Status Code
522 Connection Timed Out
Cloudflare-specific error when unable to establish a TCP connection to the origin server. Learn how to diagnose and fix 522 timeout errors.
TL;DR: Cloudflare couldn’t establish a TCP connection to your origin server within 15 seconds. Check server load, firewall rules, and ensure Cloudflare IPs aren’t blocked.
What is 522 Connection Timed Out?
A 522 Connection Timed Out is a Cloudflare-specific status code that indicates Cloudflare was unable to establish a TCP connection with the origin server within the timeout period (typically 15 seconds for the initial connection, 90 seconds for subsequent requests). Think of it like calling someone on the phone and the call never connects—the phone just keeps ringing until you give up.
This is not part of the official HTTP specification but is used by Cloudflare when the origin server fails to respond to connection attempts.
When Does This Happen?
You’ll see a 522 Connection Timed Out error in these common situations:
1. Origin Server Overloaded
Server CPU/memory at 100%
→ Can't accept new connections
→ Cloudflare connection times out
→ Returns 5222. Firewall Blocking Cloudflare
Origin firewall blocks Cloudflare IPs
→ Connection attempts dropped
→ Timeout after 15 seconds
→ 522 error3. Origin Server Down
Web server process crashed
→ Not listening on port 80/443
→ No response to connection attempts
→ 522 timeout4. Network Issues
Network path between Cloudflare and origin
→ Packet loss or routing problems
→ TCP handshake fails
→ Connection timeout5. Incorrect Origin Configuration
Cloudflare configured with wrong IP/port
→ Nothing listening at that address
→ Connection times out
→ 522 errorExample Responses
Basic 522 Response:
HTTP/1.1 522 Connection Timed Out
Server: cloudflare
Date: Sat, 18 Jan 2026 10:00:00 GMT
Content-Type: text/html
CF-RAY: 7d1234567890abcd-SJC
<!DOCTYPE html>
<html>
<head>
<title>522: Connection timed out</title>
</head>
<body>
<h1>Connection timed out</h1>
<p>The origin web server timed out responding to this request.</p>
<p>Ray ID: 7d1234567890abcd</p>
</body>
</html>
```text
**Detailed Cloudflare Error Page:**
```http
HTTP/1.1 522 Connection Timed Out
Server: cloudflare
CF-RAY: 7d1234567890abcd-LAX
CF-Cache-Status: DYNAMIC
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error 522 - Connection timed out</title>
<style>
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
line-height: 1.6;
}
.error-code {
font-size: 72px;
color: #f48024;
font-weight: bold;
margin: 20px 0;
}
.details {
background: #f7f7f7;
padding: 20px;
border-left: 4px solid #f48024;
margin: 20px 0;
}
.ray-id {
background: #2d2d2d;
color: #fff;
padding: 15px;
font-family: 'Courier New', monospace;
margin: 20px 0;
}
</style>
</head>
<body>
<div class="error-code">522</div>
<h1>Connection timed out</h1>
<p>Cloudflare was unable to establish a TCP connection to the origin server within
the configured timeout period.</p>
<div class="details">
<h2>What happened?</h2>
<p>Cloudflare tried to connect to your origin server (IP address from your DNS settings)
but did not receive a response before the connection timeout (15 seconds for initial
connection, 90 seconds for subsequent requests).</p>
<h2>Common Causes:</h2>
<ul>
<li><strong>Origin server is offline or unreachable</strong> - The web server may have
crashed, been restarted, or is not running</li>
<li><strong>Firewall is blocking Cloudflare IPs</strong> - Your firewall, security
software, or hosting provider is blocking connections from Cloudflare</li>
<li><strong>Origin server is overloaded</strong> - Server resources (CPU, memory) are
exhausted and can't accept new connections</li>
<li><strong>Network connectivity issues</strong> - Network problems between Cloudflare
and your origin server</li>
<li><strong>Incorrect origin IP in Cloudflare DNS</strong> - The A/AAAA records point
to the wrong server</li>
</ul>
</div>
<div class="details">
<h2>What can I do?</h2>
<p><strong>If you're a visitor:</strong></p>
<ul>
<li>Wait a few minutes and try again</li>
<li>Contact the website owner if the problem persists</li>
</ul>
<p><strong>If you're the website owner:</strong></p>
<ol>
<li><strong>Check if your origin server is online:</strong>
<ul>
<li>SSH into your server and verify the web server is running</li>
<li>Run: <code>systemctl status nginx</code> or <code>systemctl status apache2</code></li>
</ul>
</li>
<li><strong>Verify Cloudflare IPs are not blocked:</strong>
<ul>
<li>Whitelist all <a href="https://www.cloudflare.com/ips/">Cloudflare IP ranges</a></li>
<li>Check firewall rules, security groups, and hosting provider settings</li>
</ul>
</li>
<li><strong>Check server resources:</strong>
<ul>
<li>Run: <code>top</code> or <code>htop</code> to check CPU/memory usage</li>
<li>Restart your web server if resources are exhausted</li>
</ul>
</li>
<li><strong>Verify DNS settings:</strong>
<ul>
<li>Confirm your A/AAAA records point to the correct origin IP</li>
<li>Test: <code>ping your-origin-ip</code></li>
</ul>
</li>
<li><strong>Check origin server logs:</strong>
<ul>
<li>Review logs at timestamp: 2026-01-18 10:00:00 UTC</li>
<li>Look for connection errors or crashes</li>
</ul>
</li>
</ol>
</div>
<div class="ray-id">
Cloudflare Ray ID: 7d1234567890abcd<br>
Your IP: 203.0.113.42<br>
Timestamp: 2026-01-18 10:00:00 UTC<br>
Data Center: LAX (Los Angeles)
</div>
<div>
<a href="https://www.cloudflare.com/5xx-error-landing">More about Cloudflare errors</a> |
<a href="https://community.cloudflare.com">Cloudflare Community</a>
</div>
</body>
</html>Real-World Example
Imagine your origin server’s web service crashed:
Client Request:
GET / HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0...
```text
**Cloudflare Attempts Connection:**
```json
[10:00:00] Cloudflare edge (LAX) attempts TCP connection to origin: 198.51.100.42:443
[10:00:00] SYN packet sent to 198.51.100.42:443
[10:00:01] No SYN-ACK received, retrying...
[10:00:03] SYN packet sent again
[10:00:05] No response
[10:00:10] SYN packet sent (final attempt)
[10:00:15] Connection timeout - no response after 15 seconds
```text
**Cloudflare Returns 522:**
```http
HTTP/1.1 522 Connection Timed Out
Server: cloudflare
Date: Sat, 18 Jan 2026 10:00:15 GMT
Content-Type: text/html; charset=UTF-8
CF-RAY: 7d1234567890abcd-LAX
CF-Cache-Status: DYNAMIC
<!DOCTYPE html>
<html>
<head><title>522: Connection timed out</title></head>
<body>
<h1>Error 522: Connection timed out</h1>
<p>Cloudflare could not connect to your origin server within 15 seconds.</p>
<h2>Troubleshooting Information</h2>
<dl>
<dt>Origin IP:</dt>
<dd>198.51.100.42</dd>
<dt>Origin Port:</dt>
<dd>443 (HTTPS)</dd>
<dt>Timeout:</dt>
<dd>15 seconds (initial connection)</dd>
<dt>Ray ID:</dt>
<dd>7d1234567890abcd</dd>
<dt>Data Center:</dt>
<dd>LAX (Los Angeles)</dd>
<dt>Timestamp:</dt>
<dd>2026-01-18 10:00:15 UTC</dd>
</dl>
<h2>Immediate Actions:</h2>
<ol>
<li>Check if origin server 198.51.100.42 is online</li>
<li>Verify web server is running on port 443</li>
<li>Ensure Cloudflare IPs are whitelisted in firewall</li>
<li>Check server resource usage (CPU, memory, connections)</li>
</ol>
</body>
</html>522 vs Other Cloudflare Connection Errors
| Code | Issue | Can Connect | Receives Response | Origin Status |
|---|---|---|---|---|
| 522 | Connection timeout | No | No | Unknown (can’t connect) |
| 521 | Web server down | No | No | Definitely down |
| 523 | Origin unreachable | No | No | DNS/routing issue |
| 524 | Request timeout | Yes | Partial/slow | Too slow |
| 520 | Unknown error | Yes | Yes (invalid) | Online but broken |
Important Characteristics
TCP Level Timeout:
522 = Can't establish TCP connection
NOT an HTTP-level timeout
Fails before HTTP request is even sentTimeout Duration:
Initial connection: 15 seconds
Subsequent requests: 90 seconds
Not configurable by user (Cloudflare default)Indicates Connection Failure:
Cloudflare → [trying to connect] → Origin
↓
No response (15s)
↓
522 ErrorDifferent from 524:
522: Can't establish connection at all
524: Connection established, but response too slowCommon Causes and Solutions
1. Firewall Blocking Cloudflare:
# Check if Cloudflare IPs are blocked
sudo iptables -L -n | grep DROP
# Whitelist Cloudflare IPs
# Download IP ranges from: https://www.cloudflare.com/ips/
# UFW example
sudo ufw allow from 173.245.48.0/20
sudo ufw allow from 103.21.244.0/22
# ... add all Cloudflare ranges
# iptables example
iptables -I INPUT -s 173.245.48.0/20 -j ACCEPT
iptables -I INPUT -s 103.21.244.0/22 -j ACCEPT
```text
**2. Web Server Not Running:**
```bash
# Check if web server is running
sudo systemctl status nginx
sudo systemctl status apache2
# If stopped, start it
sudo systemctl start nginx
sudo systemctl start apache2
# Check if listening on correct port
sudo netstat -tlnp | grep :80
sudo netstat -tlnp | grep :4433. Server Overloaded:
# Check resource usage
top
htop
# Check connection limit
ss -s # Socket statistics
netstat -an | grep :80 | wc -l # Count connections
# Increase connection limit (nginx)
# In nginx.conf:
worker_connections 4096;
# Increase PHP-FPM processes
# In php-fpm pool config:
pm.max_children = 50
```text
**4. Wrong Origin IP:**
```bash
# Verify DNS settings
dig +short example.com
nslookup example.com
# Test connectivity to origin IP
ping your-origin-ip
telnet your-origin-ip 80
telnet your-origin-ip 443
# Update Cloudflare DNS if wrong
# Dashboard → DNS → Edit A/AAAA record5. Network Issues:
# Test network path
traceroute your-origin-ip
mtr your-origin-ip
# Check for packet loss
ping -c 100 your-origin-ip
# Verify origin is reachable from outside
curl -I http://your-origin-ip
```javascript
## Troubleshooting Guide
**Step 1: Verify Origin Server is Online**
```bash
# SSH into your server
ssh user@your-origin-ip
# Check web server status
sudo systemctl status nginx
# or
sudo systemctl status apache2
# If not running, check logs
sudo journalctl -u nginx -n 50
sudo tail -f /var/log/nginx/error.logStep 2: Check Firewall Rules
# Check UFW status
sudo ufw status numbered
# Check iptables
sudo iptables -L INPUT -n --line-numbers
# Check cloud provider security groups
# (AWS, DigitalOcean, etc.)
# Whitelist Cloudflare (UFW)
for ip in $(curl https://www.cloudflare.com/ips-v4); do
sudo ufw allow from $ip to any port 80
sudo ufw allow from $ip to any port 443
done
```text
**Step 3: Test Direct Connection**
```bash
# Bypass Cloudflare, test origin directly
curl -I http://your-origin-ip/
curl -I https://your-origin-ip/
# Should return HTTP response, not timeoutStep 4: Check Server Resources
# CPU and Memory
top
free -h
# Disk space
df -h
# Connection count
netstat -an | grep ESTABLISHED | wc -l
# Check if accepting connections
ss -tlnp | grep :80
ss -tlnp | grep :443
```javascript
**Step 5: Review Origin Logs**
```bash
# Nginx access/error logs
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log
# Apache logs
sudo tail -f /var/log/apache2/access.log
sudo tail -f /var/log/apache2/error.log
# System logs
sudo journalctl -fPrevention Best Practices
Monitor Server Health:
#!/bin/bash
# health-check.sh - Monitor web server
while true; do
if ! systemctl is-active --quiet nginx; then
echo "$(date): Nginx is down! Restarting..."
systemctl start nginx
# Send alert
curl -X POST https://alerts.example.com/webhook \
-d '{"message":"Nginx was down and restarted"}'
fi
sleep 60
done
```javascript
**Implement Uptime Monitoring:**
```javascript
// Node.js uptime monitor
const http = require('http')
function checkOrigin() {
const options = {
hostname: 'your-origin-ip',
port: 80,
path: '/health',
timeout: 5000
}
const req = http.get(options, (res) => {
if (res.statusCode === 200) {
console.log('Origin healthy')
} else {
alert('Origin returned:', res.statusCode)
}
})
req.on('timeout', () => {
alert('Origin timeout - may cause 522')
req.destroy()
})
req.on('error', (err) => {
alert('Origin error:', err.message)
})
}
setInterval(checkOrigin, 60000) // Check every minuteAuto-Scaling Configuration:
# Example: AWS Auto Scaling
AutoScalingGroup:
MinSize: 2
MaxSize: 10
TargetTrackingScaling:
CPUUtilization:
TargetValue: 70 # Scale up when CPU > 70%
NetworkIn:
TargetValue: 100000000 # Scale up at 100MB/s
HealthCheck:
Type: ELB
GracePeriod: 300
# Replace unhealthy instances
```nginx
**Cloudflare-Friendly Firewall:**
```nginx
# Nginx - Only allow Cloudflare IPs
# Download latest: https://www.cloudflare.com/ips/
geo $cloudflare_ip {
default 0;
173.245.48.0/20 1;
103.21.244.0/22 1;
103.22.200.0/22 1;
103.31.4.0/22 1;
141.101.64.0/18 1;
108.162.192.0/18 1;
190.93.240.0/20 1;
188.114.96.0/20 1;
197.234.240.0/22 1;
198.41.128.0/17 1;
162.158.0.0/15 1;
104.16.0.0/13 1;
104.24.0.0/14 1;
172.64.0.0/13 1;
131.0.72.0/22 1;
}
server {
if ($cloudflare_ip != 1) {
return 403;
}
# Your configuration...
}Implementation Examples
Nginx Timeout Configuration:
http {
# Increase timeouts to prevent issues
keepalive_timeout 65;
client_header_timeout 60s;
client_body_timeout 60s;
send_timeout 60s;
# Connection limits
limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_conn addr 100;
server {
listen 80;
server_name example.com;
# Health check endpoint
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
location / {
# Your app
}
}
}
```javascript
**Express.js Health Check:**
```javascript
const express = require('express')
const app = express()
// Health check for monitoring
app.get('/health', (req, res) => {
res.status(200).send('OK')
})
// Graceful shutdown
process.on('SIGTERM', () => {
console.log('SIGTERM received, shutting down gracefully')
server.close(() => {
console.log('Server closed')
process.exit(0)
})
})
const server = app.listen(3000)Python Health Monitor:
import requests
import time
from datetime import datetime
def check_origin(url, timeout=5):
try:
response = requests.get(url, timeout=timeout)
if response.status_code == 200:
print(f"{datetime.now()}: Origin healthy")
return True
else:
print(f"{datetime.now()}: Origin returned {response.status_code}")
return False
except requests.Timeout:
print(f"{datetime.now()}: Origin timeout! May cause 522")
return False
except requests.ConnectionError as e:
print(f"{datetime.now()}: Connection error: {e}")
return False
# Monitor every minute
while True:
check_origin('http://your-origin-ip/health')
time.sleep(60)Try It Yourself
Visit our request builder to learn about 522 errors:
- Understand connection timeout scenarios
- Review troubleshooting steps
- Learn prevention strategies
- Test health check implementations
Related Status Codes
- 520 Web Server Returned an Unknown Error - Invalid response from origin
- 521 Web Server Is Down - Origin completely offline
- 523 Origin Is Unreachable - DNS/routing issues
- 524 A Timeout Occurred - Response timeout (not connection)
- 504 Gateway Timeout - Standard HTTP gateway timeout
Frequently Asked Questions
What does Cloudflare error 522 mean?
A 522 error means Cloudflare could not establish a TCP connection to your origin server within the timeout period. The server exists but is not responding in time.
How do I fix a 522 error?
Check origin server load and performance, verify network connectivity, ensure Cloudflare IPs are whitelisted, check for rate limiting, and verify DNS points to correct IP.
What is the difference between 521 and 522?
521 means the connection was refused (server down or blocking). 522 means the connection attempt timed out (server slow or network issues). Both indicate origin connectivity problems.
What causes 522 timeout errors?
Common causes include server overload, network congestion, firewall silently dropping packets, incorrect origin IP in Cloudflare, or ISP routing issues.