If your online project is growing and beginning to attract international customers, the workload of your server is also increasing. High user numbers and the large geographical distribution of the clients result in ever-increasing loading times and slow transfer rates. By using a CDN (content delivery network), you’ll be able to react to increasing demands and optimise your data delivery.
Since 2010, the CDN Service Cloudflare has been helping numerous web projects to improve performance and security. In contrast to conventional content delivery networks, Cloudflare functions not only as a simple buffer for static content, but also as a reverse proxy server, which is in constant exchange with the web server. This has the advantage that the cache content is not explicitly determined by the website operator – even adapting the source code isn’t necessary since you only have to instruct the DNS servers to use the service.
A well-known error that occurs again and again with the powerful content delivery network is indicated by the message: 'Error 522: Connection timed out'. Although this bug is also known as a 'Cloudflare error', the problem is not really the fault of the web performance service itself.
- What does the 'Error 522' message mean?
- What causes the Cloudflare error?
- Fix error 522: Website operators have the following options
- What can a browser user do about the connection timed out message?
What does the 'Error 522' message mean?
Like many other error pages on the world wide web, the 522 message is one of the HTTP status messages: while the preceding '5' indicates a server error, the following '2' indicates that the server error has occurred in conjunction with Cloudflare. Code 522 stands for 'Connection timed out', which occurs whenever the TCP handshake between the web server and Cloudflare fails. This handshake – which is essential for establishing a connection – becomes necessary whenever the CDN service receives a user request that requires consultation with the server. Due to the high usage of Cloudflare, the 522 connection timed out error is one of the most common browser error messages.
What causes the Cloudflare error?
Contrary to what one would initially suspect, the reason for the 522 error occurring is not due to Cloudflare malfunctioning but rather to a server-side problem. However, as with many similar HTTP errors, it is not so easy to name the source of the error directly. There are various scenarios that can cause a timeout when establishing a TCP connection between the CDN service and the contacted web server. The most common reasons for the connection timed-out message are the following:
- Web server is offline: the HTTP error 522 is often displayed because the contacted web server is offline. Since the communication between the web server and Cloudflare happens via the internet, an exchange obviously cannot take place.
- Overloading the original server: Cloudflare does a lot of work for the original web server running the project. For certain requests from browser users (especially dynamic content), the CDN service must nevertheless contact the original server. As with an ordinary server without a CDN, this sometimes results in an overload and a timeout when building TCP, if too many requests are to be processed at the same time.
- Firewall is blocking the request: if the original server is connected to its own firewall, this can also cause a Cloudflare error. Of course, the IP addresses of the performance service should be allowed by this service by default, however, sometimes addresses are accidentally or randomly blocked. As a result, connections cannot be established. Incorrect settings may also result in packets being deleted from within the original host network.
- Incorrect DNS settings: The DNS servers work with the IP address of the original server. Any change to this address must be transmitted so that the CDN and server can continue to work together. Since many web hosts automatically assign new web addresses to the managed websites every so often and do not forward them to Cloudflare, the DNS setup sometimes uses an incorrect address.
- Incorrect routing: Cloudflare must work beyond network boundaries to ensure that a website’s performance is properly optimised. IP routing, which regulates the path of the packets sent through the various networks involved, is an elementary part of the content delivery process. If there are discrepancies between the original server and Cloudflare, this often results in a connection timed out message.
- Keepalive messages are disabled on the server side: Cloudflare uses the 'keepalive' header entry to maintain established connections over a longer period of time, improving performance. If the option of the HTTP messages being displayed on the web server is deactivated, the connection setup fails, resulting in a 522 error. Since most common web servers allow the keepalive entry by default, this is a relatively rare cause of error and almost always has something to do with a configuration error on the webmaster’s part.
Fix error 522: Website operators have the following options
If you are responsible for a web project that is struggling with an error 522 problem, you should start investigating the cause immediately. However, before you check whether one of the causes described in the previous section is the problem, you should first make sure that the original web server is active and accepts HTTP requests. If this is not the case, communication between Cloudflare and the server is logically impossible – even if all settings are correct. If this 'fast' check shows that the CDN service can actually access the server resources as planned, a more detailed analysis is required to find the source of the error.
In the following sections, we have compiled the most promising solutions for fixing the 522 error.
Solution 1: Optimise server capacity
Web server overload is one of the most common causes of error 522. It is impossible to predict the number of visitors at any given time. Intermittent load peaks mean that the server can’t keep up with processing HTTP requests – so you should keep an eye on the traffic development of your web project using analysis software. Evaluate the data regularly to identify bottlenecks and upgrade the hardware setup of the hosting environment. Flexible cloud hosting solutions enable you, for example, to scale resources with pinpoint accuracy so that you can react optimally to fluctuations caused by the time of day, day of the week, or season.
Solution 2: Check IP filtering
In order to find out if Cloudflare’s IP addresses are blocked by your webserver, you need to check the appropriate firewall settings and other filtering applications, such as iptables. Internet addresses can also be filtered in the .htaccess file, which is why you should also check them for blocked IPs. A list of the addresses used by the CDN service provider can be found on the official website. If one of these addresses is locked in the named programs (or tools with similar functions), you have to unlock it to fix error 522. Applications often block IPs automatically, so you should play it safe and whitelist Cloudflare addresses.
It’s not unheard of for Cloudflare addresses to be filtered by your hosting provider, rather than your web server. Therefore, if you suspect an IP problem is behind the 'Connection timed out' message and cannot detect any incorrect configurations in your applications, contact the provider.
Solution 3: Customise DNS/IP settings
If your web host relies on a regular change of web server address, it is up to you to forward the changed IPs to Cloudflare. The providers report these changes only to the own DNS servers by default. If an error 522 occurs, it is worth taking a look at your domain’s IP settings. Log into the appropriate administration panel of your web project and note down the current IPv4 and IPv6 addresses of the web server. Then switch to the Cloudflare configuration menu and select the domain causing the error. Click on the menu item 'DNS' and then enter the recorded web addresses in the corresponding DNS records (Record Type AAAA: IPv6, Record Type A: IPv4).
Solution 4: Activate 'keepalive' message
If the Cloudflare error is due to incorrect HTTP header settings, it is, in theory, relatively easy to fix. If 'keepalive' is switched off or too few possible requests are defined, you can correct this in the respective configuration file of the web server (e.g. in httpd.conf for Apache servers). However, a prerequisite is that you have the appropriate rights, which is often not the case with shared hosting packages. In cases like these, you only have the option of contacting the provider. If this persists with the setting 'keepalive' for the selected package, you should consider changing the hosting model or provider.
Solution 5: Contact Cloudflare-Support
If the 522 error is due to a traffic routing problem, contact Cloudflare support. Create a ticket describing the problem, specifying which areas you have already checked for errors. The CDN provider also recommends using tools such as MTR or traceroute to obtain information about the current packet switching between your web server and the Cloudflare IPs. You can attach the results to your ticket (text or image format) to speed up the problem-solving process.
What can a browser user do about the connection timed out message?
The list of possible causes of error shows that HTTP error 522 is only a server-side problem. So if you just browse through the world wide web and encounter the 522 message when you visit a website, this is not due to a faulty internet connection or a faulty plugin. However, this also means that you cannot solve the problem directly. In order to keep frustration to a minimum (or prevent it from the start), it’s advisable to wait and visit the website later. Hopefully, the communication problem between Cloudflare and the web server will have been fixed by then and the site will be displayed as normal.
Of course, you can also contact the responsible web master – especially if the website doesn’t work after several attempts and still shows the Cloudflare error. You may receive valuable background information or be told when the website can be accessed again. Furthermore, it’s also possible that the provider isn’t aware of the problem so it is definitely worth contacting them.