I’m also getting intermittent 522’s on my VPS where I manage low-traffic websites using different CMS’s. I’ve double and tripled checked everything. Resources on the server don’t indicate any obvious issue. Checking the logs on different ports show the usual activity.
The 522 issue started late on Friday. Seemingly out-of-the-blue. And it’s had me working / wasting my time on it all weekend. I’ve gone looking for all sorts of cloak and dagger stuff, and checked every possible setting.
Would be helpful if CF could give a little heads up on the issue instead of passing the hot potato back to us.
I’ve turned off CloudFlare on one of the VPS hosted websites, and the 522 issue has gone. The server’s baseline performance looks fine.
There could be some rate limiting issue going on in the server’s IPTables / Firewall. But seeing that I hadn’t touched it, mod_security or Fail2Ban until the 522 started proliferating all over my sites, I’m getting pretty suspicious that it may be down to CF.
Firewall Rules for both incoming and outgoing correspond to CloudFlare’s IP’s except from one IP Address range, that must have been added recently: 22.214.171.124/13 (Hey, CloudFlare… would be nice if you’d warn us). So I added it to my Plesk Firewall.
Checking one of the sites in question I still see 522’s on specific images. Inspecting them they all have an IP Address that doesn’t correspond to any of the ones the CF has published:
GET 2. Status Code: 522 3. Remote Address: **126.96.36.199:443** 4. Referrer Policy: strict-origin-when-cross-origin
So i’ve gone an added this mystery IP Address my Plesk Firewall CF Ruleset.
Checked again and now there’s a new IP Address that’s not published on CloudFlare’s IP Address list, and that’s returning 522’s on images.
This is a joke. I don’t want to spend Sunday playing Guacamole with CF’s shifting IP addresses. Or am I being a total Newb?