Getting 522s

I’m also getting intermittent 522’s on my VPS where I manage low-traffic websites using different CMS’s. I’ve double and tripled checked everything. Resources on the server don’t indicate any obvious issue. Checking the logs on different ports show the usual activity.

The 522 issue started late on Friday. Seemingly out-of-the-blue. And it’s had me working / wasting my time on it all weekend. I’ve gone looking for all sorts of cloak and dagger stuff, and checked every possible setting.

Would be helpful if CF could give a little heads up on the issue instead of passing the hot potato back to us.

UPDATE:

I’ve turned off CloudFlare on one of the VPS hosted websites, and the 522 issue has gone. The server’s baseline performance looks fine.

UPDATE 2

There could be some rate limiting issue going on in the server’s IPTables / Firewall. But seeing that I hadn’t touched it, mod_security or Fail2Ban until the 522 started proliferating all over my sites, I’m getting pretty suspicious that it may be down to CF.

Firewall Rules for both incoming and outgoing correspond to CloudFlare’s IP’s except from one IP Address range, that must have been added recently: 172.64.0.0/13 (Hey, CloudFlare… would be nice if you’d warn us). So I added it to my Plesk Firewall.

Checking one of the sites in question I still see 522’s on specific images. Inspecting them they all have an IP Address that doesn’t correspond to any of the ones the CF has published:

GET
2. Status Code: 522
3. Remote Address: **172.67.162.250:443**
4. Referrer Policy: strict-origin-when-cross-origin

So i’ve gone an added this mystery IP Address my Plesk Firewall CF Ruleset.

Checked again and now there’s a new IP Address that’s not published on CloudFlare’s IP Address list, and that’s returning 522’s on images.

**104.24.115.236**:443

This is a joke. I don’t want to spend Sunday playing Guacamole with CF’s shifting IP addresses. Or am I being a total Newb?

I think you’re being a total Newb, 172.67.162.250 is well within 172.64.0.0/13 and has been listed on
https://www.cloudflare.com/ips/ for at least 5 years

104.24.115.236 is also well within 104.16.0.0/12

You can read more about CIDR notation here

1 Like

Thanks @soldier_21!
I actively relish being dumb sometimes :slight_smile:
And thank you for the article. Never stop learning.

Regardless, the issue still persists and is being reported on other forums.

S

1 Like

I’ve removed the CloudFlare proxy (grey cloud on the Origin Server’s IP) on one of the websites on the VPS server. Then I had install a LetsEncrypt SSL, because I was using CF’s Origin Sever Cert.

Now the site is now running without any errors or issues. It actually seems to run faster. All other websites on the VPS that run through CF are still showing intermittent 522’s.

Yesterday I had also checked Fail2Ban’s jailed IP Addresses in case one or some of CF’s IP\s had been trapped there. But it was all clean.

Now I’m looking into the suggestion that TCP keepalive shuold be enabled. Checking to see if my VPS has that enabled.

So the default settings are:

KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5

UPDATE:

The other sites that are still running through CloudFlare are returning 521 Errors. Whereas the now two that I’ve removed from CloudFlare are performing very well.

Now I’m getting mixtures of Error 520 and 521. This is a joke.

We recently had quite a few 522’s for one of our properties. They were however all related to a geographic region Hong Kong that has quite a few issues. We also have this one site where we have stacked CDN’s cloudflare->akamai and we attributed the issues to those items.

I believe I found the problem on my VPS server.

While problem solving another “IP banning” issue with another client, I discovered that they had been jailed by Fail2Ban. I had already whitelisted CF’s IP Address ranges on both the Server’s Firewall and Fail2Ban but given what had happened with the other client I searched in Fail2Ban’s jail and found some CloudFlare’s IP addresses there, despite me having whitelisted them. So I removed them and things “seem” to be working again.

Hopefully the Fail2Ban whitelist will allow all future connections from CloudFlare.

This topic was automatically closed after 31 days. New replies are no longer allowed.