HTTP Error Codes

522 Connection Timed Out

HTTP 522 (Cloudflare)

Cloudflare couldn't establish a TCP connection to your origin server within 15 seconds.

What It Means

522 is a Cloudflare-specific error code. It means Cloudflare tried to connect to your origin server but couldn't establish a connection at all. This is different from a timeout waiting for a response (that's 524).

What happens:
User → Cloudflare → [Connection attempt to Origin] → No response → 522

Common Causes

  • Origin server is down — Your server isn't running at all
  • Firewall blocking Cloudflare — Your server's firewall is blocking Cloudflare's IP ranges
  • Wrong origin IP in Cloudflare — DNS is pointing to the wrong server
  • Port not open — Web server not listening on port 80/443
  • Server overloaded — Can't accept new connections
  • Network routing issues — Path between Cloudflare and origin is broken

How to Debug

  1. Check if origin is running — Can you access it directly (bypassing Cloudflare)?
  2. Check firewall rules — Are Cloudflare IPs allowed?
  3. Verify Cloudflare DNS settings — Is the origin IP correct?
  4. Check web server status — Is Nginx/Apache running?
  5. Test from multiple locations — Is it a regional network issue?

Allow Cloudflare IPs

Cloudflare publishes their IP ranges. Your firewall must allow these: 

# Get current Cloudflare IPs
curl https://www.cloudflare.com/ips-v4
curl https://www.cloudflare.com/ips-v6

# UFW example (Ubuntu)
for ip in $(curl -s https://www.cloudflare.com/ips-v4); do
    sudo ufw allow from $ip to any port 443
done

# iptables example
for ip in $(curl -s https://www.cloudflare.com/ips-v4); do
    iptables -A INPUT -p tcp -s $ip --dport 443 -j ACCEPT
done

Quick Checks

# Check if web server is running
systemctl status nginx
systemctl status apache2

# Check if ports are open
ss -tlnp | grep -E ':80|:443'
netstat -tlnp | grep -E ':80|:443'

# Test connection to your origin directly
curl -v http://your-origin-ip/
curl -vk https://your-origin-ip/

# Check Cloudflare DNS settings
dig +short your-domain.com

522 vs Other Cloudflare Errors

522 Connection timed out - couldn't connect at all
523 Origin unreachable - DNS points to nothing
524 Origin timeout - connected but response took >100s
525 SSL handshake failed - certificate issues

Prevention

  • Keep Cloudflare IPs allowlisted (they update their ranges occasionally)
  • Monitor your origin server directly, not just through Cloudflare
  • Set up health checks in Cloudflare load balancer
  • Use a failover origin if your primary goes down
  • Subscribe to Cloudflare status updates

Monitor your origin server directly

UptimeSignal monitors your endpoints and alerts you when connections fail, before Cloudflare does.

Start monitoring free →

Other Error Codes

500 Internal Server Error 502 Bad Gateway 503 Service Unavailable 504 Gateway Timeout