Well, this doesn’t sound like a DDOS attack! However, the high amounts of traffic you are getting might be contributing to the error! The following errors can occur as a result of an overloaded website!
Error 522: connection timed out
Error 522 occurs when Cloudflare times out contacting the origin web server. Two different timeouts cause HTTP error 522 depending on when they occur between Cloudflare and the origin web server:
- Before a connection is established, the origin web server does not return a SYN+ACK to Cloudflare within 15 seconds of Cloudflare sending a SYN.
- After a connection is established, the origin web server doesn’t acknowledge (ACK) Cloudflare’s resource request within 90 seconds.
An HTTP 524 error occurs if the origin web server acknowledges ( ACK ) the resource request after the connection has been established, but does not send a timely response.
Contact your hosting provider to check the following common causes at your origin web server:
- (Most common cause) Cloudflare IP addresses are rate limited or blocked in .htaccess, iptables, or firewalls. Confirm your hosting provider allows Cloudflare IP addresses.
- An overloaded or offline origin web server drops incoming requests.
Keepalives are disabled at the origin web server.
- The origin IP address in your Cloudflare DNS app does not match the IP address currently provisioned to your origin web server by your hosting provider.
- Packets were dropped at your origin web server.
Error 524: a timeout occurred
Error 524 indicates that Cloudflare successfully connected to the origin web server, but the origin did not provide an HTTP response before the default 100 second connection timed out.
Enterprise customers can increase the 524 timeout up to 6000 seconds using the proxy_read_timeout API endpoint.
Resolution Contact your hosting provider to exclude the following common causes at your origin web server:
- A long-running process on the origin web server.
- An overloaded origin web server.
Logging request response time at your origin web server helps identify the cause of resource slowness. Contact your hosting provider or site administrator for assistance in adjusting log formats or search for related logging documentation for your brand of web server such as Apache or Nginx.
If you regularly run HTTP requests that take over 100 seconds to complete (for example large data exports), move those processes behind a subdomain not proxied (grey clouded) in the Cloudflare DNS app.
If error 524 occurs for a domain using Cloudflare Railgun, ensure the lan.timeout is set higher than the default of 30 seconds and restart the railgun service.
If I may ask, what’s the domain and how can I recreate the error? (Or do you have a screenshot of it?)