Accessing resources on the internet usually involves making requests to a named host in a server where the resources are stored. This can be done by a computer, smartphone, or any device that can access the internet.

In such a case, the device requesting a resource from the server is referred to as a client, and the request for resources from the server is known as an HTTP request.

HTTP is a protocol or rules that govern the exchange of information over the internet. When a client makes a request for a resource to a server, it is said to have made an HTTP request.

When a client requests resources from a server, the server, in addition to issuing the resource in case the request was successful, the server also issues three-digit status codes based on how the request was handled.

A request for a resource can be successful, it can be redirected, or the resources may not be found on the server. Such information on the status of a request made to a server is communicated using status codes.

Status codes have different classes, which are identified by the first digit in the status code. Status codes starting with 1 are information codes that indicate the request was received and is still ongoing; those starting with 2 indicate a client’s request was successfully received, understood, and accepted.

Those starting with 3 indicate redirection, and those that start with 4 indicate client error, while those that start with 5 represent server error.

There are official status codes that are defined by the HTTP standard, and unofficial status codes which expand on the officially defined status code classes. One such status code is 521, which means the Web Server is Down. This is an unofficial status code used by CloudFlare’s reverse proxy service.

<img alt="error-521" data- data-src="https://kirelos.com/wp-content/uploads/2023/03/echo/error-521.png" data- decoding="async" height="809" src="data:image/svg xml,” width=”1439″>

A reverse proxy server is an intermediary server that sits in front of web servers, intercepts request from clients, and pass them to web servers. Such an architecture ensures that no client directly communicates with a web server with the resources it is requesting.

A reverse proxy server protects the identity of web servers identity and also enhances their reliability, security, and performance, and helps in load balancing in high-traffic websites.

An example of CloudFlare’s reverse proxy services is its Content Delivery Network(CDN). A CDN consists of geographically distributed servers that cache web content close to the physical location of users. This results in faster loading speeds of content on the internet.

Error 521 Web Server is Down, occurs when the origin server a client is trying to get resources from refuses connections with Cloudflare’s proxy. To serve content requested by a client, Cloudflare’s proxy service establishes a connection on port 80 or 443 with the origin server that has the requested resource.

At times, the origin server directly refuses to connect with Cloudflare’s proxy and sends back a connection refused error. When Cloudflare encounters a connection refused error from the origin server, it leads to Error 521 Web Server is Down which is what is displayed to the client making the request.

Causes of Error 521

As much as Error 521 indicates that your origin web server is down, it is not always the result of a web server being down, as there are others issues that can cause the error. Some of the potential causes of Error 521 include:

#1. Your origin web server is down

<img alt="downsServer" data- data-src="https://kirelos.com/wp-content/uploads/2023/03/echo/downsServer-1500×843.jpg" data- decoding="async" height="843" src="data:image/svg xml,” width=”1500″>

In case your origin web server which you are requesting a resource from is offline, Cloudflare reverse proxy service can’t establish a connection with it. This in turn, results in Error 521. Such an error can also occur when some of the web server processes of the origin server are not running properly, making it impossible for Cloudflare to connect with it.

#2. Your origin web server is blocking requests from Cloudflare

Cloudflare’s reverse proxy services take up requests from clients and hand them over to the servers with the requested resources. As a result, the origin server security configuration or firewall might see that Cloudflare’s IP addresses are making too many requests for resources and flag the requests as attacks.

This results in blocking Cloudflare’s IP addresses, making it impossible for Cloudflare to connect to the origin web server. When this happens, it leads to Error 521 even though the origin server might be working fine.

#3. Origin Server Misconfiguration

Cloudflare’s Content Delivery Network(CDN) is a reverse proxy service. Servers need to be properly configured for them to work with a CDN. In case of misconfigurations when setting up a CDN, clients will get an Error 521 when they make requests to the origin server. Firewalls being configured to drop packets instead of refusing connections also leads to Error 521.

#4. Problem with Cloudflare’s SSL Certificate

<img alt="ssl" data- data-src="https://kirelos.com/wp-content/uploads/2023/03/echo/ssl-1500×844.jpg" data- decoding="async" height="844" src="data:image/svg xml,” width=”1500″>

Cloudflare supports the encryption of traffic between a server and a client using a Secure Socket Layer(SSL) Certificate. SSL Certificates are used to authenticate the identity of websites and establish an encrypted connection.

In case there’s an issue with a website’s SSL certificate or the encryption mode being used by Cloudflare, the origin server will refuse the connection request resulting in Error 521.

How to Fix Error 521

There are a number of ways to solve Error 521. These include:

#1. Check that the origin server is online

Error 521 can occur when the origin server is offline or down. To check if the origin server is up and running, open a terminal window and execute the ping command together with the site you want to check if its origin server is online.

ping geekflare.com

In case the server is running, you’ll receive responses from the server as shown below: 

<img alt="pings" data- data-src="https://kirelos.com/wp-content/uploads/2023/03/echo/pings.png" data- decoding="async" height="533" src="data:image/svg xml,” width=”786″>

In this case, Geekflare’s origin server is up and running. However, the second tested server was down at the time of writing. Zero packets were received from it, and it had 100% packet loss. Opening the website resulted  in the page below, which shows a 502 error:

<img alt="downweb" data- data-src="https://kirelos.com/wp-content/uploads/2023/03/echo/downweb.png" data- decoding="async" height="621" src="data:image/svg xml,” width=”811″>

Press CTRL C to exit the ping command output.

Another way to check if your server is online is by navigating to the site isitdownrightnow and entering the website you want to check. The site will tell you whether the server is running or not as shown below:

<img alt="downorUP-1" data- data-src="https://kirelos.com/wp-content/uploads/2023/03/echo/downorUP-1.png" data- decoding="async" height="217" src="data:image/svg xml,” width=”768″>

If you’re new to using Cloudflare’s CDN with your server, check to ensure that your origin server has been properly configured to listen on port 443 and allow Cloudflare’s IP addresses to access port 443. Additionally, ensure that your firewall is configured correctly to avoid it dropping packets. This leads to Error 521.

#2. Whitelist Cloudflare’s IP Addresses

Another cause for Error 521 is Cloudflare’s IP addresses being flagged as suspicious and being blocked because of making many requests. To counter this, check with your hosting provider to ensure they are not blocking or limiting requests that can be made by Cloudflare’s Ip addresses. the requests can make.

If you’re running your own dedicated server, ensure that your firewall is not blocking Cloudflare’s IP addresses. Additionally, disable and unload Apache custom modules such as mod_antiloris and mod_reqtimeout, which block IP addresses that connect more than 22 times.

#3. Check the SSL Certificates or encryption mode being used

<img alt="https-3344700_1920" data- data-src="https://kirelos.com/wp-content/uploads/2023/03/echo/https-3344700_1920-1500×600.jpg" data- decoding="async" height="600" src="data:image/svg xml,” width=”1500″>

Depending on whether the SSL encryption mode has been set to Flexible, Full, or Strict, Cloudflare will work differently with the SSL certificate it is presented to it by the origin server. These Cloudflare encryption modes are useful in establishing a connection between Cloudflare’s reverse proxy service and the origin server.

Full or Strict modes are the most popular choices or encryption modes used as they require an SSL Certificate. When using these modes, Cloudflare requires valid SSL certificates from the origin server. An Error 521 will occur when there’s a problem with your website’s SSL certificate, particularly when using Strict encryption mode.

To overcome this,  install Cloudflare origin certificates to your origin server or use SSL certificates from a trusted certificate authority. Switching from Strict encryption mode to full can also help overcome Error 521, resulting from a problem with the SSL certificate from the origin server.

Conclusion

Using Content Delivery Networks such as Cloudflare’s CDN has become a popular way of serving content on the internet. Using CDNs allows web applications to load faster, perform better, and become reliable and more secure against attacks.

When using Cloudflare, you might encounter Error 521, which could indicate a problem with the origin server. In such a case, consider the solutions given above. In case all of them fail, consider getting in touch with Cloudflare’s customer service for further assistance.

Show Comments