When you are using Cloudflare for website acceleration or protection, if you visit a page and suddenly get a Error 521(Web server is down), that means there is something wrong with the connection between Cloudflare and the source. In other words, the CDN is working, but the source server is not responding, or it's just rejecting the connection. Cloudflare of the request.
This error is not necessarily a result of server downtime, but can be caused by configuration issues, firewall blocking, improper SSL settings, etc. Here's how to avoid Error 521 on your website.
![Image [1]-Resolving Error 521 Status Code: Ways to Avoid Cloudflare's Failure to Connect to the Source Site](https://www.361sale.com/wp-content/uploads/2025/05/20250522113151894-image.png)
1. Ensure that the source server is online and the port is normal
Cloudflare is essentially a reverse proxy that forwards traffic to your source server. If the source is down, or the web service isn't turned on, it won't be able to connect.
The idea of the check is as follows:
- Make sure the server is running (e.g. Apache or Nginx isn't crashing)
- Check that the server is listening on port 80 or 443, and that it is open.
![Image [2]-Resolving Error 521 Status Code: Ways to Avoid Cloudflare's Failure to Connect to the Source Site](https://www.361sale.com/wp-content/uploads/2025/05/20250522135025560-image.png)
- utilization
curlOr visit the source IP directly in your browser to see if the page is returned properly.
If the page opens locally and Cloudflare reports 521, it is possible that the firewall or the CDN Question.
![Image [3]-Resolving Error 521 Status Code: Ways to Avoid Cloudflare's Failure to Connect to the Source Site](https://www.361sale.com/wp-content/uploads/2025/05/20250522113054290-image.png)
2. IP segments for whitelisting Cloudflare
Many servers have firewalls (e.g. iptables, firewalld, CSF, etc.) turned on by default, which may misinterpret a request from Cloudflare as an attack and block its IP.
Cloudflare has its own IP address segments, which are publicly available on the official documentation. It is recommended to add these IPs to the server's firewall whitelist.
![Image [4]-Resolving Error 521 Status Code: Ways to Avoid Cloudflare's Failure to Connect to the Source Site](https://www.361sale.com/wp-content/uploads/2025/05/20250522114104338-image.png)
Example of operation (Ubuntu as an example):
sudo ufw allow from 173.245.48.0/20
sudo ufw allow from 103.21.244.0/22
...
Make sure the server does not block Cloudflare traffic.
3. Check for SSL mode match
Cloudflare offers three SSL modes: Flexible, Full, and Full (Strict). If you turn on Full mode and the source site does not have SSL configured, then the HTTPS The handshake will fail, and the final report will be 521.
It is recommended to set it up this way:
- No SSL certificate for the source site → Use Flexible
- The source has a self-signed certificate → use Full
- The source has a valid certificate (e.g. Let's Encrypt) → use Full (Strict)
Don't blindly use Full (Strict), make sure the server side SSL is really configured first.
![Image [5]-Resolving Error 521 Status Code: Ways to Avoid Cloudflare's Failure to Connect to the Source Site](https://www.361sale.com/wp-content/uploads/2025/05/20250522135427416-image.png)
4. Whether server resources are overloaded
Sometimes the server itself is not down, but it is stuck. For example, CPU 100%, memory burst, resulting in the Web service can not respond to Cloudflare requests in a timely manner. This situation may also trigger 521.
![Image [6]-Resolving Error 521 Status Code: Ways to Avoid Cloudflare's Failure to Connect to the Source Site](https://www.361sale.com/wp-content/uploads/2025/05/20250523190512629-image.png)
Regular monitoring of server resources is recommended:
- Install top, htop or use a monitoring service to see the load
- Setting up the Server Auto-Restart Web Service Script
- For high-traffic sites, plus(computing) cacheThe speed limit or upgraded configurations
5. Check that Cloudflare is set up correctly
Sometimes the DNS settings are wrong, which can also cause connection failure. Go to the Cloudflare panel and check:
- A Does the record point to the correct server IP
- Whether the proxy is enabled (orange cloud icon status)
- Are you using Workers, Page Rules, etc. that cause jump errors?
If you are using a third-party host, make sure that the IP has not changed, as some web hosts reset the IP after migration, resulting in DNS pointers being invalidated.
6. Check the source station logs to identify problems
The most direct way to do this is to look at the server'sAccess logand error logs, generally located:
- Apache:
/var/log/apache2/error.log - Nginx:
/var/log/nginx/error.log
Look for 403s, timeouts, TLS handshake fails, etc. in conjunction with Cloudflare error reporting times.
If you find that Cloudflare's requests are being denied or blocked, you can work your way down the list.
summarize
Error 521 is a typical error when Cloudflare cannot connect to the source server, and the troubleshooting focuses on whether or not the source is online,firewallsThere is no interception, SSL settings match, and DNS is correct. As long as the source site is stable, the network is smooth, and the configuration is reasonable, you can greatly reduce the chances of 521.
Link to this article:https://www.361sale.com/en/55674The article is copyrighted and must be reproduced with attribution.
![Emoji[wozuimei]-Photonflux.com | Professional WordPress repair service, worldwide, rapid response](https://www.361sale.com/wp-content/themes/zibll/img/smilies/wozuimei.gif)
![Emoticon[baoquan] - Photon Wave Network | Professional WordPress Repair Services, Worldwide Coverage, Rapid Response](https://www.361sale.com/wp-content/themes/zibll/img/smilies/baoquan.gif)
简体中文 
English 
日本語 
Français 
Español 
No comments