Error code 521: What is it and how to fix it?
Error code 521 is a common error many website owners and end users encounter while surfing the internet. For website owners, if left unresolved, it can negatively impact site performance and user experience.
In this article, we’ll explain what error 521 is and why the error occurs. We’ll go over simple guidelines on how to fix error 521 effectively and how to prevent it in the future.
What is error 521?
Error code 521, commonly known as “Error 521: Web server is down,” occurs when a website’s server refuses a connection request. It typically means the server is offline or actively refusing connections.
Error 521 occurs specifically on websites that use Cloudflare. The error occurs when the platform cannot establish a connection with the website’s origin web server due to a timeout on the server’s end.
What is Cloudflare?
Cloudflare is a content delivery platform (CDN) and security platform that improves and protects a website from cyber threats. It acts as a reverse proxy where all connections to your server will come from Cloudflare IPs.
However, if the origin web server has issues, it can’t respond to Cloudflare’s requests, which causes error 521.
What causes error 521?
Understanding the causes of error 521 can help you identify the right steps to fix the issue and get your website back online. Here are several factors that can trigger this error.
DNS settings are misconfigured
If the DNS settings for your domain are not pointing to the right server, Cloudflare may be unable to reach the web server. Leading to error 521.
Cloudflare’s IP addresses are blocked
Sometimes, the origin web server can block legitimate connections from Cloudflare. How? Some firewalls and security solutions within your server may be blocking connections from specific Cloudflare IP addresses.
Poor encryption setting
If the encryption settings between Cloudflare and your origin server are incompatible or misconfigured, it prevents a secure connection, triggering error 521.
Cloudflare’s under attack mode
Cloudflare has a security feature called “I’m Under Attack” mode. This blocks certain types of traffic in response to potential attacks. However, this can sometimes accidentally block legitimate traffic, which causes error code 521.
Connection issues
Cloudflare may be unable to reach the origin server because of network problems.
Disadvantages of error code 521
Error 521 can have significant consequences for end users and website owners, impacting user experience and performance.
For end users
When visitors encounter error 521, this can lead to:
- Frustration and poor user experience
- Loss of trust
For website owners
For website owners, a 521 error can lead to:
- Traffic loss
- Revenue impact
- Damage reputation
- Additional costs
How to fix error 521
Resolving error 521 requires identifying and addressing connection issues between your server and Cloudflare. Follow these actionable tips to fix the problem.
Step 1. Check server status
Verify that your server is active and capable of handling requests. To do this, you can use your computer’s terminal to ping it.
Looking at the last paragraph of the prompt, there are equal numbers of packets sent and returned. This indicates that the server is active.
Another option is to use an HTTP header checker tool. You can paste the website’s URL in the platform’s search bar and see results. If you get a 5xx HTTP status code, this means you have a server error.
Step 2. Ensure DNS settings are correct
Confirm that you have correctly configured your DNS settings. Check if the domain’s A and CNAME records point to the correct IP address of your origin server.
Explore Domain.com’s knowledge-based articles for detailed information on how to update your DNS records.
Step 3. Ensure you’re using the right SSL/TSL settings
Ensuring the right SSL/TLS settings are in place is important to maintain a secure connection between your server and Cloudflare. Here’s how to address SSL issues effectively.
Check your server’s SSL certificate
Start by verifying if your server has a valid SSL/TSL certificate installed. Ensure it’s not expired, properly installed, and issued by a trusted Certificate Authority (CA)
Choose the right SSL mode
There are four Cloudflare SSL modes. The mode you choose impacts how Cloudflare interacts with your server.
- Flexible SSL. Use Flexible SSL if you cannot set up an SSL certificate for your domain. This mode creates a connection between Cloudflare and your web server via HTTP.
- Full SSL. Cloudflare connects to your server using HTTP or HTTPs based on the visitor’s request. This option works if your server already has an SSL certificate.
- Full SSL (Strict). This SSL mode is similar to Full but requires more requirements from the origin server.
If you set your SSL/TLS mode to Full or Full (Strict), ensure you have installed the Cloudflare Origin Certificate.
Step 4. Check firewall and security settings
Review your server’s firewall settings. Make sure your server is not blocking Cloudflare’s IP ranges.
To avoid this blockade, whitelist Cloudflare IP ranges in your server’s firewall. This process is like giving a VIP pass to Cloudflare’s IP addresses, ensuring your server recognizes them.
One way to whitelist IP addresses is through the .htaccess. The .htaccess file is the directory of a WordPress website. To whitelist Cloudflare IPs via .htaccess, follow these steps.
- Locate and open the File Manager.
- Select the folder related to the WordPress installation, this is usually www or public_html.
- In the .htaccess file, add Cloudflare IPs. For a single IP, add allow from before the address. It should look like this.
order deny, allow
deny from all
allow from 111.111.111.111
For multiple IPs, add spaces between each IP address.
order deny, allow
deny from all
allow from 111.111.111.111 111.111.111.111 111.111.111.111
You can also unblock Cloudflare IP addresses using the IP blocker in your cPanel account. To use IP Blocker in cPanel, follow these steps:
- Log into your cPanel account.
- Find and select “IP Blocker” from the “Security” section.
- Enter Cloudflare’s IP ranges IP Address or Domain text box. Then, you’ll see the list of blocked IP addresses.
- Go to the appropriate IP address, and from the “Actions” column, click “Delete.”
- Click “Remove IP.”
Step 5. Contact for support
If the issue persists, contact your web hosting provider or Cloudflare support for further assistance. Provide details about the error and the troubleshooting steps you’ve taken. By then, the web hosting provider’s support team should be able to help you.
How to prevent error 521 in the future
To avoid recurring error 521, take proactive steps to ensure your server and Cloudflare configurations work seamlessly. Here are some tips.
Ensure server uptime and stability
Regularly monitor your server to ensure it stays online and performs efficiently. Address any resource limitations, such as insufficient CPU or memory.
Schedule routine maintenance as well. It’s best to do this during low-traffic periods to minimize disruptions.
Keep Cloudflare and server configurations updated
Ensure both Cloudflare and your server are running the latest updates. Make sure they fit each other. Outdated configurations can lead to compatibility issues, increasing the chances of errors like 521.
Whitelist Cloudflare IP ranges
Add Cloudflare’s IP ranges to your server’s whitelist to prevent accidental blacking. Find time to check Cloudflare’s IP ranges to ensure updated IPs.
Although Cloudflare seldom updates its IP addresses, checking it occasionally prevents accidental blockade.
Use Cloudflare’s “I’m Under Attack” mode properly
Activate Cloudflare’s “I’m Under Attack” mode only when necessary. Misusing this feature could block legitimate traffic.
Explore more valuable articles at Domain.com
We’ve covered everything you need to know about error code 521, from understanding the causes to actionable steps to fix and prevent it. Having an in-depth understanding of error 521 is important to ensure a smooth and high-performing website.
For more helpful tips on website management, security, and performance, explore Domain.com‘s resources. We’re here to guide you through every step of your online journey!