Cloudflare Error Encyclopedia
A comprehensive troubleshooting guide for common Cloudflare errors (e.g., 522, 1020) from an SRE perspective.
Web server is returning an unknown error
The origin server returned an empty, unknown, or unexpected response to Cloudflare.
Web server is down
Cloudflare can resolve your origin IP, but the origin server refused the connection (e.g., service stopped or port closed).
Connection timed out
Cloudflare timed out while contacting the origin server. This usually means the origin firewall is dropping Cloudflare requests or the origin is overloaded.
Origin is unreachable
Cloudflare cannot find the origin at the network layer. This typically means incorrect DNS records or the origin route is unreachable.
A timeout occurred
Cloudflare established a TCP connection but timed out waiting for the HTTP response (default 100s). Indicates a slow origin backend.
SSL handshake failed
Cloudflare failed to negotiate a successful SSL/TLS handshake with the origin server.
Invalid SSL certificate
The origin certificate could not be validated. This error only occurs when Cloudflare SSL/TLS mode is set to "Full (strict)".
Access Denied
The user request was blocked by Cloudflare's high-security policies or Bot Management rules.
You are being rate limited
The visitor triggered a Rate Limiting rule on Cloudflare. This is usually an intentional protection mechanism configured by the defender.
Access Denied (WAF Violation)
The visitor's request violated a custom firewall rule (WAF Custom Rules) configured by the administrator. This is entirely policy-driven.