Incorrect CloudFlare error message

Since I started evaluating Cloudflare for my new website, I have seen a few of the dreaded Cloudflare error pages. One particular time I was really suspicious about the “523 - Origin unreachable” as I was logged on to the server via SSH and could clearly see it working. To check my suspicion, I fired up a VPN and changed my location, and sure enough, my site was online, working properly. To verify (I don’t want to unjustly accuse Cloudflare of falsely reporting status), I went back and forth between the two locations a few times, and Cloudflare was consistently reporting my server as “unreachable” from one Cloudflare endpoint, while everything was working from another.

The problem with this is that those Cloudflare error messages make us (users) look bad. Am I the only one who finds those pages like “fingerpointing”? CF DOES have errors, but I just confirmed that even if it does, it still displays an error pretending the problem is with the user’s site (making us look bad) while it is actually with Cloudflare.

I have only been at the other end of this (seeing quite a few Cloudflare error pages here in Europe and always thinking that the websites (and not CF) must be very unreliable, I think it would be nice if these error pages were at least less annoying, i.e.g. not pointing a big finger at the site and saying “bad, bad!”. This “feature” alone makes me consider an alternative since I don’t want CF badmouthing my site when it has errors - this is actually what happened in this case.

Just for the irony, see this:

This is CF saying that its own dashboard isn’t available via Cloudflare (it was - I could log in via VPN) so this IS a CF error that is being blamed at the users. Just this time, CF is at both end of the error.

Is there anything that can be done about this? If not, I will not be using CF but consider an alternative solution. Thank you.

Your testing demonstrated that the site was reachable from one Cloudflare location, but not another Cloudflare location. The error reported from the location where the origin was unreachable was “523 - Origin unreachable”.

The origin is unreachable from the POP where the connection was being made from. I don’t see that as an attempt to make anyone look bad. Can you suggest an alternative error message which would more accurately describe the condition?

It’s certainly possible there was a Cloudflare error. Generally more likely it could be a networking error or a bunch of possible causes listed in the KB articles about that error. But based on your testing I don’t see any evidence that it was a Cloudflare problem.

I guess we could argue about whether or not an incorrectly configured host is the most common cause of a 523 error, but it is also the first item listed in the KB, so I would have to assume the team writing the KB and the error message listed it as the most common cause for a reason. If you have a suggestion for better error description/ troubleshooting information please let us know.


Thank you for taking the time to respond.

To me, the worst part of that error page (not specifically the 523 one, but the error page in general) is that it specifically claims that there is an ERROR with the originating server. I have seen a very specific example when I originally posted that that WASN’T the case so by displaying a graphic which emphasizes “there is something wrong with the host”, even if unintentionally, you DO make the host look bad.

As you said, there can be “a bunch of possible causes”, but the error page does NOT say that. It DOES make the host look bad, because even if it is a networking error, or a CF error, there is a very clear indication that says “Host: Error”. This WASN’T the case in either one of my tests (both the CF dashboard and my website were reachable at the time), yet Cloudflare stated in no uncertain terms that there was an error with the host.

There are no two ways to interpret a graphic that shows “Cloudflare: Working. Host: Error”. It says what it says, and that’s my beef with this. Whether it was a network error, or a CF error, it WASN’T what was displayed.

Just a simple message that states true facts (instead of an alternate version, skewed in Cloudflare’s favor - which I assume was the original intention of displaying such an error page, i.e. to make it seem like Cloudflare is OK, and the problem is only with the host) would be much more friendly. E.g. “Cloudflare wasn’t able to retrieve the page you requested” - and listing all of the likely causes, not only the one that makes Cloudflare look good and not at fault. E.g. if the host was unreachable from that specific CF location, it could have been a network error, a CF error, etc. and doesn’t necessarily indicate any of the problems listed on the error page, ALL of which assumes that CF is okay and the Host has a problem.

In my case specifically, the error only occurred when Cloudflare was inserted between the visitor and the origin server, since the server was reachable from the same location as soon as I removed Cloudflare from the equation. That’s what I mean by making a host look bad, when the problem was NOT with the host.

And one more thing. Even if the KB does describe all of the possible reason, that’s just for us site owners. No visitor will ever go there and read WHY a certain site isn’t reachable - they don’t need all that info. So to them, your error page is the only stop they will make before getting the impression that “X website is not working”. That’s why it isn’t fair to display it this way.

Also note that the graphic on the error page only shows the host being down, as opposed to the other possible explanations which you added and which may be in the KB, that is, the network connection between the host and CF, which may just as well be the reasons. But it is shown on the graphic as being okay, which places the fault squarely at the host server.

The Internet is not a monolithic thing. I just checked the Cloudflare status page and at the moment we have YYZ rerouted due to network issues (for example).

At any given time there can be all kids of network routing issues which can effect connectivity to/from a given location. The ability to determine what the cause is from location A to server B is often not a simple thing to diagnose. All we can tell is that the origin isn’t reachable (as opposed to other errors where connections might be refused or the origin responds with a specific error code).

In the case of the above screenshot, there was probably an error connecting to the dashboard application on our side because of a networking error… odds are slightly better than average that the networking error was within our own network which is a bit ironic I admit, but I think serves to demonstrate that network routing issues aren’t uncommon. And the net result was the origin was unreachable which is what the error message itself says.

Even in the case of the Cloudflare error you showed, the Cloudflare edge was accessible (which is what the middle Cloud represents, the host was inaccessible.

I understand your point, if you have a suggestion for a better description we could present to visitors, I am happy to pass along the feedback to the teams that maintain the pages.

I understand.

Yes, I do have a recommendation.

People are in a hurry, they don’t read if they get an image. My problem with the error page is that it is basically an infographic telling the user a few things:

  • Your browser working (he knows that… was this ever a question…?)
  • There is a thing called “Cloudflare” which is working (even though 99.99% of the users will have no idea what Cloudflare is, what it does or why it is in the middle
  • The website you are trying to reach has an error.

The last point was the original point of my message: as you described, it isn’t always the case (often it can be networking errors but the illustration says AND shows THE ORIGIN SERVER HAS AN ERROR.

I want CF to get this point, because it may be subtle, but:

  • it gives the user possibly incorrect information that makes the origin server look bad (it is marked with a red X and the word “ERROR”, while the fault may be at Cloudflare, somewhere in between the network, etc. I don’t know how you can NOT see that this is unfair with the site owner: if there is an error (the host is unreachable) CF displays a message that THE HOST SERVER has an ERROR. Do you see that?

  • People won’t read. IT people always (naively) think that a visitor will read AND understand what is said on a page, error message, etc. but people are as immune to them as to reading Terms of User on websites. I get your point that the text says “Origin unreachable”, but (A) visitors don’t understand the difference (B) visitors won’t read it, will only look at the picture with the origin host and the big red X and move on. So you can say that the message is correct, but at the same time, it will almost never be read, so the only thing visitors see is the BIG RED X and the word ERROR. So without getting into a philosophical discussion about sounds in the forest that no one is there to hear, it is common sense UI wisdom that people will only invest precious attention resources into understanding an error message as long as they absolutely have to - which in this case is “RED X” and ERROR and the name of the host. At that point, they know all they need to, and will move on without reading another word, so the “origin unreachable” explanation may as well be absent - no one will read it.

I don’t mean to overexplain but I’m feeling from the first two responses like I wasn’t getting my point across.

So, as far as recommendation: just make it something simple, without visually blaming the host for every error that makes it unreachable, since (as you correctly stated) there are a bunch of other possible reason. The visitor gains absolutely nothing from knowing where the error is on the internet since there is nothing he can do about it.

Display a simple error page without a graphic that shows “we are OK and they are at fault”. That’s my recommendation.