When you visit a website using CloudFlare, you may receive an error 521. This error occurs because the origin web server refused the connection from CloudFlare.
You are using
nginxin front of
CloudFlare IP addresses were blocked by
nginx because of an outdated contents of
/etc/nginx/conf.d/cloudflare.conf contains CloudFlare servers IP addresses list.
- Make sure that you're not blocking CloudFlare IPs in
iptables, or your firewall.
- Make sure that
/etc/nginx/conf.d/cloudflare.confis up to date and contains all IP addresses found here: https://www.cloudflare.com/ips
- Make sure your provider isn't rate limiting or blocking IP requests from the CloudFlare IPs and ask them to whitelist the IP addresses found here: https://www.cloudflare.com/ips
- Make sure that you're operating off of the most recent versions of Bad Behavior or
mod_security. You want to ensure that mod_security's core rules aren't blocking CloudFlare requests.
- If you are running custom Apache modules, such as
mod_reqtimeout, disable and unload the modules. These modules will block any time an IP that connects more than 22 times. Since all connections are now coming from a CloudFlare IP, you will definitely hit the limit causing the error page. As soon as you unload the module, the issue will disappear.