As soon as we enable the Cloudflare proxy on one of our sites, we immediately see the CF 520 error. Out test version of the site has been proxied for a couple of months with no issues. We have followed the troubleshooting steps in the community tips article, but we aren’t seeing anything obvious that could be causing this.
Is there any firewall before your origin host/server?
Did something updated or changed the Firewall settings regarding the open/closedports on the Windows machine itself, or the IIS?
What version of the IIS are you running?
Before moving to Cloudflare, was your Website working over HTTPS connection?
Does it work as expected when you temporary Pause the Cloudflare for your zone?
Furthermore, you could determine if this behaviour continues even by using a “Pause” option at Cloudflare as follows:
- Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
- The link is in the lower right corner of that page.
- Give it five minutes to take effect, then make sure site is working as expected with HTTPS.
There is a firewall, but we have allowed Cloudflare IPs and we have no issues with our test site which is also behind the same firewall. It is possible that there are IIS or other disparities between test and production, but that is what I’m having a hard time narrowing down because they really shouldn’t be different.
The serve is running IIS 10. The site works over HTTPS without the Cloudflare proxy turned on. Pausing Cloudflare also fixes the issue.
Make sure SSL in Cloudflare is set to full strict
I can try that, but it is currently set to Full (not strict) for that domain, and our test subdomain is working fine proxied.