I’ll update your Cloudflare Error 522 post with improved structure, GSG styling, and optimized alt text for all existing images while preserving your original content.
Key Takeaways:
- Error 522 is a server-side timeout issue between Cloudflare and your origin server—Cloudflare itself is rarely the cause
- The TCP handshake must complete within 15 seconds; if your server doesn’t respond, visitors see “Connection timed out”
- Server overload is the most common culprit—check CPU, RAM, and concurrent connections first
- Firewall rules often block Cloudflare IP ranges unintentionally—whitelisting them resolves many cases
- DNS misconfiguration (wrong A record) sends Cloudflare requests to the wrong destination
TL;DR: Cloudflare Error 522 means your origin server isn’t responding to Cloudflare’s connection attempts within 15 seconds. The fix involves three main areas: checking if your server is overloaded or offline, verifying DNS settings point to the correct IP, and ensuring firewalls aren’t blocking Cloudflare’s IP ranges. For server administrators, we’ll walk through specific commands and configurations. For visitors, waiting and trying again later is usually the only option. This guide covers root causes, step-by-step solutions, and how to prevent recurrence.
What Is Cloudflare Error 522?
Error 522, commonly displayed as “Connection timed out,” is an HTTP status code specific to Cloudflare-powered websites. It occurs when Cloudflare’s edge network attempts to establish a TCP connection with your origin server, but the server fails to respond within the timeout window—typically 15 seconds .
Unlike errors where the connection is actively rejected (like Error 521), Error 522 means Cloudflare sent the initial handshake request and simply… waited. No response arrived. The connection never moved past the front door .
Important: Cloudflare itself is rarely the culprit here. The problem almost always lives on your side of the connection—your server, your firewall, or your DNS configuration . Even if you’re using Cloudflare’s free plan, this error can still appear.
How Error 522 Works: The TCP Handshake Failure
To understand Error 522, you need to understand the TCP three-way handshake that happens before any website content loads :
- SYN: Cloudflare sends three SYN packets to your origin server requesting a connection
- SYN+ACK: Your server should reply with a SYN+ACK acknowledgment
- ACK: Cloudflare sends a final ACK back, and communication begins
If your origin server doesn’t send that SYN+ACK back within 15 seconds, Error 522 triggers and the connection closes. No data is exchanged, no headers are read—the visitor just sees a timeout .
What Causes Cloudflare Error 522?
Several conditions can break that TCP handshake. Here are the most common causes, ranked by frequency:
1. Server Overload
Your server is overwhelmed—CPU pegged at 100%, RAM exhausted, or too many concurrent connections. It literally can’t accept new handshake requests . This is the single most common cause, especially on shared hosting during traffic spikes.
2. Firewall Blocking Cloudflare IPs
Your firewall, security plugin, or hosting provider’s network rules are dropping packets from Cloudflare’s IP ranges. Since all traffic comes through Cloudflare, blocking these IPs locks out every visitor .
3. Incorrect DNS Settings
The A record (or AAAA record) in your Cloudflare DNS points to the wrong IP address. Cloudflare faithfully sends requests to an IP that either doesn’t exist or belongs to someone else .
4. Server Offline
Your origin server is down—crashed, rebooting, stuck in maintenance mode, or the web server process (Apache/Nginx) stopped running .
5. Network Routing Issues
Problems between Cloudflare’s edge and your hosting provider’s network—packet loss, BGP misconfigurations, or upstream provider downtime .
6. KeepAlive Disabled
Cloudflare expects persistent TCP connections via HTTP KeepAlive headers. If your server closes connections after every request, reconnection attempts can time out .
7. Rate Limiting or Throttling
Some hosting providers limit requests per second. High traffic may trigger throttling that blocks Cloudflare’s connection attempts .
Notice the pattern? The problem sits on your origin server’s side almost every time—not Cloudflare, not the visitor’s browser .
3 Different Ways to Fix Cloudflare Error 522
Before diving in, run a quick sanity check. Use a tool like Uptrends or check Downdetector to confirm your site is actually down for everyone, not just you. Then verify Cloudflare’s own status page (cloudflarestatus.com) isn’t reporting an incident .
Method 1: Check If Your Web Server Is Working
This is where most Error 522 problems live. Your origin server is either offline or too overloaded to accept new connections .
Step 1: Test Basic Connectivity
SSH into another machine (or use your local terminal) and ping your server’s IP directly:
ping 203.0.113.50If you get no response, the server is unreachable. Try a traceroute to see where packets die:
traceroute 203.0.113.50Step 2: Check Resource Usage
If the server responds to ping, log in and check these metrics :
- CPU usage: Keep it under 80%. Above that, request queuing starts and timeouts follow
- RAM usage: If you’re swapping to disk, everything slows down
- Running processes: Look for runaway scripts, zombie processes, or cron jobs stacking up
- I/O throughput: Disk saturation kills performance as fast as CPU
- Max concurrent connections: Check if you’re hitting hosting plan limits
On Linux, use top or htop commands. Hostinger users can find this in hPanel under Websites → Dashboard → Hosting Plan → Used Resources .
Step 3: Fix Resource Issues
If you’re hitting resource limits :
- Remove unnecessary plugins that hog resources
- Optimize slow database queries (check MySQL slow query log)
- Implement caching to reduce load for repeated requests
- Upgrade your hosting plan—shared hosting may no longer be sufficient
View Cloudflare Official IP Ranges
Method 2: Review Cloudflare DNS Settings
When you onboard a domain to Cloudflare, it imports your DNS records. The A record is critical—it maps your domain to your server’s IP address. If this is wrong, Cloudflare sends requests into a void .
Step 1: Find Your Server’s Actual IP
Your hosting control panel shows this under plan details, server information, or similar. Copy it exactly.
Step 2: Check Cloudflare DNS
- Log into your Cloudflare dashboard and select the domain
- Go to DNS > Records
- Find the A record for your root domain (e.g., example.com)
- Compare the Content/Value field against the IP from your hosting panel
If they don’t match, click Edit, paste the correct IP, and save. DNS changes can take up to 24 hours to propagate, though it’s usually faster. You can also purge Cloudflare’s cache to speed things along .
Step 3: Check SSL/TLS Settings
While in the dashboard, confirm your SSL/TLS encryption mode is set to Full or Full Strict. A mismatch between “Flexible” mode and a server expecting HTTPS causes different problems .
Method 3: Check Server Configuration & Firewall Rules
Server is online, DNS is correct—and you’re still getting Error 522? Time to dig into configuration .
Step 1: Enable KeepAlive
Cloudflare relies on HTTP KeepAlive headers to maintain persistent connections. If your server closes connections after every request, reconnection overhead stacks up .
On Apache, add this to your .htaccess file:
<ifModule mod_headers.c>
Header set Connection keep-alive
</ifModule>On Nginx, ensure keepalive_timeout is set to something reasonable (65 seconds is the default) .
Step 2: Whitelist Cloudflare IP Addresses
If your firewall or security module blocks Cloudflare’s IP ranges, every visitor gets a 522. Cloudflare publishes its full IP list at cloudflare.com/ips . You need to whitelist all of them.
How to whitelist depends on your setup :
- iptables/nftables: Add allow rules for each Cloudflare range
- Server control panel: Use IP manager or firewall section
- .htaccess: Add “allow from” directives for each range
- Security plugins (WordFence, Sucuri): Check firewall settings and add Cloudflare IPs to whitelist
- CSF firewall: Add Cloudflare IPs to /etc/csf/csf.allow
Hostinger users can add Cloudflare IPs via hPanel → Websites → Advanced → IP Manager .
Step 3: Check Hosting Provider Restrictions
Some hosting companies filter Cloudflare addresses at the network level, not your server. If you’ve whitelisted everything and still get 522, contact your provider and ask them to explicitly allow Cloudflare IP ranges .
Step 4: Temporarily Pause Cloudflare
Still stuck? Pause Cloudflare temporarily from the dashboard. This routes traffic directly to your server, bypassing the proxy entirely .
- If the site works with Cloudflare paused → Problem is in the connection between Cloudflare and your origin. Re-check firewall rules and IP whitelist
- If the site is still down with Cloudflare paused → Problem is on your server. Go back to Method 1 and look harder at resource usage and server health
Troubleshooting Other Cloudflare Errors
Error 522 isn’t the only Cloudflare 5xx code you’ll encounter. Here’s how its close relatives differ :
The connection succeeded, but the server returned an empty or garbled response Cloudflare couldn’t parse. Common causes: crashed web server app, response headers exceeding Cloudflare’s 16 KB limit, or a script dying mid-execution. Check server error logs first .
Cloudflare tried to connect and your server actively refused the connection. This isn’t a timeout—it’s an active rejection or dead port. Most common cause: web server process (Apache/Nginx) stopped or crashed .
With 524, the TCP connection establishes fine, but the server takes too long to send back an HTTP response. Cloudflare’s default timeout is 100 seconds on free/pro plans. Usual suspect: long-running processes, unoptimized database queries, or hanging API calls .
What Can Browser Users Do About Error 522?
If you encounter Error 522 while browsing, here’s the reality: HTTP 522 indicates a server-side problem, not an issue with your internet connection or browser plugins .
Your best option is to wait and try again later. The site owner is likely already working on the issue, and it may resolve within minutes or hours .
If the problem persists for days, you can try:
- Contacting the website owner or webmaster directly
- Checking the site on social media to see if others report the same issue
- Using a different network or connection (sometimes routing issues are localized)
But honestly? Most of the time, the fix requires server access you don’t have. Patience is your friend .
Pro Tip for Server Admins: Set up uptime monitoring with tools like UptimeRobot, Pingdom, or a simple cron job that pings your server every minute. You want to know your site is down before your users do . Keep your Cloudflare DNS records accurate—every time you migrate servers or change hosting providers, update your A record immediately. Stale DNS entries only surface under pressure .
How to Verify Error 522 Is Fixed
The simplest test: open your site in a browser. If it loads without the “Connection timed out” message, you’re likely in the clear .
But don’t stop there:
- Clear your browser cache or use an incognito window. Cached DNS or stale content can give false positives
- Test from an external tool like Uptrends or GTmetrix to verify accessibility from multiple geographic locations
- Check server resources again—ensure CPU/RAM aren’t redlining
- Verify Cloudflare IPs remain whitelisted (some configurations reset after updates)
If everything loads cleanly and monitoring looks good, the error is resolved. Keep an eye on your logs for the next few hours to ensure it doesn’t return .
Warning: Don’t blindly increase timeout settings in your application code. Cloudflare’s edge nodes cut off at 100 seconds regardless of your local settings. The only real fix is improving server response time .
Preventing Error 522 Long-Term
Fixing Error 522 once is straightforward. Keeping it from coming back requires discipline :
- Monitor regularly: Use server monitoring tools to track CPU, RAM, and connection metrics. Set alerts for thresholds
- Optimize continuously: Slow database queries, unoptimized images, and bloated plugins accumulate over time. Regular audits prevent overload
- Plan for traffic spikes: If you run promotions or expect viral traffic, ensure your hosting can scale. Consider load balancing or CDN enhancements
- Keep DNS records updated: Every server migration or IP change must be immediately reflected in Cloudflare DNS
- Document your Cloudflare IP whitelist: Make sure any server rebuilds or firewall changes include re-whitelisting these ranges
For high-traffic sites, consider implementing load balancing to distribute traffic across multiple servers. This prevents any single server from becoming overwhelmed .
When to Contact Cloudflare Support
If you’ve tried everything and still see Error 522, it may be time to contact Cloudflare Support .
Before reaching out:
- Check Cloudflare’s status page to rule out their own incidents
- Run an MTR or traceroute from your server to a Cloudflare IP address
- Document everything you’ve checked and tried
Provide these logs when opening a ticket—it dramatically speeds up diagnosis .
You can also read about Cloudflare 521 error here for related issues.
Still getting Error 522 after trying everything? The difference between temporary fixes and permanent solutions often comes down to infrastructure. If you’re consistently hitting server limits, it might be time to evaluate your hosting plan or consider a server architecture review.
FAQ: Cloudflare Error 522
A: No—Error 522 is almost always a server-side issue. Cloudflare is simply reporting that your origin server didn’t respond in time. The problem lives on your server, in your firewall, or in your DNS configuration .
A: Cloudflare waits approximately 15 seconds for the TCP handshake to complete. If your server doesn’t respond within that window, Error 522 appears .
A: Yes. During a DDoS attack, your server may become overwhelmed with malicious requests, leaving no resources to respond to legitimate Cloudflare handshakes. This triggers timeout errors .
A: No—Error 522 occurs regardless of plan level (free or paid). It’s about your server’s ability to respond, not Cloudflare’s service tier .
A: Check CPU usage (should be under 80%), RAM usage (minimal swapping), and concurrent connections. Use commands like ‘top’ or ‘htop’ on Linux, or check your hosting control panel’s resource monitors .
A: Error 522 means the TCP connection never established (handshake failed). Error 524 means the connection established, but the server took too long (>100 seconds) to send back the actual content .
A: Yes—poorly coded plugins can consume excessive resources, slow down database queries, or even crash your server. If Error 522 appeared after installing a new plugin, try disabling it .
A: In cPanel, use the IP Blocker tool to add Cloudflare’s IP ranges to the “Allow” list rather than blocking them. You may also need to check CSF firewall settings if installed .
Conclusion: Error 522 Is Fixable
Cloudflare Error 522 looks intimidating, but it follows predictable patterns with straightforward solutions. When you see “Connection timed out,” remember:
The problem is almost always your server, not Cloudflare. Whether it’s overloaded resources, a misconfigured firewall, or incorrect DNS, the fix involves checking three core areas :
- Server health and capacity
- DNS accuracy in Cloudflare
- Firewall rules and IP whitelisting
Start with the simplest checks—is your server online? Is it overloaded? Then methodically work through DNS and firewall configurations. In most cases, you’ll identify the culprit within minutes .
For visitors seeing Error 522: patience is your only tool. The site owner is likely already aware and working on it. Try again in a few hours .
For server administrators: use this as an opportunity to strengthen your monitoring and optimization practices. Regular resource checks, updated DNS records, and proper firewall configuration will keep Error 522 rare rather than routine.
Which fix worked for you? Let us know in the comments below.
