Causes
Occurs when Cloudflare timed out while contacting the origin web server. Two different timeouts may cause the error depending on when they occur between Cloudflare and the origin web server:
- Before a connection is established, the origin web server does not return a SYN+ACK to Cloudflare within 15 seconds of Cloudflare sending a SYN.
- After a connection is established, the origin web server doesn’t acknowledge (ACK) Cloudflare’s resource request within 90 seconds.
Fixes
Step 1: Contact NET Support
Contact NET to check the following common causes at your origin web server:
- Cloudflare IP addresses are rate limited or blocked in .htaccess, iptables, or firewalls. Ensure that the Cloudflare IP addresses are whitelisted.
- An overloaded or offline origin web server drops incoming requests.
- Keepalives are disabled at the origin web server.
- The origin IP address in your Cloudflare DNS app does not match the IP address currently provisioned to your origin web server by NET.
- Packets were dropped at your origin web server.
Step 2: Request Information
If none of the above solves the issue, request the following information from NET or site administrator before contacting Cloudflare support:
- An MTR or traceroute from your origin web server to a Cloudflare IP address that most commonly connected to your origin web server before the issue occurred. Identify a connecting Cloudflare IP recorded in the origin web server logs.
- Details from NET’s investigation such as pertinent logs or conversations with the hosting provider.