When a web
browser displays the message “Error 521: The web server is down”, it means that the website is experiencing a server-side problem. It’s a common mistake that affects websites that use Cloudflare. This error occurs when the origin server denies Cloudflare’s request to connect.
We’ll explain what causes error 521, along with methods to fix it.
In addition, we will also share how to fix similar issues to prevent your website from experiencing other Cloudflare errors.
Before you begin, make sure that you have access to the source web server. Otherwise, you will not be able to follow the troubleshooting methods in this tutorial.
Error code Error type Error variation Error causes
What causes error 521: Web server is down?
As a content delivery
network (CDN) service, Cloudflare
helps speed up websites by establishing a Transmission Control Protocol (TCP) connection to a site’s server after receiving a request from a
When the web server denies Cloudflare connection requests, the browser will display the 521 error message.
Some of the
causes why the source web server does not return a connection error include:
- Server configuration issues. Make sure the server is configured correctly when setting up this CDN.
- Server blocking Cloudflare requests. This CDN acts as a reverse proxy, meaning that all connections to your server will come from Cloudflare’s IP. Some server-side security solutions can block large requests from a single IP address.
- The web server is offline. If your hosting provider experiences downtime, the website will not respond to Cloudflare’s requests. Additionally, this error can occur when the origin web server process, such as Apache or NGINX, has stopped running correctly.
- Poor encryption settings. Cloudflare has its own Secure Sockets Layer (SSL) certificate and encryption modes. Therefore, the origin server might be blocking requests due to encryption settings.
One of the ways to find out what’s causing the 521 error is to check the server error logs. If you have previously enabled PHP error logging, look for the log in the home/[username]/.logs/error_log_[domain] file.
How to Fix Error 521 in 4 Easy Steps Make sure you have access to the Cloudflare web server and dashboard before you start
fixing error 521
. Also, remember to clear your browser’s cache after you’re done to see the changes.
1. Check if the source server is
Checking the status of your server is another way to find out what causes error 521. If there is ongoing maintenance or the hosting provider is experiencing downtime, your server will block IP requests. In addition to the server status, check the connection of the source web server.
If you are familiar with how to use the terminal, use the Packet Internet Groper (PING) command for Linux or Traceroute for Windows.
Another method to make sure the origin server is running is to verify the usage of your order. One of the causes behind this Cloudflare-specific error message includes websites that reach the memory and central processing unit (CPU) usage limit.
The server cannot respond to HTTPS requests from Cloudflare when it is overwhelmed. To check the limits using Hostinger, head over to hPanel → Resource Usage → Hosting. The purple lines on the RAM and CPU usage graphs should not touch the red lines, as it is the maximum threshold.
If you’re close to reaching the maximum threshold, upgrade your web hosting plan or switch to a different type of hosting.
For those facing error 521 with WordPress, we recommend removing unnecessary plugins. Some plugins can generate a high load on the web origin server. The WordPress site server might be blocking Cloudflare requests due to using too many resources.
Finally, contact your host’s technical support if you do not have access to your server’s connectivity.
2. Test the connection to
If your server’s firewall software blocks Cloudflare’s IP addresses, it will display the message “Error 521: The web server is down”. Another method to fix error 521 is to make sure that your hosting provider has not enabled IP requests that limit the speed of Cloudflare’s IP ranges.
Since this CDN acts as a reverse proxy, all connections to your server come from Cloudflare’s IP address rather than your visitor’s actual IP address. Run a Uniform Resource Locator (cURL) client command to verify connectivity and server connectivity for the URL. The cURL command is installed on macOS, Linux, and Windows 10 or later, by default.
Alternatively, test the server connection to protect Cloudflare’s IP ranges. It will override server-side security solutions so that they do not block Cloudflare requests. Check the IP filtering at your host provider to include Cloudflare IP ranges.
For this method, use the . htaccess inside the File Manager. Then, add the allow from code and Cloudflare IP addresses between the lines
: #DO DO NOT DELETE THIS LINE
The code will look like the following image:
With Hostinger, there is an IP manager to grant access or block specific addresses without having to code. Go to hPanel → Advanced → IP Manager and include Cloudflare IPs in the Allow an IP Address section and click Add.
To fix error 521 with WordPress, use a plugin like Secure Admin IP to help manage access to Cloudflare’s IP ranges. This method also tests whether the WordPress site server refuses to connect with the CDN due to IP filtering.
3. Check encryption settings
Cloudflare’s encryption modes help connect the CDN to your web origin server. The connection declined error can occur if you are not using the correct encryption mode. For this method, access your Cloudflare dashboard and select the SSL/TLS button to fix error 521.
Encryption modes can be:
- Flexible. All connections between Cloudflare and your origin are over HTTP. Use this flexible SSL if you cannot configure an SSL certificate for your domain.
- Complete. Cloudflare connects to the origin server using HTTP or HTTPS, depending on the visitor’s request. Choose full SSL mode if you have an SSL certification.
- Strict. Similar to Full, visitors can decide which protocol to use. However, this mode has more requirements for certificates of origin.
If you are not sure about your encryption mode, enable SSL/TLS Recommender in the same settings
for website issues
If none of the above methods work, disable Cloudflare temporarily to remove the connection declined error message. Check your website for any other issues before using the CDN again.
Other Cloudflare Errors
You may experience other Cloudflare issues, including 520 and 522 errors. If your website displays error 520: The web server returns an unknown error message, check to see if the source web server has crashed. Also, check the response header or disable your . htaccess.
With Error 522: Connection timed out message, common causes are usage overload and firewall blocking Cloudflare IP addresses. The method to fix this error is similar to fixing Cloudflare error 521. In addition, enabling KeepAlive messages and checking Cloudflare’s DNS area can also help.
Contact your hosting provider or Cloudflare support services if these issues persist.
If your website shows the message “Error 521: The web server is down,” it means that your origin server is not responding to Cloudflare requests. Error 521 often occurs due to a server’s firewall or other security software blocking Cloudflare IPs.
Here are the four methods to fix this problem:
- Check if your source server is working fine
- Make sure your hosting provider’s network doesn’t block Cloudflare IPs
- Choose the appropriate SSL/TLS encryption mode
- Disable Cloudflare temporarily.
We’ve also shared some tips for a WordPress website for easier steps to fix error 521. Feel free to comment below which method works best for you.