Error 520 upon request (not response from origin server)

We’ve read thoroughly Cloudflare’s documentation about Error 520s and have a different case.

In about .15% of our site visits Cloudflare returns an Error 520 almost instantly (it’s not a timeout).

  1. Our origin server does not log that page view as having been accessed by that visitor’s IP address. So we assume that Cloudflare rejects the request from the client before it has reached our origin server – maybe based on the REQUEST header (not the response header)

  2. It seems to occur due to cookie size. We can always reproduce the Error 520 response when we have a set of cookies that is 5 kb in size. If we delete half those cookies there is no longer an Error 520. However this is nowhere near the 16 kb header size limit that Cloudflare says returns an Error 520. So we don’t know why only 5KB of cookies causes Cloudflare to return Error 520

  3. If you repeatedly refresh the page that generated an Error 520, you keep getting Error 520s. You have to delete cookies to get the requested page returned finally.

  4. We’re a Pro customer at Cloudflare

Any suggestions or help, please?

1 Like

Greetings,

I am sorry to hear you are experiencing an issue.

Regarding Cloudflare 520 error, may I suggest you to try looking into below articles to troubleshoot the issue:

In this case, I’d suggest you to read below article, scroll down and find your web server type and implement the method to restore visitor IP in your origin/server access/error log files as follows:

Before moving to Cloudflare, was your Joomla Website working over HTTPS connection?

You could determine this by:

  1. Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
  2. The link is in the lower right corner of that page.
  3. Give it five minutes to take effect, then make sure site is working as expected with HTTPS without any error
  4. Check with your hosting provider / cPanel AutoSSL / Certbot / Let’s Encrypt / ACME.sh and renew it
  5. Only then, when your website responds over HTTPS, you should un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

Here is a way to re-check if you correctly setup the SSL for your domain with Cloudflare:

In case you do not have an SSL certificate, you can use Cloudflare SSL, if so, kindly make sure you follow the instructions as follows on the below article to setup an SSL certificate using Cloudflare Origin CA Certificate:

Last but not least, kindly have a look here for more information regarding SSL settings at the SSL/TLS tab on Cloudflare dashboard:

Furthermore kindly re-check if Cloudflare is allowed to connect to your origin host to as follows in the below article:

Nevertheless, Cloudflare IP addresses list can be found here:

Kindly, I’d suggest you to write a ticket to Cloudflare support due to your account and/or domain issue and share the ticket number here with us so we could escalate this issue:

  • Login to Cloudflare and then contact Cloudflare Support by clicking on the Get More Help button. If you get automatic reply, reply and indicate to it you need more help and reference to this topic
  • Or send an an e-mail to support[at]Cloudflare[dot]com from your e-mail associated with your Cloudflare account

Furthermore, if you have been through all these above suggestion and are not seeing corresponding issues on your network/server and you have a ticket number with Cloudflare, please reply and post that ticket number # here.

To enable efficient troubleshooting by support, please ensure you include the following on the ticket:

  • example URL(s) where you are seeing the error
  • Ray IDs from the 520 pages
  • output from a traceroute from any impacted user
  • output of example.com/cdn-cgi/trace - replace example.com with the affected domain.
  • Also include two HAR file(s) : one detailing your request with Cloudflare enabled on your website and the other with Cloudflare temporarily disabled - see How do I temporarily deactivate Cloudflare
1 Like

Thanks.

We are very familiar with this troubleshooting article everyone mentions. (Didn’t I say that in the first sentence?)

Its suggestions did not resolve our problem.

  1. We placed all Cloudflare IP addresses on an allowlist in our server. Problem persists.

  2. The problem reproduces with only 5 KB of cookies. The Troubleshooting page says 16 KB triggers Cloudflare’s Error 520. So that is not the cause.

  3. The problem seems to occur before our request hits our origin server. Cloudflare seems to stop the request from even reaching our origin server. All the other troubleshooting tips on that Cloudflare page do not apply because they talk about the response by our origin server.

  4. We do not need to "restore visitor IP’. We see the visitor’s IP logged correctly on every page load until they get an Error 520. Then their IP address is not logged. This is why we say that Cloudflare may block the request and prevent it from reaching our origin server.

  5. We set Cloudflare for Full SSLencryption. Don’t know why this would matter.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.