# website errors# troubleshooting# cloudflare
Cloudflare Error 522: Connection Timed Out
Cloudflare Error 522 means Cloudflare successfully initiated a TCP connection to your origin server, but the connection timed out before it could be completed. Your server opened the connection but then stopped responding.
It's a step beyond a 521 error (which is a refused connection) — with a 522, the server at least starts talking but then goes silent.
What's the Difference Between 521 and 522?
| Error | What it means |
|---|---|
| 521 | Connection refused — server actively rejected Cloudflare's connection |
| 522 | Connection timed out — server accepted the TCP handshake but didn't respond in time |
| 523 | Origin unreachable — Cloudflare can't reach the server at all |
| 524 | Timeout — Cloudflare connected and sent a request, but got no response within 100 seconds |
A 522 sits in the middle: the server is alive at the network level (it completed the TCP handshake) but not responsive at the application level.
Common Causes of a 522 Error
Origin Server Is Overloaded
The server accepted Cloudflare's TCP connection but is too busy to actually process and respond to the HTTP request. Workers are all occupied, the request queue is full, and eventually Cloudflare gives up waiting.
Check CPU, memory, and active connections:
top
free -h
ss -s
netstat -an | grep ESTABLISHED | wc -l
Firewall Blocking Cloudflare's IP Ranges
Similar to a 521 — if your server's firewall allows the initial TCP handshake but then drops subsequent packets, Cloudflare sees a timeout. This is a common misconfiguration where a firewall rule allows connection establishment but filters subsequent traffic.
Make sure all Cloudflare IP ranges are fully allowed through your firewall — not just for SYN packets, but for all TCP traffic on ports 80 and 443.
Long-Running Application Requests
If an HTTP request takes longer than Cloudflare's connection timeout (typically 15 seconds for the initial response), a 522 results. Long database queries, slow external API calls, or heavy processing operations can all trigger this.
This is different from a 524 error — a 524 means Cloudflare connected and sent the request but didn't get a response in 100 seconds. A 522 times out before or during the initial connection.
Network Congestion or Routing Issues
Packet loss or high latency between Cloudflare's servers and your origin can cause intermittent 522 errors. This might be a problem at your hosting provider's network level rather than your server specifically.
Server Network Interface Issue
In rare cases, the server's network interface has problems — it accepts TCP connections at the OS level but the network stack is struggling, causing application-level communication to time out.
How to Fix a 522 Error
Step 1: Verify Origin Server Is Responding
Bypass Cloudflare temporarily by accessing your server's IP directly (if your host allows this):
curl -v http://YOUR_SERVER_IP --header "Host: yourdomain.com"
If this works, the server is fine and the issue is between Cloudflare and your server (likely a firewall or network issue).
Step 2: Whitelist Cloudflare IPs
Ensure all Cloudflare IP ranges are allowed in your firewall for full TCP communication:
# Allow all Cloudflare IPs (example with UFW — repeat for each range)
sudo ufw allow from 103.21.244.0/22
sudo ufw allow from 103.22.200.0/22
# ... add all ranges from cloudflare.com/ips
Step 3: Reduce Server Load
If the server is overloaded, tackle the cause:
- Identify and optimise slow database queries
- Increase PHP-FPM or application worker count (if RAM allows)
- Enable caching to reduce the number of dynamic requests hitting the server
- Consider scaling up your hosting plan
Step 4: Move Long Operations to Background Jobs
If specific endpoints are slow (e.g. report generation, bulk operations), move the heavy work to a queue and have the HTTP response return immediately. Cloudflare won't timeout on a fast HTTP response.
Step 5: Contact Your Hosting Provider
If you're seeing intermittent 522 errors and your server looks healthy, the issue may be network-level between your host and Cloudflare. Your hosting provider's support can check for routing or network issues on their end.
Monitoring for 522 Errors
A 522 means your site is down for everyone behind Cloudflare. You need to know about it immediately, not when a customer reports it.
Domain Monitor monitors your website every minute from multiple global locations and sends instant alerts when your site goes down. Combined with proper downtime alerts, you'll be notified the moment a 522 starts occurring.
Related Articles
More posts
What Is Generative AI? How It Works and What It Creates
Generative AI creates new content — text, images, code, and more. This guide explains how it works, what tools are available, and where it's genuinely useful versus overhyped.
Read moreWhat Is Cursor AI? The AI Code Editor Explained
Cursor AI is an AI-powered code editor built on VS Code. Learn what it does, how it works, and whether it's the right tool for your development workflow.
Read moreWhat Is Claude Opus? Anthropic's Most Powerful Model Explained
Claude Opus is Anthropic's most capable AI model, built for complex reasoning and demanding tasks. Learn what it does, how it compares, and when to use it.
Read moreSubscribe to our PRO plan.
Looking to monitor your website and domains? Join our platform and start today.