The Cloudflare error 520: web server returns an unknown error is another class of errors relating to problems at the origin server. I’ve already written about Cloudflare error 500 and error 523, so now it’s time to examine 523 in a little more detail. This happens when your server returns a response that Cloudflare doesn’t expect. This could be an empty response or the output of an application crash. Here are the most common causes.
- 1. Application Crashes
- 2. Cloudflare IPs Blocked by your Firewall
- 3. Domain Sets too Many Cookies
- 4. Weird Error Responses from the Origin Server
- How to Fix Cloudflare Error 520 – Contacting Cloudflare
- Cloudflare 5xx Errors are Tricky to Debug
1. Application Crashes
If the application running on your origin server and which serves Cloudflare’s requests crashes, then you might see the error 520 as shown here:
If you’re running WordPress, it could mean that your application crashed for various reasons – misconfigured plugins, a botched update, or even a glitch on your server. The best way to know what happened is to check the debug logs in WordPress. For non-WordPress applications, refer to the specific debugging mechanisms.
Having a mechanism to capture debug info before something goes wrong on your site is a good idea. You don’t have to retain the data forever – just a few days will do. But it will allow you to dig into your application data and find out what happened so you can fix it.
2. Cloudflare IPs Blocked by your Firewall
Since Cloudflare sits between your users and your origin, the server needs to allow Cloudflare IPs to connect to it – potentially thousands of times a day. Most servers don’t have a problem with this, but if you have a custom configuration, it may be blocking Cloudflare’s servers. This can happen more frequently since Cloudflare started dialing down its support for cPanel integration.
Cloudflare is now just another external source that connects to your server without the in-built integration on most web hosts. So if you’re getting a 520 error, make sure that your server’s firewall isn’t blocking it. Here’s an updated list of all Cloudflare IPs if you want a reference.
3. Domain Sets too Many Cookies
It’s not explicitly mentioned in the standard documentation, but Cloudflare appears to have a problem with response headers exceeding 16 KB in length. The closest source I could find is the Cloudflare documentation for Worker limits which says that each header should be below this limit.
According to Cloudflare, the main reason for this increased header size is the presence of too many cookies. Not that the cookies themselves would all take up 16 KB. By default, many browsers and network devices cap the size of the total number of cookies on any given request at around 4 KB. But if other elements are bloating the size of your response header, then your cookies might push the total size over the limit.
This issue can be hard to debug, because your site might not set the same number of cookies on every request. Once the cookies are stored on the visitor’s computer, they don’t need to be sent again. So if you can’t figure out what’s wrong, look at your cookies and see if that’s the problem.
4. Weird Error Responses from the Origin Server
Some PHP applications can cause the server to respond with error messages that aren’t normal. For reference, here’s a list of all the regular HTTP response codes. If a plugin on your site generates a response code that doesn’t belong on this list, then Cloudflare will throw a 520 error.
How to Fix Cloudflare Error 520 – Contacting Cloudflare
If you’ve checked your server for problems and failed to find anything wrong, you can contact Cloudflare with the error details. Despite their documentation, you can still contact Cloudflare to report 520 errors by clicking the “Support” link on the top-right and filling out the details as shown here:
Unfortunately, you can’t contact them using the live chat functionality, which is only available to Business users (not even Pro users!). While opening a ticket and waiting for a response, I suggest you disable Cloudflare on your domain by changing your DNS settings to “DNS Only” by clicking the orange cloud icon next to your domain and subdomains, turning it “gray”. Here’s a screenshot:
Along with the description of the error, you should send Cloudflare the following details so they can more easily debug the problem.
Find the CF-RAY Number
If you happen to catch a 520 error on Cloudflare, you can use the developer tools on your browser to extract the “CF-RAY” number from the response header. To do this, use the “Network” tab on your developer tools and refresh the page. In the list of resources loaded, go to the very first one – your page URL – and on the right-hand side, you should be able to find the CF-RAY number that Cloudflare sends with each response. Here’s a screenshot:
Copy this number and send it to Cloudflare along with your request.
Generating and Sending HAR Files to Cloudflare
Along with the CF-RAY number, you can also send a complete log of the request in a “HAR file”. HAR stands for HTTP Archive and is a file your browser can generate, containing the details of everything that happened from the moment of connection to your site to Cloudflare sending the response. It’s useful because the CF-RAY number doesn’t say anything about your browser and what kind of interactions it had with your page. With a HAR file, Cloudflare can figure out how long the connection took, whether or not it was redirected, and all useful information for debugging.
Generating a HAR file is easy and depends on which browser you have. If you’re using Chrome, open the Network tab in the developer tools and click the download arrow to create the HAR file as shown here:
On Firefox, after opening developer tools, click the gear icon and choose the option to “Save All As HAR”. Once you save the file, send it to Cloudflare along with your support ticket and wait for them to respond.
Sending the Trace Information
The trace information is the final bit of information that Cloudflare can use to debug your 520 error. I’ve talked about this before, and it consists of the output of a special URL linked to your domain name. It has the format:
Replace “yourdomainname” with the domain name on which Cloudflare generates the 520 error and observe the output. It should look something like this:
Copy the information you see here and paste it into the support ticket along with the CF-RAY ID and the HAR file. Putting all this together should be enough for Cloudflare to debug your error. Just have patience while they get back to you!
Cloudflare 5xx Errors are Tricky to Debug
Each of the Cloudflare 5XX errors can be caused by the same issue on your server, and there’s no set mapping of what kind of server error causes which error code. Most of the time, it’s a problem on your origin server, but sometimes Cloudflare can be at fault. If you feel it’s a problem with the latter, follow the steps above, set Cloudflare to be “DNS Only”, and hang tight!
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!
Leave a Reply