When you visit a website using CloudFlare, you may receive an error 521. This error occurs because the origin web server refused the connection from CloudFlare.
Are you a website visitor?
If you are visiting a website and experience this error, please contact the website owner or webmaster.
Are you the website owner?
There are two main reasons why this would occur. In both cases, work with your hosting provider to help resolve the issue.
- The origin web server is offline or unavailable.
- Something on the web server or hosting provider's network is blocking CloudFlare's requests. Since CloudFlare acts as a reverse proxy, all connections to your server come from a CloudFlare IP. Since the same amount of traffic now comes from a smaller number of IPs, server-side security solutions can mistake the increase in connections from this smaller set of IPs as an attack, when they are legitimate.
Once you have identified what is blocking CloudFlare's requests, the issue will be resolved. Here are the four common places to look:
- Make sure that you're not blocking CloudFlare IPs in .htaccess, iptables , or your firewall.
- Make sure your hosting provider isn't rate limiting or blocking IP requests from
the CloudFlare IPs and ask them to whitelist the IP addresses found here: https://www.cloudflare.com/ips
- Make sure that you're operating off of the most recent versions of Bad Behavior or mod_security. You want to ensure that mod_security's core rules aren't blocking CloudFlare requests.
- If you are running custom Apache modules, such as mod_antiloris and mod_reqtimeout, disable and unload the modules. These modules will block any time an IP that connects more than 22 times. Since all connections are now coming from a CloudFlare IP, you will definitely hit the limit causing the error page. As soon as you unload the module, the issue will disappear.