Cloudflare 522 connection timed out only single Region

Hello,

I use Cloudflare with Ezoic. In my server, I have allowlisted Cloudflare and Ezoic IPs (IPv4 and IPv6). When I enabled "Cloudflare proxy from the Ezoic, I receive “Cloudflare 522 connection time out.”
I use the up-to-date IP list which is listed here.

Initially, I thought this is my server issue, therefore yesterday I have moved one of my sites to a new VPS, but the problem was not fixed.

I face this issue when I use Sri Lankan ISP. If I switch to another country using a VPN, then this issue has gone away. I believe it happened when the visitor is connecting to the Cloudflare Colombo data center.

If I disabled Cloudflare and Ezoic and access to my sites, there is no error. Also if I edit Windows 10 host file and directly pointed to the site again no issue. Web pages are loading normally. When I visit the browser console there is no error. If I visit Cloudflare’s error log analysis, it doesn’t show much information.

For your reference, I have attached the Cloudflare Connection timeout error with RAY ID.

Cloudflare Ray ID: 673b68025a984cb5 • Your IP: 2402:4000:2280:7016:4cce:420b:d7a9:139b
Date and time: 2021-07-24 07:24:03 UTC.

Cloudflare Connection Time Out error 021920×1080 139 KB

I have allowlisted the following Cloudflare IPs.

#CloudFlare IPv4
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
172.64.0.0/13
131.0.72.0/22
104.16.0.0/13
104.24.0.0/14

#CloudFlare IPv6
2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32
2a06:98c0::/29
2c0f:f248::/32

Thank you.

Yeah, these are the correct addresses, but how did you allowlist them?

It won’t be directly related to it but indirectly. Somewhere on your server (or its network) the IP address range of the Sri Lankan datacenter will be blocked. I am afraid that’s really something you can only clarify with your host as they know where such a block could be configured.

Just to elaborate, a 522 means Cloudflare could not establish a TCP connection, so that’s most likely not even something on the web server, but a restriction somewhere on the network level.

Thank you @sandro for your reply.

I started using Ezoic in March 2021 (I use Cloudflare since 2013). However, I’m experiencing this issue since July second week of 2021. Is there any way to check the Cloudflare error logs? Because in my server log, I cannot find any error log.

Yesterday I have set up a new VPS (only for testing purposes and later deleted it) without any firewall (basic setup) and tested it, again I face the same Cloudflare 522 error.

I have a Ubuntu VPS. On this server I installed CSF. In the CSF, I added Cloudflare and Ezoic IPs to csf.allow file. Then I added the same IPs in Nginx nginx.conf file http{ block.

Below is my nginx Cloudflare IP list file format. Since Ezoic has over 2,000 IP’s in here I did not paste everything. Just added few Ezoic IP’s for get an idea.

#CloudFlare IP.
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2405:8100::/32;

#Ezoic IP.
set_real_ip_from 3.5.140.0/22;
set_real_ip_from 15.230.56.104/31;
set_real_ip_from 35.180.0.0/16;
.......................

#use any of the following two
#real_ip_header CF-Connecting-IP;
real_ip_header X-Forwarded-For;

What would you like to check there? Cloudflare does not provide these logs and they’d also not say much more than what the 522 does. Somewhere on your network the TCP connection is blocked.

As I said earlier, that’s unlikely your web server. You’d rather need to check anything network related.

Is that on the same network as the original setup?

Same VPS provider with a new server IP and fresh setup.

In that case - and assuming your new VPS did not have any default firewall settings (double check that) - that will be most likely either a network firewall (talk to your host about that) or some issue on their network where they possibly rate limit (and block) requests if they always come from the same network.

I am afraid that’s really something you can only clarify with your host.

I assume you already found it but Community Tip - Fixing Error 522: Connection timed out really covers that issue.

I have contacted the hosting provider and they confirmed that they are not using any firewall or rate limit.

Since I tested temporary VPS on the same VPS provider, today I again moved the site to “nestify.io”. Still, I face this issue.

What’s the output of https://community.cloudflare.com/cdn-cgi/trace?

fl=260f1
h=community.cloudflare.com
ip=175.157.44.158
ts=1627145713.918
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36
colo=CMB
http=http/3
loc=LK
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off

My site cdn-cgi/trace output.

fl=260f7
h=domain.com
ip=175.157.44.158
ts=1627145767.381
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36
colo=CMB
http=http/3
loc=LK
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off

You are accessing this forum via the CMB PoP as well and are not experiencing any issues, right?

At this point you could only open a support ticket and have Cloudflare look into it, but I somewhat doubt they will be able to tell more as the connection simply times out - and this is typically an issue on your server side, unless there is some obscure connection issue between your server and Cloudflare, but I can’t tell if support would have any more insight here, but you can try.

My guess is still there is a network issue on your provider side.

Thank you so much your support. I have doubt that this is Ezoic side issue. But no idea about it.

Well, in 99% of the cases this is server related. If you double checked everything and are absolutely sure there is nothing whatsoever blocking on your side, you really can only contact support I am afraid.

When I check the Chrome developer tools HAR file, I can see that 522 error as below. Is it normal or that error generate as a result of another issue (eg: large cookies etc)?

        "cookies": [
            {
              "name": "cf_ob_info",
              "value": "522:673ee763d2764cb0:CMB",
              "path": "/",
              "domain": "carsreborn.com",
              "expires": "2021-07-24T17:38:42.000Z",
              "httpOnly": false,
              "secure": false
            },

           {
              "name": "cf_ob_info",
              "value": "522:673ee763c2734cb0:CMB",
              "path": "/",
              "domain": "carsreborn.com",
              "expires": "2021-07-24T17:38:43.607Z",
              "httpOnly": false,
              "secure": false
            }

That’s not an error, those are regular cookies, seemingly in the Always On context.

https://support.cloudflare.com/hc/en-us/articles/200170156-Understanding-the-Cloudflare-Cookies#5yFkIZsbmQgWj9dSbPOi98

I am afraid you really need to rule out that this is an issue on your server side (which it will be in my opinion) and, if you can do so, then contact Cloudflare’s support.

As for now I’d almost bet money that this will be a traditional case of blocked Cloudflare addresses on your server side. For example, sitemeer.com/#https://carsreborn.com loads “fine”, although with a 500 as you’ll be probably blocking user agents.

One question, do you have any IPv6/AAAA records configured? If so, try removing them temporarily and check if that might fix it. Admittedly, I am rather guessing here, but your initial screenshot showed an IPv6 address and I wonder whether there could be an IPv6 connectivity issue.

I already removed IPv6 address from the DNS. I think 1st screenshots shows my IPS IPv6 address. Not the server.

Ezoic support team confirmed that they are not blocking Cloudflare IPs.

Place holder.

Sorry, but you are really in violation of community rules at this point as it is clearly stated you are not to use MoreHelp before 72 hours passed.

Also, as I already mentioned the community can’t do anything any more this point, you will have to talk to support.

And yes, hosts often confirm something and then it turns out not to be true.