LocalHost.Co
Home / Articles / http error 522
error-codes

http error 522

Uncover the causes behind the HTTP Error 522 Connection Timed Out. Learn why Cloudflare throws this specific error and how webmasters can fix origin server issues.

21 Mar 2026

The http error 522, known as "Connection Timed Out," is an unofficial HTTP status code. Unlike standard 5xx errors defined by the IETF (Internet Engineering Task Force), the 522 status code was created specifically by Cloudflare, a leading Content Delivery Network (CDN) and web security provider. If you encounter a 522 error, it strictly means you are visiting a site protected by Cloudflare, and Cloudflare could not establish a TCP connection with the origin web server within a specific timeframe.

How Cloudflare Routing Works

To understand the 522 error, you must understand Cloudflare's role as a reverse proxy. When a user types a URL into their browser, the request doesn't go directly to the host server. Instead, it goes to the nearest Cloudflare edge server.

Cloudflare then forwards this request to the website's actual hosting server (the origin server). This process involves a standard TCP handshake (SYN, SYN-ACK, ACK). If the origin server does not respond to Cloudflare's initial SYN packet within 15 seconds, or fails to complete the handshake, Cloudflare drops the connection attempt and serves an HTTP 522 error to the user's browser.

What Causes a 522 Connection Timed Out?

A 522 error indicates a network-level issue between Cloudflare and the origin server. It rarely indicates an application-level crash (which would usually result in a 500 or 502). The most common culprits include:

1. Origin Server is Offline

The most obvious reason is that the physical server hosting the website is powered off, rebooting, or completely disconnected from the internet. If the server isn't running, it cannot respond to Cloudflare's connection requests.

2. Firewall Blocking Cloudflare IPs

This is the most frequent cause of 522 errors for newly onboarded sites. Because all traffic comes through Cloudflare, the origin server's firewall (like iptables, UFW, or a hosting provider's security group) might view the massive volume of requests from Cloudflare's IP addresses as a DDoS attack and block them. If Cloudflare's IPs are blocked, the TCP connection drops, resulting in a 522.

3. Incorrect DNS Settings in Cloudflare

When you set up Cloudflare, you must input the origin server's IP address. If the server moves to a new host or acquires a new IP address, and the Cloudflare DNS records are not updated to match, Cloudflare will attempt to connect to a dead or incorrect IP, leading to a timeout.

4. Overloaded Server Network Stack

Even if the server is online, it might be so overwhelmed with traffic or heavy processing that its network stack drops incoming TCP SYN requests because its listen queue is completely full.

How Webmasters Can Fix an Error 522

Fixing a 522 error requires access to the origin server and the Cloudflare dashboard. Here is the recommended troubleshooting path:

  1. Verify Server Status: Check with your hosting provider to ensure the origin server is powered on and accessible via SSH or a direct IP connection.
  2. Whitelist Cloudflare IP Addresses: Ensure your origin server's firewall is explicitly configured to allow incoming traffic from all of Cloudflare's published IP ranges. You can find the official list of IPs on Cloudflare's website. If you use iptables or UFW, add allow rules for these ranges on ports 80 and 443.
  3. Check DNS Records: Log into the Cloudflare dashboard and go to the DNS tab. Verify that the A record or AAAA record pointing to your origin server contains the correct, current IP address.
  4. Analyze Server Load: Check your server's resource usage (CPU, RAM). If the server is maxed out, it may be dropping connections. You may need to optimize your application or upgrade your hosting plan.
  5. Enable Keep-Alive: Ensure that HTTP Keep-Alive is enabled on your origin web server (Apache or Nginx). Cloudflare relies on persistent connections for performance, and disabling Keep-Alive can lead to connection issues.

Frequently Asked Questions

Can a regular visitor fix a 522 error?

No, a 522 error is purely a server-side and infrastructure configuration issue. As a visitor, the only thing you can do is wait and try again later, or contact the website owner to alert them of the downtime.

How is a 522 error different from a 504 Gateway Timeout?

A 522 error means Cloudflare couldn't even establish a TCP network connection with the origin server. A 504 Gateway Timeout means the connection was successfully established, but the origin server took too long to generate the actual HTTP response (e.g., waiting for a slow database query).

Does Cloudflare automatically fix 522 errors?

No. Cloudflare cannot fix an origin server issue. Cloudflare will continually retry connecting upon new user requests, but until the origin server becomes responsive and allows Cloudflare's IPs, the 522 error will persist.

Is Error 522 a sign of a DDoS attack?

It can be. If an attacker bypasses Cloudflare and launches a volumetric attack directly against the origin server's IP address, the origin server may become overwhelmed and drop legitimate connections from Cloudflare, resulting in a 522 error for regular users.

Reviews

No approved reviews yet.

Name, review, and a 5-star rating.
Showing approved comments for this article and language.

Related Articles

  • err_ssl_protocol_error

    Learn how to fix the err_ssl_protocol_error in your browser. This comprehensive guide covers common causes like date/time issues, cached data, and antivirus settings.

  • err_http2_protocol_error

    Encountering the err_http2_protocol_error? Discover the root causes behind this HTTP/2 connection failure and follow our detailed solutions to restore access.

  • err_quic_protocol_error

    Resolve the err_quic_protocol_error quickly with our step-by-step troubleshooting guide. Fix connection issues by disabling QUIC, resetting flags, or checking extensions.

  • ssl_error_bad_cert_domain

    Fix the ssl_error_bad_cert_domain warning by understanding why a website's SSL certificate domain doesn't match the URL you visited and how to bypass it safely.

  • ssl_error_no_cypher_overlap

    The ssl_error_no_cypher_overlap occurs when the client and server share no common encryption ciphers. Find out how to update protocols and bypass this barrier safely.

  • ssl_error_rx_record_too_long

    Struggling with ssl_error_rx_record_too_long? Learn how to fix this Firefox-specific secure connection error caused by server misconfigurations or port conflicts.

  • whea_uncorrectable_error

    A whea_uncorrectable_error is a serious hardware BSOD in Windows. Read our guide to diagnose CPU, RAM, or voltage issues and restore system stability permanently.

  • dxgi_error_device_removed

    Fix the dxgi_error_device_removed crash. Find out why your system thinks the graphics card was physically removed and how to resolve driver and power supply issues.