Hi friends,
This problem started yesterday, I am getting 522 on some proxied connections from Switzerland (162.158.149.130, 162.158.149.132, 162.158.149.134) and others work (Germany, France),
I don’t have ip restrictions.
While Investigating I created a firewall rule to capture only cloudflare ips here’s the packet capture of a working and a 522 connection.
What can I do to solve this ? Thank you.
Good job with the PCAPs! I am willing to bet if your own firewall doesn’t have any restriction on 162.158.149.130 etc then something upstream of you in your hosting provider likely does on egress - assuming you can trace back to these IPs OK.
I am guessing the SYN,ACK isn’t arriving, hence we are re-transmitting the SYN 3 times in 15 seconds before giving up and showing a 522 error.
Best to contact your host and share this with them and make 100% sure they are not filtering anything (egress or ingress) on https://www.cloudflare.com/ips-v4 or https://www.cloudflare.com/ips-v6 and in particular 162.158.0.0/15 which is the wider range the Cloudflare source IPs you have identified as experiencing this issue belong to.
Thanks, as you said egress traffic was being blocked by the cloud provider ISP due to security reasons they say.
ping 162.158.149.132 worked from local machine but was being blocked from firewall, a traceroute confirmed where it was being blocked.
@dhafer - good news. I can say from painful experience that 99% of the time with these type of issues your host is doing something you’re not aware of to our IP space… and often after first saying there is no restriction in place 
Really glad to hear you got it resolved by your hosting provider / ISP.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.
