Recent Cloudflare Infrastructure Change Breaks Website Access with Error 520

It seems like something recently changed in the Cloudflare infrastructure/backend configuration to cause 520 error code responses for sites configured at the host for Authenticated Origin Pulls, but with the Authenticated Origin Pulls toggle not enabled in the Cloudflare Dashboard. In my case, I had several for alias/forwarding domains that didn’t actually have the Authenticated Origin Pulls enabled in Cloudflare Dashboard (only the main domain had it enabled), but pointed to a site on my host/server that did have AOP configured. Everything was working properly until just recently, when I received an email from Cloudflare about an unexpected increase in errors, and noticed that the alias domains that did not have Authenticated Origin Pulls enabled in the Cloudflare dashboard began getting 520 error code responses. Since nothing has changed on the server/host side, I can only assume something changed on the Cloudflare side to stop allowing access to these sites unless the toggle is also enabled in the Cloudflare dashboard. I had to go into the SSL settings for several dozen domains in Cloudflare to enabled AOP for each. Just an FYI for anyone also experiencing this issue.

I’m not sure why it would appear to have been working before, but if AOP is enforced on your origin, then it needs to be enabled in the Cloudflare dashboard otherwise your origin will reject the connection from Cloudflare - that is after all the point of AOP. Certainly whenever I add AOP to a domain/host combination, I test it by enabling and disabling both ends (and setting another Cloudflare domain to point to it to check for rejection) and it works as expected.

1 Like

I think previously if it was enabled at the Origin, but not on Cloudflare, it would still work because Cloudflare was always by default using the certificate, but I guess recently they stopped doing that (origin only rejects the connection if the certificate is not presented). Again, in my case the change only affected some alias domains, because I had already configured the main domain to use AOP. It was just other domains I bought to forward or point to the same site that had an issue. Just notating here for anyone else that may experience the same issue with domains for which they may have forgotten to enable AOP on Cloudflare.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.