Resolving Error 521: Checking Server Protection and Timeout Settings

If your site is plugged into Cloudflare and then from time to time "Error 521 - Web Server Is Down" pops up, it means that Cloudflare Can't connect to your source server. This error looks like a server downtime, but is more often a configuration issue.

In this article, we will talk about why Error 521 occurs repeatedly, and what protection settings and timeout settings may be the "culprit" behind it.

What is Error 521?

Error 521 is a status code returned by Cloudflare that means "I'm fine, but your server is not responding". There are several possible causes for this:

Cloudflare is working.
The source server did not respond to the request
The firewall's blocking Cloudflare.
Server resource exhaustion or processing timeout

So it's not Cloudflare that's the problem, it's the source site that's "shutting it down".

Common guard setup issues that cause 521 errors

firewallsIntercepted Cloudflare requests

Many servers have firewalls, such as iptables, CSF, UFW, etc. These tools will treat Cloudflare as a "suspicious request" if it is not whitelisted.

The solution: go to the official Cloudflare page, get the full list of IPs, and add them to your server firewall whitelist. Log into your server terminal (SSH)

Enter the following command to add a Cloudflare IP whitelist (partial example):

sudo ufw allow from 173.245.48.0/20
sudo ufw allow from 103.21.244.0/22
sudo ufw allow from 103.22.200.0/22
sudo ufw allow from 103.31.4.0/22

Repeat the above command until all Cloudflare IP segments have been added.
Final execution:

sudo ufw reload

Once that's done, visit your site again via Cloudflare and see if Error 521 still appears.
All IP segments are available officially from Cloudflare.

For example, using UFW on Ubuntu:

sudo ufw allow from 173.245.48.0/20
sudo ufw allow from 103.21.244.0/22

You will need to add all of Cloudflare's network segments to ensure that access works.

Web Application Firewall (WAF) Misclassification

If servers have protection systems such as Imunify360, ModSecurity, BitNinja, etc. enabled, they may misidentify Cloudflare's requests as attacks and block them due to the frequency of requests, Header format, or IP behavior.

It is recommended to review blocking logs, whitelist Cloudflare's IP and UA, and reduce protection sensitivity if necessary.

Checking timeout settings for PHP, Nginx and Apache

A server response timeout can also cause Cloudflare to report 521. you can adjust the settings by:

PHP setting (recommended max_execution_time is not less than 300)

Open the php.ini file (path varies by server):

sudo nano /etc/php/8.1/fpm/php.ini

Find the following parameters and adjust them:

max_execution_time = 300
memory_limit = 512M

Save and exit (Ctrl+O, Enter, Ctrl+X)
Restart PHP:

sudo systemctl restart php8.1-fpm

Nginx sets a timeout

Edit the nginx configuration file:

sudo nano /etc/nginx/nginx.conf

Add in the http block:

proxy_read_timeout 300;
fastcgi_read_timeout 300.

Save and execute:

sudo nginx -t # Check that the configuration is correct
sudo systemctl reload nginx

Apache setup timeout (if Apache is used)

Edit the configuration file:

sudo nano /etc/apache2/apache2.conf

Add or modify:

Timeout 300
ProxyTimeout 300

Save and reboot:

sudo systemctl restart apache2

MySQL Database optimization recommendations

If your database processing is slow and loaded, it can also slow down the overall site response.

Recommended Action:

Install the mysqltuner utility:

sudo apt install mysqltuner
sudo mysqltuner

Optimize according to the tips:
- Reducing unnecessary queries
- Adding missing indexes
- Increase cache parameters (e.g. query_cache_size)
View the slow query log:

sudo nano /etc/mysql/my.cnf

Make sure the following is enabled:

slow_query_log = 1
slow_query_log_file = /var/log/mysql/mysql-slow.log
long_query_time = 2

reopencomprehensive databaseAfter that, check the logs to analyze the bottleneck.

Each of the above operations is actually possible to do in the server terminal. If your server uses panels (e.g. cPanel, Pagoda), you can also find the appropriate settings entry in the GUI and adjust them manually.

Inadequate stress tolerance at source stations

Lightweight servers or resource-constrained VPS may run out of resources during peak access times, causing the service to hang. In this case Cloudflare will naturally not be able to connect to the source site.

It is recommended to use a caching plugin (e.g. WP Rocket(LiteSpeed Cache), turn on the Cloudflare Cache, reduce the burden on backend plugins, or just upgrade the host configuration.

Cloudflare-side optimization recommendations

While the error reporting is a source site issue, Cloudflare can also provide mitigation:

Enable "Cache all content" rule
Setting a long TTL for static pages
Use "edge caching" for infrequently changing pages

This effectively reduces the pressure of Cloudflare's requests to the source, giving the server a breather.

summarize

Error 521 occurs frequently, often because the source site is not configured properly. Most of the problems can be solved by troubleshooting from firewall, WAF, timeout settings and server load. If you really don't want to change too much, you can also optimize caching and static resource acceleration, so that Cloudflare can process more content, and the source site will be less likely to disconnect. This way your site runs more stably.

Contact Us
Can't read the tutorial? Contact us for a free answer! Free help for personal, small business sites!	Customer Service
① Tel: 020-2206-9892
② QQ咨询：1025174874
(iii) E-mail: info@361sale.com
④ Working hours: Monday to Friday, 9:30-18:30, holidays off