses.
The two most common causes of 521 errors are:
- Offlined origin web server application
- Blocked Cloudflare requests
Resolution
Contact your site administrator or hosting provider to eliminate these common causes:
- Ensure your origin web server is responsive
- Review origin web server error logs to identify web server application crashes or outages.
- Confirm Cloudflare IP addresses are not blocked or rate limited
- Allow all Cloudflare IP ranges in your origin web server’s firewall or other security software
- Confirm that — if you have your SSL/TLS mode set to Full or Full (Strict) — you have installed a Cloudflare Origin Certificate
- Find additional troubleshooting information on the Cloudflare Community.
Error 522: connection timed out
Error 522 occurs when Cloudflare times out contacting the origin web server. Two different timeouts cause HTTP error 522 depending on when they occur between Cloudflare and the origin web server:
- Before a connection is established, the origin web server does not return a SYN+ACK to Cloudflare within 15 seconds of Cloudflare sending a SYN.
- After a connection is established, the origin web server doesn’t acknowledge (ACK) Cloudflare’s resource request within 90 seconds.
Resolution
Contact your hosting provider to check the following common causes at your origin web server:
- (Most common cause) Cloudflare IP addresses are rate limited or blocked in .htaccess, iptables, or firewalls. Confirm your hosting provider allows Cloudflare IP addresses.
- An overloaded or offline origin web server drops incoming requests.
- Keepalives are disabled at the origin web server.
- The origin IP address in your Cloudflare DNS app does not match the IP address currently provisioned to your origin web server by your hosting provider.
- Packets were dropped at your origin web server.
If you are using Cloudflare Pages, verify that you have a custom domain set up and that your CNAME record is pointed to your custom Pages domain. Instructions on how to set up a custom Pages domain can be found here.
If none of the above leads to a resolution, request the following information from your hosting provider or site administrator before contacting Cloudflare support:
- An MTR or traceroute from your origin web server to a Cloudflare IP address that most commonly connected to your origin web server before the issue occurred. Identify a connecting Cloudflare IP recorded in the origin web server logs.
- Details from the hosting provider’s investigation such as pertinent logs or conversations with the hosting provider.
Error 523: origin is unreachable
Error 523 occurs when Cloudflare cannot contact your origin web server. This typically occurs when a network device between Cloudflare and the origin web server doesn’t have a route to the origin’s IP address.
Resolution Contact your hosting provider to exclude the following common causes at your origin web server:
- Confirm the correct origin IP address is listed for A or AAAA records within your Cloudflare DNS app.
- Troubleshoot Internet routing issues between your origin and Cloudflare, or with the origin itself.
If none of the above leads to a resolution, request the following information from your hosting provider or site administrator:
- An MTR or traceroute from your origin web server to a Cloudflare IP address that most commonly connected to your origin web server before the issue occurred. Identify a connecting Cloudflare IP from the logs of the origin web server.
- If you use Railgun (deprecated) via a Cloudflare Hosting Partner, contact your hosting provider to troubleshoot the 523 errors.
- If you manage your Railgun (deprecated) installation, provide the following:
- A traceroute to your origin web server from your Railgun server.
- The most recent syslog file from your Railgun server.
Error 524: a timeout occurred
Error 524 indicates that Cloudflare successfully connected to the origin web server, but the origin did not provide an HTTP response before the default 100 second connection timed out. This can happen if the origin server is simply taking too long because it has too much work to do — e.g. a large data query, or because the server is struggling for resources and cannot return any data in time.
{{
}}
A 522 occurs if the origin web server
acknowledges (ACK) the resource request after the connection has been
established, but does not send a timely response.
{{}}
Resolution
Here are the options we’d suggest to work around this issue:
- Implement status polling of large HTTP processes to avoid hitting this error.
- Contact your hosting provider to exclude the following common causes at your origin web server:
- A long-running process on the origin web server.
- An overloaded origin web server.
{{
}}
Logging request response time at your origin web server helps identify
the cause of resource slowness. Contact your hosting provider or site
administrator for assistance in adjusting log formats or search for
related logging documentation for your brand of web server such as
Apache
or
Nginx.
{{}}
- Enterprise customers can increase the 524 timeout up to 6000 seconds using the proxy_read_timeout API endpoint.
- If you regularly run HTTP requests that take over 100 seconds to complete (for example large data exports), move those processes behind a subdomain not proxied (grey clouded) in the Cloudflare DNS app.
- If error 524 occurs for a domain using Cloudflare Railgun (deprecated), ensure the lan.timeout is set higher than the default of 30 seconds and restart the railgun service.
Error 525: SSL handshake failed
525 errors indicate that the SSL handshake between Cloudflare and the origin web server failed. Error 525 occurs when these two conditions are true:
- The SSL handshake fails between Cloudflare and the origin web server, and
- Full or Full (Strict) SSL is set in the Overview tab of your Cloudflare SSL/TLS app.
{{
}}
If your hosting provider frequently changes your origin web server’s IP
address, refer to Cloudflare’s documentation on dynamic DNS
updates.
{{}}
Resolution
Contact your hosting provider to exclude the following common causes at your origin web server:
- No valid SSL certificate installed
- Port 443 (or other custom secure port) is not open
- No SNI support
- The cipher suites accepted by Cloudflare does not match the cipher suites supported by the origin web server
{{
}}
If 525 errors occur intermittently, review the origin web server error
logs to determine the cause. Configure Apache to log mod_ssl
errors.
Also, nginx includes SSL errors in its standard error log, but may
possibly require an increased log
level.
{{}}
Additional checks
- Check if you have a certificate installed on your origin server. You can check this article for more details on how to run some tests. In case you don’t have any certificate, you can create and install our free Cloudflare origin CA certificate. Using Origin CA certificates allows you to encrypt traffic between Cloudflare and your origin web server.
- Review the cipher suites your server is using to ensure they match what is supported by Cloudflare.
- Check your server’s error logs from the timestamps you see 525s to ensure there are errors that could be causing the connection to be reset during the SSL handshake.
Error 526: invalid SSL certificate
Error 526 occurs when these two conditions are true:
- Cloudflare cannot validate the SSL certificate at your origin web server, and
- Full SSL (Strict) SSL is set in the Overview tab of your Cloudflare SSL/TLS app.
Resolution
{{
}}
For a potential quick fix, set SSL to Full instead of Full
(strict) in the Overview tab of your Cloudflare SSL/TLS app for
the domain.
{{}}
Request your server administrator or hosting provider to review the origin web server’s SSL certificates and verify that:
- Certificate is not expired
- Certificate is not revoked
- Certificate is signed by a Certificate Authority (not self-signed)
- The requested or target domain name and hostname are in the certificate’s Common Name or Subject Alternative Name
- Your origin web server accepts connections over port SSL port 443
- Temporarily pause Cloudflare and visit https://www.sslshopper.com/ssl-checker.html#hostname=www.example.com (replace www.example.com with your hostname and domain) to verify no issues exists with the origin SSL certificate:
If the origin server uses a self-signed certificate, configure the domain to use Full SSL instead of Full SSL (Strict). Refer to recommended SSL settings for your origin.
527 Error: Railgun Listener to origin error
{{}}
A 527 error indicates an interrupted connection between Cloudflare and your origin’s Railgun server (rg-listener). Common causes include:
- Firewall interference
- Network incidents or packet loss between the Railgun server and Cloudflare
{{
}}
For additional details to aid troubleshooting, increase Railgun
logging.
{{}}
Common causes of 527 errors include:
- Connection timeouts
- LAN timeout exceeded
- Connection refusals
- TLS/SSL related errors
If contacting Cloudflare support, provide the following information from the Railgun Listener:
- The full content of the railgun.conf file
- The full content of the railgun-nat.conf file
- Railgun log files that detail the observed errors
Connection timeouts
The following Railgun log errors indicate a connection failure between the Railgun Listener and your origin web server:
connection failed 0.0.0.0:443/example.com: dial tcp 0.0.0.0:443: i/o timeout
no response from origin (timeout) 0.0.0.0:80/example.com
Resolution
Contact your hosting provider for assistance to test for connectivity issues between your origin web server and your Railgun Listener. For example, a netcat command tests connectivity when run from the Railgun Listener to the origin web server’s SERVERIP and PORT (80 for HTTP or 443 for HTTPS):
LAN timeout exceeded
The following Railgun Listener log error is generated if the origin web server does not send an HTTP response to the Railgun Listener within the 30 second default timeout:
connection failed 0.0.0.0:443/example.com: dial tcp 0.0.0.0:443: i/o timeout
The time is adjusted by the lan.timeout parameter of the railgun.conf file.
Resolution
Either increase the lan.timeout limit in railgun.conf, or review the web server configuration. Contact your hosting provider to confirm if the origin web server is overloaded.
Connection refusals
The following errors appear in the Railgun logs when requests from the Railgun Listener are refused:
Error getting page: dial tcp 0.0.0.0:80:connection refused
Resolution
Allow the IP of your Railgun Listener at your origin web server’s firewall.
TLS/SSL related errors
The following errors appear in the Railgun logs if TLS connections fail:
connection failed 0.0.0.0:443/example.com: remote error: handshake failure
connection failed 0.0.0.0:443/example.com: dial tcp 0.0.0.0:443:connection refused
connection failed 127.0.0.1:443/www.example.com: x509: certificate is valid for
example.com, not www.example.com
Resolution
If TLS/SSL errors occur, check the following on the origin web server and ensure that:
- Port 443 is open
- An SSL certificate is presented by the origin web server
- the SAN or Common Name of the origin web server’s SSL certificate contains the requested or target hostname
- SSL is set to Full or Full (Strict) in the Overview tab of the Cloudflare SSL/TLS app
{{
}}
If your origin web server SSL certificate is self-signed, set
validate.cert=0 in
railgun.conf.
{{}}
Error 530
HTTP error 530 is returned with an accompanying 1XXX error displayed. Search for the specific 1XXX error within the Cloudflare Help Center for troubleshooting information.
Related resources
- Gathering information to troubleshoot site issues
- Contacting Cloudflare Support
- Customizing Cloudflare error pages
- MTR/Traceroute Diagnosis and Usage
- Cloudflare Community Tips
Myself and my users are often running into a Cloudflare Bad Gateway 502 error. Trying to figure out what goes wrong is hard, because Cloudflare blames the hosting company and the hosting company blames Cloudflare. A typical situation when using Cloudflare.
What I noticed is that nothing actually fails. The host receives the request and is handling the request just fine but which sometimes takes a bit longer than usual to complete. But Cloudflare can’t wait and instead throws a Bad Gateway error, while the script is actually still running.
I’ve noticed this behavior when performing heavy back-end tasks (like generating +50 PDFs). My users notice this when they try to upload an image (which often starts a re-sizing task).
Is there a way I can configure my server so that Cloudflare knows that the request is still being processed? Or should I just ditch Cloudflare overall?
A 502 Bad Gateway error occurs when Cloudflare is unable to contact the origin web server.
As a part of our Server Management Services, our Support Engineers help webmasters to fix Cloudflare-related errors regularly.
Let us today discuss the possible reasons and fixes for this error.
What causes Cloudflare 502 error
Cloudflare returns an HTTP 502 or 504 error when the origin web server responds with a standard HTTP 502 bad gateway or 504 gateway timeout error.
To list out, some of the common reasons for this error include:
- Excessive server load
- Firewall restrictions
Let us now look at some possible steps that our Support Engineers follow to resolve this error.
How to fix Cloudflare 502 error
The exact steps to be followed to resolve the 502 error depend on the particular reason that triggered it.Some of those include:
1.Investigate excessive server load
The first step that our Support Engineers follow when they receive the 502 error is to investigate the server load. As this error generally triggers due to excessive server loads, crashes, or network failures, they cross-check these parameters initially.
We already have some articles discussing how to troubleshoot server load here.
We often see that the underlying cause for 502 errors can be service failures for web server, mysql server etc.
Also, we largely see 502 errors when the Web server in failed status. A simple restart of the httpd service will make the websites working again. To avoid recurrence, our Support Specialists go way further and fixes the real reason for web server failure.
2. Firewall restrictions
Most Web Hosting servers have built-in firewall to block traffic from bad networks. Additionally, some servers implement Country-based firewall blocks as well. That is, websites will be served only to users from selected countries.
In such cases, a user accessing the website from a blocked network will see 502 errors.
Here, our Support Engineers modify the server firewall in a way that does not create a security risk for the server.
Nowadays, many website owners rely on third-party content delivery networks for faster loading of images, videos etc. on the websites.
So this firewall modification also needs to accommodate these third-party content delivery networks as well.
Conclusion
The Cloudflare 502 error triggers when the origin web server responds with a standard HTTP 502 bad gateway or 504 gateway timeout error. This happens due to firewall restrictions and server resource issues. Today, we saw how our Support Engineers fix them.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
SEE SERVER ADMIN PLANS
var google_conversion_label = «owonCMyG5nEQ0aD71QM»;
Загружая страницу, браузер отправляет кучу запросов другим серверам. Они обрабатывают все запросы, затем возвращают код ответа HTTP с определенным результатом. Если в процессе этого возникнет какой-то сбой, на экране браузера отобразится ошибка. И одна из таких ошибок – 502 Bad Gateway. Я расскажу, что она означает, по каким причинам выходит, а еще опишу способы ее устранения.
Что означает ошибка 502 Bad Gateway
Ошибки, принадлежащие серии 5xx, означают появление проблем на стороне сервера. Если взять конкретно ошибку 502 Bad Gateway, то ее появление будет означать получение неправильного ответа сервера. «Виновниками» в такой ситуации обычно являются прокси, DNS или хостинг-серверы.
Комьюнити теперь в Телеграм
Подпишитесь и будьте в курсе последних IT-новостей
Подписаться
Что делать, если вы пользователь
Ошибка 502 Bad Gateway может появиться на любом сайте. Пользователю для начала следует проверить, не является ли причиной проблемы какие-то неполадки с его стороны. Сделать это можно указанными ниже способами.
Перезагрузить страницу
Возможно, на момент загрузки число запросов на сайт превышает определенный лимит, устанавливаемый владельцем сайта. Если это действительно так, тогда простая перезагрузка страницы вполне будет уместна. Я рекомендую обновить страницу как минимум три раза в течение 2-3 минут и только потом приступать к следующим способам.
Проверить подключение к интернету
Стоит проверить работу модема и попробовать загрузить другие страницы. Убедитесь, что подключение к интернету стабильное. Еще вариант – перезапустить маршрутизатор и попробовать снова загрузить проблемный сайт.
Очистить кэш и cookies
Нередко причиной появления данной ошибки могут быть неверно загруженные cookies и кэш. В таких случаях необходимо просто очистить данные в настройках интернет-обозревателя.
Для любого браузера актуально – зайти в историю просмотров и найти ссылку «Очистить историю». В новом окне отметить пункты с кэшем и cookies, затем подтвердить действие. Как только данные будут удалены, надо вновь попробовать загрузить страницу. Не помогло? Идем дальше!
Очистить кэш DNS
Допустимо, что в кэше установлено неправильное значение IP-адреса. Для таких случаев можно использовать сброс DNS кэша. В ОС Windows необходимо открыть инструмент «Командная строка» (вводим в поисковую строку название программы и выбираем запуск от имени администратора).
Далее следует ввести вот такую команду и активировать ее нажатием на клавишу Enter:
ipconfig /flushdns
Нужно подождать некоторое время, пока операция не завершится. Как только действие будет завершено, на экране выйдет подтверждение, что кэш был очищен.
Для Linux действие примерно схоже, но команда выглядит иначе. Открываю утилиту «Терминал» и ввожу в поле вот такой запрос:
Для Ubuntu:
sudo service network-manager restart
Для других дистрибутивов:
sudo /etc/init.d/nscd restart
Попробовать зайти с другого браузера
Проблема 502 Bad Gateway может быть актуальна и для конкретного браузера. Если у вас на компьютере есть другой интернет-обозреватель, попробуйте открыть сайт через него.
Отключить плагины и расширения
На загрузку некоторых страниц могут влиять установленные в браузер плагины и расширения. Особенно это касается VPN-сервисов и блокировщиков рекламы. Попробуйте поочередно отключать их и перезапускать страницу. Не исключено, что виновник будет найден.
Зайти на страницу позже
Когда ничего из вышеперечисленного не помогло, значит, проблема все же кроется на стороне сервера. Вам остается только подождать некоторое время, пока разработчики не устранят ошибку на сайте. Вы также можете написать владельцу и сообщить о проблеме.
Читайте также
Что делать, если вы администратор сайта
Обычно такие проблемы самостоятельно решать не рекомендуется. Лучше сразу же обратиться в службу технической поддержки и описать проблему. Но есть пара действий, которые все же могут помочь определить источник проблемы.
Проверка журнала ошибок
Актуально в случаях, при которых ошибка 502 Bad Gateway появляется после внесения изменений или обновления. Определить это очень просто, нужно лишь проверить журнал ошибок. В CMS WordPress можно включить запись возникающих ошибок, добавив в файл wp-config.php вот такие строки:
define( 'WP_DEBUG', true ); define( 'WP_DEBUG_LOG', true ); define( 'WP_DEBUG_DISPLAY', false );
После этого все записи начнут отображаться в файле debug.log. Храниться он будет в директории wp-content. Понадобится некоторое время, чтобы причины ошибок были записаны. Потом можно тщательно изучить записи и уже на основе их предпринимать конкретные изменения.
Проверка плагинов
Следует проверить, не влияют ли какие-либо плагины на работу сайта. Для этого можно поочередно отключать их, просто переименовывая папку интересующего плагина. Для этого надо выделить папку, затем нажать на меню «Файл» и в нем выбрать пункт «Переименовать».
Проверка сети CDN
Сети CDN и службы предотвращения DoS тоже могут влиять на работу сайта. Обычно виновник проблемы указывается на странице с кодом ошибки. Например, если под кодом 502 Bad Gateway есть строка cloudflare-nginx, значит, для исправления ошибки надо обратиться в службу поддержки CloudFlare. Можно отключить данный сервис, но потом придется долго ждать обновления DNS (это может занять несколько часов).
Ошибка 502 на виртуальном хостинге VPS/VDS
Ошибка 502 Bad Gateway возникает из-за превышения лимита трафика пользователей, «шалостей» бота, скачивания сайта или даже DoS‑атаки. Решение данной проблемы кроется в ограничениях памяти.
Запустить команду top
Данный запрос в терминале поможет установить наличие свободной памяти. Этим же способом можно проверить, работает ли Apache.
Посмотреть логи Apache и nginx
Обычно в этих логах отображается активность пользователей. Если есть что-то подозрительное, можно предпринять действия. К примеру, забанить определенные IP-адреса, настроить Fail2ban или подключить систему защиты от DoS-атак.
Если после этого количество запросов к серверу снизилось, необходимо перезапустить Apache.
Увеличить объем памяти
Бывает, что с логами все нормально, но памяти на обработку запросов все равно не хватает. Узнать об этом просто – при проверке командой top будет выдана ошибка OOM (out of memory). В таких случаях можно просто увеличить ее объем. Можно просто заказать другой тариф, в котором количество предоставляемой памяти больше. Подробнее об этом.
Проверить лимиты на php-cgi процессы
Если после проверки командой top показано, что свободной памяти еще достаточно, значит, на php-cgi процессы установлены лимиты. Для решения надо открыть конфигурационный файл Apache – httpd.conf, найти секцию модуля FastCGI (mod_fascgi или mod_fastcgid) и увеличить лимит.
Обратиться к службе технической поддержки
Если вышеперечисленные способы исправления ошибки 502 на виртуальном сервере не помогут, придется обращаться в техподдержку хостинга. При этом обязательно надо упомянуть, что вы уже предприняли и как проводили все действия.
— Posted on July 21, 2021 —
The 502 Bad Gateway blunder is quite possibly the most well-known mistakes that a WordPress site may run into during its lifetime. 502 blunder happens when the worker neglects to send reactions to a customer’s solicitation, making the site inaccessible. The reasons can be various, from minor program related issues to issues with CDNs.
This article will go over the investigating steps to follow when 502 Bad Gateway mistake happens, both for the worker and customer side. We will likewise investigate the various components that may cause the mistake, alongside the effect they can have on your site’s SEO.
What Does Cloudflare 502 Error Mean?
Bowsers and workers interface with one another utilizing HTTP (HyperText Transfer Protocol) status codes. At whatever point you access a URL, the program sends a HTTP solicitation to the webserver of the webpage you’re getting to. The worker then, at that point returns a status code alongside the assets you requested. HTTP status codes are assembled into five worker reactions:
- 1xx – informational
- 2xx – success
- 3xx – redirection
- 4xx – client error
- 5xx – server error
HTTP status codes beginning with the digit “5” identify with blunders that happen when there’s an organization mistake or correspondence issue between web workers. A 502 Bad Gateway mistake happens when a worker going about as a door or intermediary gets an invalid reaction from the beginning worker.
Other 5xx status codes or worker blunders incorporate the 500 Internal Server Error, 501 Not Implemented, 503 Service Unavailable, and 504 Gateway Timeout. However the specific purposes behind every blunder fluctuate, much of the time, the reason exists in the worker.
What Cause Cloudflare 502 Error?
Considering that we are a WordPress support company reacting to the world’s most pressing WordPress issues with rapid resolve, we have fixed this exact error on thousands of websites since 2009. The most common cause of this Cloudflare 502 error and the Gateway timing out when certain processes are trying to execute on your WordPress website is inside of your administrative area.
The good news is that the steps you need to take to fix this are so easy to do.
1. Login to your Cloudflare account.
2. Select the website you are having an issue with.
3. Click on the “Rules” icon
4. Click on the “Create Page Rule” button
5. For URL enter “your_domain/wp-admin*”
The URL that you use in this rule will be set for all admin area URLs.
Select the following rules below for this URL:
- Security Level = High
- Cache Level = Bypass
- Disable Apps
- Disable Performance
- Click SAVE
Cloudflare 502 Error Conclusion
That is all you need to do in order to stop the Cloudflare 502 error on your WordPress website. If you get stuck or this did not work for you, feel free to comment below and we will give you some extra advise.