I have a server blocking everything but CF IP ranges (listed on IP Ranges) and some users still get CF 522 from time to time. The last time IP ranges were updated was February 21, 2019.
Can someone please confirm with absolute certainty that this list is up-to-date and no other ranges/IPs are used when connecting to hosts? If the list is not up-to-date, is there any chance we can get CF to update it?
Thank you.
So the 522 is a problem? What should they be getting?
That is a question for support. Nobody in the Community can be absolutely certain that they are up to date. I would expect that if they were wrong we would see absolute havoc given the number of people who use the API to update internal access control rules.
How are you implementing your access control? Do you have logs of blocked access that you can correlate with 522 errors?
They should be getting a 200 from origin, definitely not a 522 from CF.
Access control - everything is dropped except the IP ranges listed on the CF IP Ranges page.
Digging through logs of blocked access could take a while, and I may end up with a new CF IP not listed on the ranges page. I’ll give it a go and report back.
I agree that it is a question for support, but I figured I’d ask the community before reaching out for support. The CF 522 is served randomly and to a very small number of users, that it makes me think that CF IP ranges page is missing a few IPs added after February 2019. Case in point: when the user reporting this error switched from WiFi to 4G cellular, the 522 was no longer being served. I am 99% sure that some CF IPs are still being blocked and the only reason that is is because the IP Ranges page is not up-to-date.
Anyone else been having these mysterious, random, 522s that they can not explain?
Status update: I just finished setting up a syslog server which will be getting forwarded access blocked logs from my firewall device. This will be hard work, but once I catch this mysterious CF IP, I will report back and hopefully we’ll get CF to update their IP ranges page.
This topic was automatically closed after 30 days. New replies are no longer allowed.