Try the suggestions in this Community Tip to help you fix Error 521: Web server is down.
A 521 error happens when we are unable to make a TCP connection to your origin server. Specifically, Cloudflare tried to connect to your origin server on port 80 or 443, but received a connection refused error. This is often caused by security or firewall software and happens if the origin server has directly refused CloudFlare’s proxy request.
Quick Fix Ideas
Check your origin web server. The origin web server might not be running; in that case you should: a) Ensure your web server is running normally and b) Review the server’s error logs to see what is causing the error. If you’re unable to perform these tasks, contact your hosting provider.
If you have just moved to Cloudflare and you are seeing a 521 over HTTPS, it is possible that your origin server has not been configured to allow port 443 be accessed by Cloudflare IPs. In this case you should configure your server/firewall to being listening on port 443 and allow us to be able to conect. If this is not possible, you can move to using ‘Flexible’ SSL under the Crypto tab on the dashboard.
Make sure that you’re not blocking CloudFlare IPs in .htaccess, iptables , or your firewall.
Make sure your hosting provider isn’t rate limiting or blocking IP requests from the CloudFlare IPs and ask them to whitelist the IP addresses https://www.cloudflare.com/ips.
Make sure that you’re operating off of the most recent versions of Bad Behavior or mod_security. mod_security’s core rules aren’t blocking CloudFlare requests.
If you are running custom Apache modules, such as mod_antiloris and mod_reqtimeout, disable and unload the modules. These modules will block any time an IP that connects more than 22 times. Since all connections are now coming from a CloudFlare IP, you will definitely hit the limit causing the error page. As soon as you unload the module, the issue will disappear.
If your firewall is configured to DROP packets rather than refuse connections, it will cause a 521; meaning an incorrectly configured firewall can actually masquerade as a connection timeout 522 error.
If You Need More Help
This community of other Cloudflare users may be able to assist you, if not, login to Cloudflare and then contact Cloudflare Support. When you contact support, make sure to include as much of this information as possible: time stamped log files from your origin server, RayID, domain name, error messages, screen shots, and/or HAR file(s).
Expert Comments Appreciated
This Community Tip will remain open for input from Community experts and those familiar with this issue. We really appreciate comments that start with words like: “The three things I always try”, or “Do this first” or “In my experience”.