Error 521: Web server is down – Cloudflare Support

Cloudflare support

  1. Cloudflare Support
  2. Troubleshooting
  3. Error Pages

> Error 521: Web server is down

When you visit a website using Cloudflare, you may receive an error 521. This error occurs because the origin web server refused the connection from Cloudflare.

A five hundred twenty one error occurs because the origin web server refused the connection from Cloudflare. This means we attempted to connect to your origin on port eighty or four hundred forty three but received a ‘connection refused’ error.

This commonly happens under two conditions:

  • The origin web server process (e.g. Apache or Nginx) isn’t running, or has crashed. You should check that your web server is running normally. You may also wish to check your server’s error logs to see what caused this. If you are not sure how to do this, or don’t have access to your logs, your host should be able to advise you.
  • Something on the web server or hosting provider’s network is blocking Cloudflare’s requests. Since Cloudflare acts as a switch sides proxy, all connections to your server come from a Cloudflare IP. Since the same amount of traffic now comes from a smaller number of IPs, server-side security solutions can mistake the increase in connections from this smaller set of IPs as an attack, when they are legitimate. This leads to some of our IPs being blocked or rate-limited.

It’s a good idea to ensure that all of our IP ranges are whitelisted in your server’s firewall or any security software that you might be running. Our IP ranges can be found here:

Advanced users: How to test against your server

You can test whether your origin is responding by using the ‘curl’ guideline (accessible via Terminal on Mac OSX or Linux). curl permits you to simulate a HTTP request, so is a good device for checking that your origin server is working decently.

You should run a curl against your server IP (i.e. the A record or CNAME for your domain, as seen in the Cloudflare DNS page).

curl http://1.Two.Three.Four -v

If this is working, you should expect to see a “HTTP 200” response and the HTML of your website. A failed curl will look like this:

curl: (7) Failed to connect to 1.Two.Trio.Four port 80: Connection refused

Windows users can also test to see if they are able to make a connection using telnet (via the Instruction Prompt). The directive you’d run would look something like this:

You should switch 1.Two.Three.Four to be the origin IP of your server. If you get an error, such as “Unable to connect to remote host: Connection refused” this means your web server isn’t running, or is blocking requests.

A failed telnet (with a refused connection) would look like this:

telnet: connect to address 1.Two.Trio.Four: Connection refused

telnet: Incapable to connect to remote host

The Cloudflare team is here to help. 95% of questions can be answered using the search contraption, but if you can’t find what you need, submit a support request.

Error 521: Web server is down – Cloudflare Support

Cloudflare support

  1. Cloudflare Support
  2. Troubleshooting
  3. Error Pages

> Error 521: Web server is down

When you visit a website using Cloudflare, you may receive an error 521. This error occurs because the origin web server refused the connection from Cloudflare.

A five hundred twenty one error occurs because the origin web server refused the connection from Cloudflare. This means we attempted to connect to your origin on port eighty or four hundred forty three but received a ‘connection refused’ error.

This commonly happens under two conditions:

  • The origin web server process (e.g. Apache or Nginx) isn’t running, or has crashed. You should check that your web server is running normally. You may also wish to check your server’s error logs to see what caused this. If you are not sure how to do this, or don’t have access to your logs, your host should be able to advise you.
  • Something on the web server or hosting provider’s network is blocking Cloudflare’s requests. Since Cloudflare acts as a switch roles proxy, all connections to your server come from a Cloudflare IP. Since the same amount of traffic now comes from a smaller number of IPs, server-side security solutions can mistake the increase in connections from this smaller set of IPs as an attack, when they are legitimate. This leads to some of our IPs being blocked or rate-limited.

It’s a good idea to ensure that all of our IP ranges are whitelisted in your server’s firewall or any security software that you might be running. Our IP ranges can be found here:

Advanced users: How to test against your server

You can test whether your origin is responding by using the ‘curl’ guideline (accessible via Terminal on Mac OSX or Linux). curl permits you to simulate a HTTP request, so is a good implement for checking that your origin server is working decently.

You should run a curl against your server IP (i.e. the A record or CNAME for your domain, as seen in the Cloudflare DNS page).

curl http://1.Two.Trio.Four -v

If this is working, you should expect to see a “HTTP 200” response and the HTML of your website. A failed curl will look like this:

curl: (7) Failed to connect to 1.Two.Trio.Four port 80: Connection refused

Windows users can also test to see if they are able to make a connection using telnet (via the Guideline Prompt). The guideline you’d run would look something like this:

You should switch 1.Two.Three.Four to be the origin IP of your server. If you get an error, such as “Unable to connect to remote host: Connection refused” this means your web server isn’t running, or is blocking requests.

A failed telnet (with a refused connection) would look like this:

telnet: connect to address 1.Two.Three.Four: Connection refused

telnet: Incapable to connect to remote host

The Cloudflare team is here to help. 95% of questions can be answered using the search contraption, but if you can’t find what you need, submit a support request.

Related video:

Leave a Reply

Your email address will not be published. Required fields are marked *

*