If you have landed on this post, you and your website visitors are encountering an error message, either ‘Error code 521 Cloudflare’ or ‘Error 521: Web server is down,’ on the web browser.
Error 521 occurs when the origin web server refuses connections from Cloudflare. It simply indicates that the website is experiencing server-side issues and is very commonly found in websites integrated with Cloudflare.
We know such downtimes can severely affect your website traffic and revenue, so here we come up with some easy solutions to fix error code 521 Cloudflare as well as its true meaning. So, without further ado, let us get started.
What is Error Code 521?
Error Code 521 indicates that Cloudflare is unable to access the origin server or your website server. In other words, you can understand that the client’s request has reached the Content Delivery Network server but further that the CDN or Cloudflare’s request has been rejected by the website’s server/ origin server.
It can happen due to the following reasons,
What are the Causes of Error 521?
Below are some of the possible errors that the origin server is not accepting Cloudflare’s request.
1. Incorrect server configuration: The servers must be properly configured to work with CDNs or else it can trigger Error Code 521.
2. Web Server is Offline: It is also possible that your web hosting is experiencing downtime issues. In such cases, all requests from Cloudflare to the server will be in vain. Furthermore, if the Nginx web server suddenly stops working, you may encounter the ‘Web server is down error code 521 nginx’ error message.
Pro Tip: It is always highly recommended that you choose a more reliable and higher uptime web hosting service, such as WPOven, which has up to a 99.99% uptime record.
3. Issue with Encryption Settings: Cloudflare or a CDN is known for its excellent security features, thanks to its SSL certificates and encryption protocols. By any chance, if you have configured it incorrectly, the web server or origin server might block requests, resulting in an error 521.
4. Server blocking Cloudflare IP addresses: When a client or user makes a request, it has to go through Cloudflare IP addresses. If the origin server or the website server has been configured strictly, it will block any IP addresses that send too many requests.
5. DDoS Protection: It is also possible that, if your website is under DDoS i.e. Distributed Denial of Service attack, the website server will block the traffic received from Cloudflare as a security measure.
How to fix error code 521?
Now you know what exactly error code 521 means, it is time for you to see How you can fix it easily.
1. Check if your website is online
Since the error code 521 is related to Cloudflare which acts like a bridge between the users and the website.
The users have to pass through this bridge to reach the website on the other end. Hence, if you or your visitors ever encounter an error code 521 the first thing you need to do is to check whether the origin server is online or not.
To do this, you can use the cURL which will determine the HTTP status of the website. Please follow the steps given below:
Step 1: Either open the command prompt (for Windows users) or Terminal (macOS or Linux users).
Step 2: Copy and paste the following curl command to it.
curl --silent --output /dev/null --write-out "%{http_code}" https://yourdomain.com
Note: Here replace “https://yourdomain.com” with your website.
You will get an Output somewhat like the picture below.
However, if you do not like to use the command prompt or terminal to check headers, we have a dedicated HTTP headers check online tool available.
Alternatively, you can also PING tool to check the status of the server.
After running the ping command, here is what the output looks like.
In the output, you can see the following first lines containing, the server’s hostname and the bytes being transferred to it.
It implies that the echo replies from the server, which normally consists of three parts, i.e. Byets, time, and TTL.
Now the Packets line indicates how many packets were transferred, received, and lost. if any packets show lost, it means there is a network problem.
In the Ping output, the last line shows the approximate RTT in milliseconds. It indicates the connection speed and it should be lower. The lowest the average time, the faster would be the connection to the server.
But suppose the ping results or output shows a request timeout message. In that case, it simply implies various issues, such as, the domain name does not exist, the network adaptor malfunction, or the server is down temporarily.
2. Review Cloudflare encryption settings
If you have not properly configured the SSL/TLS settings in your Cloudflare account, the 521 error code might occur. This issue arises because Cloudflare’s encryption modes facilitate the connection between the CDN and the origin server. If it is not properly configured, the origin web server might refuse connections from Cloudflare.
You will find the encryption mode as follows:
- Off (Not Secure): This particular mode implies that Cloudflare does not provide any encryption or security layer between the visitor and the Cloudflare network. Generally used for those websites which have nothing to do with sensitive information.
- Flexible SSL: This mode helps Cloudflare encrypt the communication between the visitor and Cloudflare. But here is a catch, the connection between the Cloudflare and the web origin server remains unencrypted.
- Full SSL: Unlike Flexible SSL, the encryption is done end to end. This means that Cloudflare encrypts the communication between the visitor and Cloudflare, as well as encrypts the communication between Cloudflare and the origin server.
- Full SSL (Strict): This mode is the same as Full SSL mode but with an extra level of security. i.e. the origin server must also have a valid SSL certificate with the matching domain name on Cloudflare.
3. Check your Cloudflare DNS settings
It is also possible that there has been some misconfiguration happens in your Cloudflare DNS settings. Therefore, you are required to check and verify it immediately.
To do so, Log in to your Cloudflare account > yourdomain.com > DNS > Records.
In the Records page, make sure that the content of all A records contains the same origin server’s IP address and for the content of the CNAME, it should be your domain name.
In case, if you find that one of the records doesn’t match, you can easily make changes to it by clicking on the edit option.
4. Whitelist Cloudflare IP address and Ports
Cloudflare acts as a middleman between a private firewall and the web origin server. When a user requests a webpage, every request has to go through Cloudflare first and then move towards the origin server via a special set of IP addresses.
But if anything interferes with the communication between Cloudflare and the origin server it will result in error code 521.
This interference or issue can happen due to the following reasons:
- .htaccess file
- IP Blocker rules
- Strict Firewall rules
- Security Plugins
- Disabled ports that are used in communication for Cloudflare with the origin server
Let us see how you can fix each one.
4.1 Check .htaccess file and firewall rules and Whitelist Cloudflare IP address
Here are the steps given below, that you need to follow to whitelist Cloudflare IP address.
a. The first thing you need to do is to access the .htaccess file either via the FTP client or using the file manager in your cPanel.
b. Now add the following line of codes to it and also add the IP addresses separated by space.
order deny, allow
deny from all
c. Now Save your .htaccess file and you are done.
Note: If you do not know how to access and edit .htaccess file, check out our guide on “WordPress .htaccess File: How to Create And Edit it?“
4.2 Review your IP blocker Settings
If your web host provides you with cPanel access, the IP Blocker feature can be very helpful for you. It helps web admins to block a specific IP address or a range of IP addresses from your website.
If your website is managed by multiple admins, there are chances that someone might have mistakenly added Cloudflare IP ranges to the blocklist. Therefore, you need to review the IP blocker settings and check if that is the issue.
4.3 Deactivate your Security Plugins
In case you are using any security plugin, it can also be the reason for blocking Cloudflare’s requests. To clear your doubt about whether it is causing the issue, it is better you must disable the plugin first and see if the error persists.
If the error disappears, it means the plugin is the main culprit and you should contact the plugin author or try another one.
5. Verify Mod_security
If Mod_security an open-source web application firewall module for Apache acts as the origin server’s firewall and it is configuration doesn’t allow Cloudflare’s requests it can result in error code 521.
If this is the cause, you need to make sure that the latest version of mod_security is used and its settings are properly configured.
6. Disable mod_reqtimeout and mod_antiloris
For security reasons, you might have activated mod_reqtimeout and mod_antiloris modules in your Apache server to protect against DDoS or DoS attacks. These modules reduce the number of connections between an IP server and your server for a certain period.
No doubt these modules help to protect your server from these attacks but it can also cause compatibility issues with Cloudflare, resulting in error code 521.
To fix this problem the best thing you can do is to disable and unload these modules.
7. Review Railgun settings
Railgun is a web optimization technology that is provided by Cloudflare and is best used to accelerate the delivery of dynamic content.
If railgun is not properly configured it will show an error message ” error 521: railgun.wan_error connection failed“.
Therefore, to fix this issue, disable the Railgun for a while so that you can access the website and check out the configuration. In case you find any difficulty in doing so, reach out to Cloudflare support for any help.
8. Contact support
The last but not the least thing you can do, if none of the above methods help you out to fix the error 521 is to contact Cloudflare support.
In case the website server is down, you can contact your web hosting provider and ask for assistance.
Summary
If you are running an online store or business, every second counts. You cannot simply leave your website as it shows an error code 521 on the screen. The longer you wait, the more loss you will incur.
So, it’s better to act as fast as possible with the troubleshooting methods mentioned below:
1. Check if your website is online
2. Review Cloudflare encryption settings
3. Check your Cloudflare DNS settings
4. Whitelist Cloudflare IP address and Ports
5. Verify Mod_security
6. Disable mod_reqtimeout and mod_antiloris
7. Review Railgun settings
8. Contact support
Frequently Asked Questions
How do I fix 521 error?
8 quick methods to fix error code 521:
1. Check if your website is online
2. Review Cloudflare encryption settings
3. Check your Cloudflare DNS settings
4. Whitelist Cloudflare IP address and Ports
5. Verify Mod_security
6. Disable mod_reqtimeout and mod_antiloris
7. Review Railgun settings
8. Contact support
What is error code 521 on Chrome?
Error Code 521 indicates that Cloudflare is unable to access the origin server or your website server. In other words, you can understand that the client’s request has reached the Content Delivery Network server but further that the CDN or Cloudflare’s request has been rejected by the website’s server/ origin server.
Rahul Kumar is a web enthusiast, and content strategist specializing in WordPress & web hosting. With years of experience and a commitment to staying up-to-date with industry trends, he creates effective online strategies that drive traffic, boosts engagement, and increase conversions. Rahul’s attention to detail and ability to craft compelling content makes him a valuable asset to any brand looking to improve its online presence.