When you visit a website using CloudFlare, you may receive an error 521. This error occurs because the origin web server refused the connection from CloudFlare.
- You are using
nginxin front of
CloudFlare IP addresses were blocked by
nginx because of an outdated contents of
/etc/nginx/conf.d/cloudflare.conf contains CloudFlare servers IP addresses list.
- Make sure that you're not blocking CloudFlare IPs in
iptables, or your firewall.
- Make sure that
/etc/nginx/conf.d/cloudflare.confis up to date and contains all IP addresses found here: https://www.cloudflare.com/ips
- Make sure your provider isn't rate limiting or blocking IP requests from the CloudFlare IPs and ask them to whitelist the IP addresses found here: https://www.cloudflare.com/ips
- Make sure that you're operating off of the most recent versions of Bad Behavior or
mod_security. You want to ensure that mod_security's core rules aren't blocking CloudFlare requests.
- If you are running custom Apache modules, such as
mod_reqtimeout, disable and unload the modules. These modules will block any time an IP that connects more than 22 times. Since all connections are now coming from a CloudFlare IP, you will definitely hit the limit causing the error page. As soon as you unload the module, the issue will disappear.