CloudFlare worker on specific path failing results in all calls to also fail

Has anyone experienced errors with CloudFlare workers causing other URLs on the same hostname that don’t go to the worker also having the same error?

I have setup a CloudFlare worker as a reverse-proxy to return content from an origin server.

This worker is restricted to only work on a specific file-path, both using the worker route, and by the code in the worker checking the file-path of the request.

If the call to the origin server fails, then the call to the reverse-proxy worker on CloudFlare also fails with a HTTP error code of 526.

This is expected behavior, and not the problem. The problem is that if the reverse-proxy call fails with a 526 error, then the very next call to CloudFlare, regardless of file-path, will also fail with a 526 error. If I reload the URL again it will complete successfully, until I call the reverse-proxy worker and it returns a 526 error again.

Here’s an example of the problem (with fake URLs):

  • is setup in CloudFlare DNS, with Proxy enabled.
  • I setup a reverse-proxy worker assigned to the route DOMAIN FOR SALE
  • The reverse-proxy worker is calling an origin server with the wrong SSL certificate.
  • There are no other workers or routes that match the other calls I make.

The problem can be reproduced with the following steps:

  1. Call - this will result in the 526 error.
  2. Call - this will also results in a 526 error the first time it is called.
  3. Reload the URL from #2 as many times as you want and it will load successfully.
  4. Until you reload the URL from #1 and get the 526 again, at which point any URL will return a 526 error once.

Why would the call to the reverse-proxy failing result in all other calls to CloudFlare to fail?

I can fix the error in step #1 by installing the correct SSL certificate in the origin server, but I want my setup to be robust enough so the whole website is not brought down because the reverse-proxy is failing.

I have opened ticket #2197715 and not received a response, other than instructions to respond to this post with @MoreHelp.

I also wanted to clarify that this is not an issue with our Worker code - this is working as expected when it returns a 526 HTTP error in response to issues with the origin server.

The problem is that even though the Worker is assigned to a specific file-path, when it returns an error any other proxied calls (on any file-path) to return the same 526 HTTP error.

I cannot replicate the 526 you are seeing, I did notice an error on the origin certificate WRT the SAN. Do you still see the error if you proxy :orange: the A record that is named the same as your domain?

Other ideas here,

1 Like

I updated the A record for ‘’ (my domain) to be proxied, but am still seeing the issue.

I also looked through the Community Tip you linked, but none of that applies. To clarify, the issue is not with the Worker itself returning a 526 error. That is expected behavior and we can fix that by updating the origin server to return the correct SSL certificate. The problem is the Worker returning a 526 error causing the next call to the same hostname, regardless of file-path, to also return a 526 error.

Here are steps to replicate with the actual URLs:

  1. Open this URL, not processed by Worker, and note it loads correctly:
  2. Open this URL that is processed by the Worker and note it returns 526 error:
  3. Open this URL from step #1 again, note that it too now returns a 526 error:
  4. Open this URL from step #1 and #3 again, note that is loads correctly:

You can repeat these steps as many times as you want and can see that the Worker responding with a 526 error is causing the very next call to the hostname, regardless of file-path to also return a 526 error.

Here’s a screenshot of my Route / Worker settings showing that the Worker should only be executing for the specific file-path:

1 Like

This is most likely related to how Always Online is responding to the 526 being returned by the worker and attempting to serve a cached copy of the site. If you disable AO on the site are you still able to reproduce this issue?

I have been communicating directly with customer support and we have determined that disabling Always Online stops this error.

However, I have not been provided with an explanation as to why the Always Online functionality results in this behavior - it does not make sense that a Worker returning a 526 error would result in all other calls to the same hostname returning a 526 error, and only for the next call.

I will continue to work directly with my customer support contact.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.