521 Error Fix: An Overview – Beginner’s Guide 2024
When a web browser shows the message “Error 521: Web server is down,” it means that there are difficulties with the website in question on the server level of its construction. As a result of this, websites that incorporate Cloudflare are vulnerable to this issue, which is recurrent. This error occurs when Cloudflare makes a request to connect to an origin server and the request is denied. These features are the causes of error 521, as well as the ways to overcome it, will be described below. Besides, we will guide you through the process of fixing similar problems and, therefore, your website will not face more problems related to Cloudflare in the future. Ensure that you can reach the original now known web server before proceeding. In that case, you shall not be able to follow the steps in this tutorial which guide you on the steps to follow.
What Is the Cause of Error 521?
The Error 521 notice is usually triggered by one of two things: Your WordPress site’s server, for starters, could be down. Even if everything else is set up correctly, Cloudflare will be unable to connect if your WordPress site’s server is down. Second, your web server may be up and operating, but Cloudflare’s requests are being blocked for some reason. Some server-side security solutions may accidentally restrict Cloudflare’s IP addresses due to the way Cloudflare works. Because Cloudflare is a reverse proxy, all traffic to your origin server will appear to originate from a small number of Cloudflare IPs (rather than each visitor’s unique IP address). As a result, some security systems will consider excessive traffic from a small number of IP addresses to be an attack and will block them. Cloudflare will be unable to connect as a result, and will instead display the Error 521 message.
Error 521 Fix: What Is the Source of the Problem?
Cloudflare will throw an error 521 for one of two reasons. #1 Your server is unavailable. Cloudflare attempted to connect to your site’s server (the location where your website is located) but was unable to do so because the origin web server was unavailable. If your server is up and running, another possibility is that your firewall or other security software is interfering with Cloudflare requests. Because many server security solutions identify and ban Cloudflare IP addresses, this is a typical occurrence. Cloudflare is a reverse proxy service. Instead of all your visitors’ IP addresses going straight to your origin web server, they will appear to be coming from Cloudflare IPs. This disproportionate bandwidth and IP addresses will be flagged as an attack by many (poorly built) server security solutions. Now that we know a little more about error 521, let’s look at how to solve it.
The following are the two most common causes of 521 errors:
Origin web server programme that can be used offline
The most likely cause of Error 521 is that your domain’s hosting service is unavailable. If you’re utilising an Internet service provider, let them know about the problem. If you self-manage your hosting, whether through AWS, Google Cloud, Azure, or a slew of other self-hosting companies, the problem is yours to investigate. It’s possible that you’ll have to restart your instance.
Cloudflare queries have been blocked.
Cloudflare, Inc. is a US-based web infrastructure and website security company focusing in content delivery networks and DDoS mitigation. Cloudflare’s services act as a reverse proxy for websites, sitting between a visitor and the hosting provider for a Cloudflare customer. Their reputation as a website security business is built on offering superior security. Error 521 will appear if Cloudflare does not authorise your SSL (Secure Sockets Layer) certificate. SSL is a security protocol that establishes a secure connection between a web server and a browser.
What Causes the Error 521: Web Server Is Down?
After receiving a request from a web browser, Cloudflare, which provides a service known as a content delivery network (CDN), initiates a Transmission Control Protocol (TCP) connection with the server of a website. This helps to speed up the loading time of websites. When Cloudflare’s connection requests are rejected by the web server, the error 521 message will be displayed in the browser.
The following are some of the reasons why the origin web server does not send a connection error:
- Server configuration issues. When setting up this CDN, make sure the server is properly set up.
- Server blocking Cloudflare requests. Because this CDN operates as a reverse proxy, all connections to your server will be made through Cloudflare IPs. Large requests from a single IP address may be blocked by some server-side security measures.
- The web server is offline.Your website will be unresponsive to Cloudflare queries if your hosting provider goes down. This error can also occur if the original web server process, such as Apache or NGINX, has stopped working properly.
- Poor encryption settings. Cloudflare’s Secure Sockets Layer (SSL) certificate and encryption techniques are unique to the company. As a result of the encryption settings, the origin server may be blocking requests.
Checking the server’s error logs is one technique to figure out what’s generating the issue 521. If PHP error logging was previously enabled, look for the log in the home/[username]/.logs/error_log_[domain] file.
How to Fix the Error 521 in Easy Steps
Before beginning to work on resolving problem 521, verify that you have access to both the web server and the Cloudflare dashboard. In addition, make sure to clear the cache in your browser after you’ve finished so that you can see the changes.
Test the Connection to the Server
The “Error 521: Web server is down” warning will appear if your server’s firewall software blocks Cloudflare IP addresses. Make sure your hosting provider hasn’t set rate-limiting IP requests from Cloudflare’s IP ranges as another way to fix problem 521. Because our CDN operates as a reverse proxy, all connections to your server are made through Cloudflare’s IP address rather than your visitor’s. To test the URL’s connectivity and server, use the client Uniform Resource Locator (cURL) command. The cURL command is included by default in macOS, Linux, and Windows 10 or later.
Alternatively, to safelist Cloudflare IP ranges, test the connection to the server. It will bypass server-side security solutions that are preventing Cloudflare requests from being blocked. Check to see if your host provider’s IP filtering includes Cloudflare IP ranges. Use the.htaccess file in the File Manager for this method. Then, between the lines, add the code allow from and Cloudflare’s IP addresses:
#DO NOT REMOVE THIS LINE
The code will look like the following image:
Check Encryption Settings
Encryption modes provided by Cloudflare facilitate the connection between the CDN and the web origin server. If you are not utilising the appropriate encryption mode, you may receive the connection rejected error message. To implement this technique, navigate to the dashboard of your Cloudflare account and click the SSL/TLS button. This will correct the error 521.
The encryptions modes can be:
- Flexible. HTTP is used for all connections between Cloudflare and your origin. If you can’t get an SSL certificate for your domain, use our Flexible SSL.
- Full. Depending on the visitor’s request, Cloudflare connects to the origin server via HTTP or HTTPS. If you have an SSL certificate, select Full SSL mode.
- Strict. Visitors, like Full, can choose which protocol to utilise. This mode, on the other hand, has stricter criteria for origin certificates.
If you’re not sure what encryption mode you’re using, enable the SSL/TLS Recommender in the same settings.
What is Error 521 Web Server is Down?
The Error 521 message is a Cloudflare-specific error message, as you learned above. It basically implies that your web browser was able to connect to Cloudflare successfully, but Cloudflare was unable to connect to the origin web server, which is your WordPress site’s server.
Cloudflare attempted to connect to the server of your WordPress site but returned a connection rejected message. Because Cloudflare is unable to connect to your site, it is unable to display it to visitors and instead displays the following message: Error 521
Fix Error 521 for Cloudflare and WordPress
Test if the Origin Server is Online
Before you proceed any further, double-check that your WordPress site’s server is up and running. If it isn’t, there’s no need in going through the rest of the troubleshooting steps. You can use the cURL command to verify this. You can run this from Terminal if you’re on a Mac or Linux. While cURL is not installed by default on Windows, you can utilise KeyCDN’s online HTTP Header Check tool to check your HTTP headers. All you have to do is type in http://1.2.3.4, where 1.2.3.4 is your server’s IP address.
What is the location of your server’s IP address? You may also get it from the A record for your domain in the Cloudflare web dashboard’s DNS section. You should get an HTTP 200 response if your server is up and running. Alternatively, if you host, you’ll receive 404 Not Found, which likewise indicates that the web server is online (there is only no page linked to that IP):
An illustration of an effective link You’ll see something like Host Not Found or Failed to connect: if there’s an issue.
Whitelist all Cloudflare IP ranges in your server’s firewall
If your WordPress site’s server is up and running but you still get Error 521 while trying to access it, the next step is to whitelist all of Cloudflare’s IP ranges to ensure that your server isn’t blocking them. A complete list of Cloudflare’s IP ranges may be found here. Make sure these IP addresses aren’t being blocked in.htaccess, iptables, or your firewall. Additionally, you should confirm that your hosting company is not blocking or rate-limiting IP requests coming from Cloudflare’s IP addresses. If you’re not sure how to do this, contact your host’s customer service. These IP ranges should already be whitelisted at Kinsta.
Consider more specific issues
- Your origin server may not be set up to permit Cloudflare’s IP addresses to access port 443 if you recently started utilising Cloudflare’s HTTPS. If you can’t get your firewall to allow it, consider Cloudflare’s Flexible SSL instead of Full SSL.
- If appropriate, make sure you’re using the most recent versions of Bad Behavior and mod_security.
- Disable and unload the Apache modules mod_antiloris and mod_reqtimeout if you’re using them.
How to Fix Cloudflare Error 521
Look into your origin server.
- Check Out Your Original Web Server
- In your server’s firewall, whitelist all Cloudflare IP ranges.
- Examine More Particular Technical Issues
Check Your Origin Server
If your origin server is down or improperly configured, Cloudflare won’t be able to connect to it. Before moving on to the following probable solutions, you should check them first. Make sure your web server is up and working without the help of Cloudflare. Asking your hosting company if their servers are available is the simplest way to accomplish this. Go to step 2 if you’d prefer to test them yourself.
Test Your Origin Web Server
You can use the cURL command to see if your origin server is up and running. Users on Mac and Linux can accomplish this directly from their terminal, however Windows users will need to install cURL. The IP address of your server may be found in the DNS section of the Cloudflare dashboard. It can be found in your domain’s A record. Where x.x.x.x is the precise IP address of your origin server, enter http://x.x.x.x into the tool. Your server is functioning properly if you receive an HTTP 200 response. You will receive a Failed to Connect or Host Not Found Error if there is a problem. This indicates that there is a problem with your server. Request assistance from the support team of your host in bringing your server back online.
Whitelist Cloudflare IPs in your server’s firewall.
The next step is to whitelist all of Cloudflare’s IP ranges if you’ve verified that your site’s server is online but are still experiencing Cloudflare error 521. It is simple to check that your server is not obstructing them by doing this. The list of Cloudflare IPs is available here. Using this list, then
- Don’t block Cloudflare IPs in iptables,.htaccess, or your firewall.
- Check whether your host limits bandwidth (you might have to ask them). Check if they’re banning Cloudflare IPs. If your host does this, ask them to whitelist https://www.cloudflare.com/ips.
- A malfunctioning firewall can also cause error 521, not 524. Error messages may be caused by a defective firewall that drops packets instead of refusing a connection. If you’re using WordPress, try deactivating security plugins.
Check for More Specific Technical Issues
If after trying the above, the error message persists, then you should consider any of the following technical solutions. Note that, your server’s configuration would determine the solution that would suit you.
- If you are new to Cloudflare’s HTTP, your origin web server might still have wrong configurations. Ensure that the server allows Cloudflare IP addresses access port 443. If you can’t re-configure your server/firewall to listen to port 443, try using flexible SSL instead of the Full SSL at Cloudflare.
- Ensure that your mod_security and Bad Behavior versions are up to date where applicable. Your mod_security particularly, check to see if its rules are not blocking Cloudflare requests.
- Custom Apache modules like mod_reqtimeout and mod-antiloris block IPs when they connect more than 22 times. Because your connections now come from Cloudflare, you will always exceed the limit hence the error. Disable and unload these modules, and the error should disappear.
- If you see the error message: “railgun.wan_error: connection failed”, your Railgun configuration is probably faulty. Please disable it and revisit your website.
- If the error happens when you use Workers to load Javascript on your website, note that Workers subrequest can override your DNS origin web server address. It does this by making subrequest to an external website. Check the script to see if you’re testing the right origin web server.
Conclusion – Error 521
When you initially use Cloudflare for content delivery, you’re likely to run into Error 521. Cloudflare accelerates websites, protects them from threats, ensures that they are always accessible, and makes it simple to deploy web apps with a single click. Regardless of their size or platform, Cloudflare accelerates websites without the need for additional hardware, software, or code changes.
WordPress users who also use Cloudflare may get error 521. This specific error number appears when Cloudflare is unable to connect to the server hosting your website. This could be a result of the server being offline, the firewall prohibiting Cloudflare, or a problem with the SSL certificate. To summarise, this is what you may try to fix Cloudflare issue 521:
- Check to determine if the server for your website is down.
- Whitelist Cloudflare IP ranges in your server’s firewall.
- Create an origin certificate using Cloudflare.
You can also read about Cloudflare 522 error here
Do you have any queries on how to fix Cloudflare issue 521? Let’s discuss them in the section below for comments!