We are debugging random HTTP 520 issues between some of our clients and Cloudflare.
We found out that these random 520 errors happen because of a misconfiguration on our origin server, which is triggered under the following circumstances:
- A client connects to Cloudflare with a big (>8k bytes) “Authorization” header
- Cloudflare connects to our origin using HTTP/2.0
- Our origin returns an HTTP code “000” when it receives a HTTP/2.0 connection with headers above a certain threshold.
We since then managed to mitigate the issue by increasing some configuration settings on our origin.
However, the HTTP 520 error our clients were experiencing looked “random” because:
- The requests with the “big” header were working fine using HTTP/1.1. They represented about 75% of the requests made.
- Requests made with this “big” header AND HTTP/2.0 don’t work, and they represent 25% of the requests made.
After reading the “Understanding Cloudflare HTTP/2 and HTTP/3 Support” document:
Cloudflare only uses HTTP/1.x between the origin web server and Cloudflare.
Is there anything that we could have misconfigured so that Cloudflare actually connects to our origin using HTTP/2.0 in ~25% of the cases?