Nov 22, 2022
Cloudflare Error 521: 4 Methods to Fix It
When a web browser shows the “Error 521: Web server is down” message, it means that the website is experiencing a server-side issue. It is a common error that affects websites using Cloudflare. This error occurs when the origin server denies Cloudflare’s request to connect.
We will explain what causes the error 521, together with the methods to fix it.
In addition, we will also share how to troubleshoot similar issues to prevent your website from experiencing other Cloudflare errors.
Before starting, make sure you have access to the origin web server. Otherwise, you won’t be able to follow the troubleshooting methods in this tutorial.
|Error code||Error 521|
|Error type||Cloudflare – server|
|Error variation||Web server is down|
|Error causes||Server’s configuration issues|
Server blocking Cloudflare requests
The web server is offline
Poor encryption settings
What Causes the Error 521: Web Server Is Down?
As a content delivery network (CDN) service, Cloudflare helps speed up websites by making a Transmission Control Protocol (TCP) connection to a site’s server after receiving the request from a web browser.
When the web server denies Cloudflare’s connection requests, the browser will show the error 521 message.
Some of the causes behind the origin web server not returning a connection error include:
- Server’s configuration issues. Make sure the server is configured properly when setting up this CDN.
- Server blocking Cloudflare requests. This CDN acts as a reverse proxy, which means all connections to your server will come from Cloudflare IPs. Some server-side security solutions might block large requests from a single IP address.
- The web server is offline. If your hosting provider experiences downtime, the website will be unresponsive to Cloudflare requests. In addition, this error can occur when the origin web server process, such as Apache or NGINX, has stopped running properly.
- Poor encryption settings. Cloudflare has its own Secure Sockets Layer (SSL) certificate and encryption modes. Thus, the origin server might be blocking requests due to the encryption settings.
One of the ways to find out what is causing the error 521 is to check the server’s error logs. If you have previously enabled PHP error logging, find the log in the home/[username]/.logs/error_log_[domain] file.
How to Fix the Error 521 in 4 Easy Steps
Make sure to have access to the web server and Cloudflare dashboard before starting to fix the error 521. In addition, remember to clear your browser cache after finishing to see the changes.
Important! We recommend checking if the website is down for everyone or only for you.
1. Check Whether the Origin Server Is Running
Checking your server status is another way to find out what causes the error 521. If there is ongoing maintenance or the hosting provider is experiencing downtime, your server will be blocking IP requests. Other than the server status, check your origin web server’s connection.
If you are familiar with how to use the Terminal, use the Packet Internet Groper (PING) command for Linux or Traceroute for Windows.
Another method to make sure the origin server is running is to check your order usage. One of the causes behind this Cloudflare-specific error message includes websites reaching the limit of Memory and Central Processing Unit (CPU) usage.
The server cannot respond to Cloudflare’s HTTPS requests when it is overwhelmed. To check the limits using Hostinger, head to hPanel -> Order Usage. The purple lines on the Memory and CPU usage graphs should not touch the red lines as it is the maximum threshold.
If you are close to reaching the maximum threshold, upgrade your web hosting plan or switch to a different hosting type.
For those facing the error 521 with WordPress, we recommend removing unnecessary plugins. Some plugins can generate a high load on the web origin server. The WordPress site’s server might be blocking Cloudflare’s requests due to using too many resources.
Lastly, contact your host’s support if you do not have access to your server connectivity.
2. Test the Connection to the Server
If your server’s firewall software blocks Cloudflare IP addresses, it will show the “Error 521: Web server is down” message. Another method to fix the error 521 is ensuring your hosting provider hasn’t enabled rate-limiting IP requests from Cloudflare’s IP ranges.
Since this CDN acts as a reverse proxy, all connections to your server come from Cloudflare’s IP address instead of your visitor’s actual IP address. Run a client Uniform Resource Locator (cURL) command to check the URL’s connectivity and server. The cURL command is installed in macOS, Linux, and Windows 10 or later, by default.
Alternatively, test the connection to the server to safelist Cloudflare IP ranges. It will override the server-side security solutions from blocking Cloudflare’s requests. Check the IP filtering on your host provider to include Cloudflare IP ranges.
For this method, use the .htaccess file inside the File Manager. Then, add the code allow from, and Cloudflare’s IP addresses between the lines:
#DO NOT REMOVE THIS LINE
The code will look like the following image:
With Hostinger, there is an IP Manager to grant access or block specific addresses without having to code. Head to hPanel -> Other -> IP Manager and include Cloudflare IPs under the Allow an IP Address section, and click Add.
To fix the error 521 with WordPress, use a plugin like Secure Admin IP to help manage access to Cloudflare IP ranges. This method also tests if the WordPress site’s server refuses to connect with the CDN due to IP filtering.
Important! For Apache users, make sure to disable and unload custom Apache modules, such as mod_antiloris and mod_reqtimeout. These modules block any IP address that requests a connection more than 22 times.
3. Check Encryption Settings
Cloudflare encryption modes help connect the CDN with your web origin server. The connection refused error can occur if you are not using the right encryption mode. For this method, access your Cloudflare dashboard and select the SSL/TLS button to fix the error 521.
The encryptions modes can be:
- Flexible. All the connections between Cloudflare and your origin are via HTTP. Use this Flexible SSL if you cannot set up an SSL certificate for your domain.
- Full. Cloudflare connects to the origin server using either HTTP or HTTPS, depending on the visitor’s request. Choose the Full SSL mode if you have an SSL certification.
- Strict. Similar to Full, visitors can decide which protocol to use. However, this mode has more requirements for origin certificates.
If you are unsure about your encryption mode, turn on the SSL/TLS Recommender under the same settings.
4. Check for Website Issues
If none of the previous methods work, disable Cloudflare temporarily to remove the connection refused error message. Check your website for any other issues before using the CDN again.
Important! Cloudflare will need around 1-2 hours to display the disabled version fully. Purging the Cloudflare cache can make the process faster, but it still won’t be instant.
Troubleshooting Other Cloudflare Errors
You might experience other Cloudflare issues, including the errors 520 and 522. If your website shows the Error 520: Web server is returning an unknown error message, check if the origin web server has crashed. Additionally, check the response header or disable your .htaccess file.
With the Error 522: Connection timed out message, the common causes are usage overload and firewall blocking Cloudflare IP addresses. The method to fix this error is similar to fixing Cloudflare error 521. Additionally, enabling KeepAlive messages and reviewing the Cloudflare DNS area can also help.
Contact your hosting provider or Cloudflare support services if these issues persist.
If your website is showing the “Error 521: Web server is down” message, it means that your origin server does not respond to Cloudflare’s requests. The error 521 often happens due to a server’s firewall or other security software that blocks Cloudflare IPs.
Here are the four methods to fix this issue:
- Check if your origin server is running fine.
- Make sure your hosting provider’s network does not block Cloudflare IPs.
- Choose the suitable SSL/TLS encryption mode.
- Disable Cloudflare temporarily.
We have also shared some tips for a WordPress website for more straightforward steps to troubleshoot the error 521. Don’t hesitate to comment below on which method works best for you.