Cloudflare “Error 521”: 4 methods to fix it
Error code 521, or “Error 521: Web server is down,” is a connection time-out error that indicates the website is experiencing a server-side problem. It is a common error that affects Cloudflare-enabled websites. This error occurs when the origin server rejects Cloudflare’s connection request.
| Error code | Error 521 |
| Error type | Cloudflare – server |
| Error variation | Web server is down |
| Error causes | Server’s configuration issues Server blocking Cloudflare requests The web server is offline Poor encryption settings |
How to fix the “Error 521” in 4 easy steps
Make sure to have access to the web server and Cloudflare dashboard before starting to fix the “Error 521”. In addition, remember to clear your browser cache after finishing to see the changes.
Important! We recommend checking if the website is down for everyone or only for you.
1. Check whether the origin server is running
Checking your server status is a good way to find out what causes the “Error 521”. If there is ongoing maintenance or the hosting provider is experiencing downtime, your server will be blocking IP requests. Other than the server status, check your origin web server’s connection.
If you are familiar with how to use the Terminal, use the Packet Internet Groper (PING) command for Linux or Traceroute for Windows.
Another method to make sure the origin server is running is to check your order usage. One of the causes behind this Cloudflare-specific error message includes websites reaching the limit of Memory and Central Processing Unit (CPU) usage.
The server cannot respond to Cloudflare’s HTTPS requests when it is overwhelmed. To check the limits using Hostinger, head to hPanel → Websites on the left side menu. Then, click on the three dots next to your hosting plan and choose Resource Usage.
The purple lines on the RAM and CPU usage graphs should not touch the red lines, as the red lines represent the maximum threshold.
If you are close to reaching the maximum threshold, upgrade your web hosting plan or switch to a different hosting type.
For those facing the “Error 521” with WordPress, we recommend removing unnecessary plugins. Some plugins can generate a high load on the web origin server. The WordPress site’s server might be blocking Cloudflare’s requests because it uses too many resources.
Lastly, contact your hosting provider support if you do not have access to your server connectivity.
2. Test the connection to the server
If your server’s firewall software blocks Cloudflare IP addresses, it will show the “Error 521: Web server is down” message. Another method to fix the “Error 521” is to ensure your hosting provider hasn’t enabled rate-limiting IP requests from Cloudflare’s IP ranges.
Since this CDN acts as a reverse proxy, all connections to your server come from Cloudflare’s IP address instead of your visitor’s actual IP address. Run a client Uniform Resource Locator (cURL) command to check the URL’s connectivity and server. The cURL command is installed in macOS, Linux, and Windows 10 or later, by default.
Alternatively, test the connection to the server to safelist Cloudflare IP ranges. It will override the server-side security solutions from blocking Cloudflare’s requests. Check the IP filtering on your host provider to include Cloudflare IP ranges.
For this method, use the .htaccess file inside the File Manager. Then, add the code allow from, and Cloudflare’s IP addresses between the lines:
#DO NOT REMOVE THIS LINE
The code will look like the following image:
With Hostinger, there is an IP Manager to grant access or block specific addresses without having to code. Head to hPanel → Advanced → IP Manager and include Cloudflare IPs under the Allow an IP Address section, and click Add.
To fix the “Error 521” with WordPress, use a plugin like Secure Admin IP to help manage access to Cloudflare IP ranges. This method also tests if the WordPress site’s server refuses to connect with the CDN due to IP filtering.
Important! For Apache users, make sure to disable and unload custom Apache modules, such as mod_antiloris and mod_reqtimeout. These modules block any IP address that requests a connection more than 22 times.
3. Check encryption settings
Cloudflare encryption modes help connect the CDN with your web origin server. The ERR_CONNECTION_REFUSED can occur if you are not using the right encryption mode.
For this method, access your Cloudflare dashboard and select the SSL/TLS button to fix the “Error 521”.
The encryptions modes can be:
- Flexible. All the connections between Cloudflare and your origin are via HTTP. Use this Flexible SSL if you cannot set up an SSL certificate for your domain.
- Full. Cloudflare connects to the origin server using either HTTP or HTTPS, depending on the visitor’s request. Choose the Full SSL mode if you have an SSL certification.
- Strict. Similar to Full, visitors can decide which protocol to use. However, this mode has more requirements for origin certificates.
If you are unsure about your encryption mode, turn on the SSL/TLS Recommender under the same settings.
4. Check for website issues
If none of the previous methods work, disable Cloudflare temporarily to remove the error message. Check your website for any other issues before using the CDN again.
Important! Cloudflare will need around 1-2 hours to display the disabled version fully. Purging the Cloudflare cache can make the process faster, but it still won’t be instant.
What causes the “Error 521: Web server is down”
As a content delivery network (CDN) service, Cloudflare helps speed up websites by making a Transmission Control Protocol (TCP) connection to a site’s server after receiving the request from a web browser.
When the web server denies Cloudflare’s connection requests, the browser will show the “Error 521” message.
Some of the causes behind the origin web server not returning a connection error include:
- Server’s configuration issues. Make sure the server is configured properly when setting up this CDN.
- Server blocking Cloudflare requests. This CDN acts as a reverse proxy, which means all connections to your server will come from Cloudflare IPs. Some server-side security solutions might block large requests from a single IP address.
- The web server is offline. If your hosting provider experiences downtime, the website will be unresponsive to Cloudflare requests. In addition, this error can occur when the origin web server process, such as Apache or NGINX, has stopped running properly.
- Poor encryption settings. Cloudflare has its own Secure Sockets Layer (SSL) certificate and encryption modes. Thus, the origin server might be blocking requests due to the encryption settings.
One of the ways to find out what is causing the error 521 is to check the server’s error logs. If you have previously enabled PHP error logging, find the log in the home/[username]/.logs/error_log_[domain] file.
Troubleshooting other Cloudflare errors
You might experience other Cloudflare issues, including “Error 520” and “Error 522”.
If your website shows the Error 520: Web server is returning an unknown error message, check if the origin web server has crashed. Additionally, check the response header or disable your .htaccess file.
With the Error 522: Connection timed out message, the common causes are usage overload and firewall blocking Cloudflare IP addresses. The method to fix this error is similar to fixing Cloudflare “Error 521”. Additionally, enabling KeepAlive messages and reviewing the Cloudflare DNS area can also help.
Contact your hosting provider or Cloudflare support services if these issues persist.
Conclusion
If your website is showing the “Error 521: Web server is down” message, it means that your origin server does not respond to Cloudflare’s requests. The “Error 521” often happens due to a server’s firewall or other security software that blocks Cloudflare IPs.
Here are the four summarized methods to fix this issue:
- Check if your origin server is running fine.
- Make sure your hosting provider’s network does not block Cloudflare IPs.
- Choose the suitable SSL/TLS encryption mode.
- Disable Cloudflare temporarily.
We have also shared some tips for a WordPress website that provide more straightforward steps to troubleshoot “Error 521”. Don’t hesitate to comment below on which method works best for you.
“Error 521” FAQs
How do I prevent “Error 521”?
Since “Error 521” occurs when a web server cannot establish a connection with the origin server, make sure that the origin server is operational at all times to prevent it. Another way to prevent “Error 521” is to check the firewall or security settings.
Is “Error 521” common for Cloudflare users?
No, “Error 521” is not a common error for Cloudflare users. It is a relatively rare error and typically indicates an issue with the origin server rather than Cloudflare’s services.
Do I need to access my server if I encounter “Error 521”?
Yes. “Error 521” indicates that Cloudflare is unable to establish a connection to your origin server. Therefore, you will need to troubleshoot the issue on your server or with your hosting provider. If you are using Hostinger, you can easily contact customer success to help fix this error.
Astari is a digital marketing expert, with a focus on SEO and WordPress. She loves to share her wealth of knowledge through her writing, and enjoys surfing the internet for new information when she's not out in the waves or hiking a mountain. Her mission is to learn something new every day, and she firmly believes that there is no such thing as too much knowledge.
