Error 520 in Logout Page

My website used to wqork fine before but from past more than a month I am getting Error 520, Web server is returning an unknown error, Ray ID: 682db197f8b54d21(sample)
When I disabled proxy for that URL and checked network logs the status returned by Logout URL is 302 redirect to Login page which is correct.
How can be narrow down the issue?

HTTP to HTTPS or vice-versa?
May I ask which SSL option have you got selected under SSL/TLS tab at Cloudflare dashboard for your domain?
Was your website working over HTTPS before switching to Cloudflare? How about your SSL certificate? Is it still a valid one?

The Server is IIS(Asp.net MVC website) and I’m using Cloudflare Origin CA cert on server.
The SSL option selected is Full (Full strict is not selected as other subdomains may require self-signed certs)
It used to work fine since last 1.5 years just recently it started having this issue no major changes were done to Logout page in recent times.
The website runs on https and all redirects are done via https
With Cloudflare proxy disabled the login/logout works fine on both Live and Test site as I checked.
I will provide the example network logs test wesbite in browser without Cloudlfare proxy to along with headers info.

I found the issue it was due to HTTP headers for clearing cache in Logout request.
I think few headers are not not supported by Cloudflare as I have been using them since 1.5years.

I didn’t check which exact header or cobination of them is causing Cloudflare to give 520 Error, I will diagnose it later and update here. But for now I have commented the cache headers section as below and this has resolved the 520 Error issue.

//Response.AppendHeader("Cache-Control", "no-cache"); //HTTP 1.1
//Response.AppendHeader("Cache-Control", "private"); // HTTP 1.1
//Response.AppendHeader("Cache-Control", "no-store"); // HTTP 1.1
//Response.AppendHeader("Cache-Control", "must-revalidate"); // HTTP 1.1
//Response.AppendHeader("Cache-Control", "max-stale=0"); // HTTP 1.1
//Response.AppendHeader("Cache-Control", "post-check=0"); // HTTP 1.1
//Response.AppendHeader("Cache-Control", "pre-check=0"); // HTTP 1.1
//Response.AppendHeader("Pragma", "no-cache"); // HTTP 1.1
//Response.AppendHeader("Keep-Alive", "timeout=3, max=993"); // HTTP 1.1
//Response.AppendHeader("Expires", "Tue, 01 Jul 1997 06:00:00 GMT"); // HTTP

According to Mozilla Docs the way I was doing it is a incorrect way to stop caching of Logout Page.
Link: Cache-Control - HTTP | MDN
Correct way is to just add below no-cache header, I did this and its working fine on Cloudflare now

Response.AppendHeader("Cache-Control", "no-cache");

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.