Difference between Error 521 and 522 and Troubleshooting Guide

Many webmasters using Cloudflare have encountered similar prompts when accessing their websites:Error 521 Both apparently mean that the site "won't open", but they have very different root causes. If you can't figure out which error it is, it's easy to misdiagnose the source of the problem and spend a lot of time getting nowhere.

What is Error 521?

Error 521, displaying the message "Web Server Is Down", meaning that Cloudflare has successfully connected to your server's IP address, but the connection request was denied.

This often happens in the following situations:

• Nginx,ApacheWeb services, such as LiteSpeed, are not running or are crashing
• Firewalls (e.g. UFW, iptables) blocking requests from Cloudflare
• The server only opens access to certain IPs, excluding Cloudflare IPs
• Wrong access control rule set in .htaccess or nginx configuration

Example: Suppose your server is running and Nginx shuts down unexpectedly.Cloudflare When you send a request and find that there is no one to receive it, then Error 521 is returned.

What is Origin Timeout (Error 522)?

Error 522, with the message "Connection Timed Out", indicates that Cloudflare initiated a connection request to the source, but the connection establishment process is stuck. It's like when you make a phone call and the other party's cell phone rings for a long time but no one answers and eventually hangs up.

Common causes of this error include:

• The source server itself is not responding or the response time is too long
• Network bandwidth is full or latency is too high
• Host does not have HTTP (80) or HTTPS (443) ports open
• firewallsRestricted TCP connections
• Exhaustion of server resources, e.g. too many concurrent connections at the same time

By its very nature.522 benetwork connectivity layerSomething went wrong, and the 521 beservice process layerof the problem.

Summary of the difference between the two errors

From a technical point of view, there is a clear difference between the two errors:

Type of error	essential question	Can Cloudflare connect to the server?	Usual causes
521	Server refuses to connect	IP connectivity, but denied	Web services not enabled, firewall blocking
522	Connection timeout	I can't connect to the server.	Unstable network, ports not open

In a nutshell: 521 is "out of service" and 522 is "out of line".

Quickly determine what kind of error it is: detailed troubleshooting steps

To avoid misjudgment, here is a step-by-step process for troubleshooting:

Step 1: Check the error message number

Open your browser and visit the website to observe Cloudflare reporting errorsPage:

• If "Error 521: Web Server Is Down" is prompted, focus on checking the Web Service Status
• If "Error 522: Connection Timed Out" is prompted, focus on checking theNetwork connections and ports

This step is a key starting point for recognizing direction.

Step 2: Test IP reachability with the ping command

Open a local terminal or command line window and execute the following command:

ping yourdomain.com

• If you can ping it, it means the IP is working.

• If the ping is not working, it is possible that the host is blocking the ping, or the line may be really down.

However, ping can only indicate that the IP is responding, it cannot determine whether the service is accessible or not, further testing is required.

Step 3: Check port connectivity

Test the web service port (commonly 80 or 443) with curl or telnet:telnet yourdomain.com 443

Or:curl -I https://yourdomain.com

• If telnet fails to connect, the port is blocked or the service is not running (favors 522)

• If curl is stuck and does not return, the web service is probably not responding (bias 521)

Step 4: Login to the server to check the service status

expense or outlay SSH Log in to your server and see if Nginx or Apache is running:systemctl status nginx

Or:ps aux | grep nginx

If you find that the service is not running, is killed, or fails to restart, then you can basically confirm that it is a 521.

Step 5: Check server firewall or security settings

Run the following command to view the firewall rules:sudo ufw status

Or:sudo iptables -L

Ensure that all IP segments of Cloudflare are not blocked. a list of Cloudflare's IP addresses can be found in its official documentation and it is recommended to whitelist them.

Step 6: Check for Configuration Conflicts

Certain configuration files such as .htaccess,nginx.conf There may be access restrictions for User-Agent and IP. We recommend checking the following items:

• Does it limit the CDN Forwarded Header Requests
• Is deny all or allow from specific IPs set?
• is or isn't Web applicationsFirewall (e.g. ModSecurity) misclassification behavior

How to prevent this type of mistake from happening again?

The following measures are recommended to reduce the frequency of Errors 521 and 522:

• Regularly check the status of Web services and configure an automatic restart mechanism.
• Track site anomalies with monitoring tools such as UptimeRobot
• Configure Cloudflare IP whitelisting to avoid being misidentified as a malicious source by the server
• Ensure that the server has ports 80 and 443 open and is not blocked by a firewall.
• Optimize the concurrent connection capacity of the server, and reasonably configure the connection limit of Nginx or Apache.
• Boost resilience during peak times with Cloudflare Argo, load balancing, or alternate sources

wrap-up

Error 521 and 522 may seem like a difference in numbers, but the technical aspects involved are completely different. One is related to service startup and the other is related to network connectivity. The above methods can quickly distinguish and troubleshoot in place to improve the efficiency of the problem.

Contact Us
Can't read the tutorial? Contact us for a free answer! Free help for personal, small business sites!	Customer Service
① Tel: 020-2206-9892
② QQ咨询：1025174874
(iii) E-mail: info@361sale.com
④ Working hours: Monday to Friday, 9:30-18:30, holidays off