When traffic flows through the NOC CDN and WAF, the edge servers act as an intermediary between visitors and your origin server. If the edge server cannot connect to your origin or receives an unexpected response, it returns a specific error code to the visitor. This guide explains the most common connection error codes, their causes, and how to fix them.
Error 520: Unknown Error
A 520 error means the origin server returned an unexpected or empty response that the NOC edge could not interpret.
Common causes:
- The origin server returned an empty response (zero-length body with no status code).
- The origin server closed the connection unexpectedly before sending a complete HTTP response.
- The origin server returned response headers that exceed size limits.
- A server-side application crashed or timed out before completing the response.
How to fix:
- Check your origin server error logs (e.g.,
/var/log/apache2/error.logor/var/log/nginx/error.log) for application crashes or PHP fatal errors. - Verify that your application is running and responding correctly by accessing the origin server IP directly (bypassing the CDN).
- Ensure response headers are within reasonable size limits. Large cookie headers or custom headers can trigger this error.
- Check if a security module on your origin (e.g., mod_security) is blocking requests from NOC edge IPs.
Error 521: Web Server Is Down
A 521 error means the NOC edge could not establish a TCP connection to your origin server. The origin server actively refused the connection.
Common causes:
- Your web server (Apache, Nginx, LiteSpeed) is not running.
- Your origin server's firewall is blocking connections from NOC edge IP addresses.
- The web server is listening on a different port than configured in NOC.
- Your hosting provider has suspended your account.
How to fix:
- Verify your web server is running:
systemctl status nginxorsystemctl status apache2. - Check that your firewall allows connections from NOC edge IP ranges on ports 80 and 443. See the NOC dashboard for current edge IP ranges.
- Confirm the origin IP address configured in NOC matches your actual server IP.
- Contact your hosting provider if the server appears to be suspended or unreachable.
Error 522: Connection Timed Out
A 522 error means the NOC edge attempted to connect to your origin server but the TCP connection timed out before being established (no SYN-ACK received).
Common causes:
- Your origin server is overloaded and cannot accept new connections.
- A firewall or network device between NOC and your origin is silently dropping packets (no RST, no response).
- The origin IP configured in NOC is incorrect or the server at that IP is offline.
- Network routing issues between the NOC edge and your origin's data center.
How to fix:
- Check your origin server's resource usage (CPU, memory, disk I/O). A server under heavy load may not respond to new connections in time.
- Verify the origin IP address in your NOC dashboard is correct and the server is online.
- Check your server's firewall for rules that might silently drop (not reject) connections from NOC edge IPs. DROP rules cause timeouts while REJECT rules cause 521 errors.
- Run a traceroute from your server to a NOC edge IP to identify network path issues.
Error 523: Origin Is Unreachable
A 523 error means the NOC edge could not resolve the origin server's hostname or could not route to the origin IP address.
Common causes:
- The origin hostname configured in NOC has a DNS resolution failure.
- The origin IP address is not routable (e.g., a private IP address like 192.168.x.x or 10.x.x.x was entered).
- The origin server's IP address has changed and NOC has not been updated.
- The origin server's data center is experiencing a network outage.
How to fix:
- Verify the origin IP or hostname in your NOC dashboard is correct and publicly routable.
- If using a hostname for the origin, verify it resolves correctly:
dig origin.example.com. - Check if your server's IP has changed (common with cloud instances) and update NOC if needed.
- Contact your hosting provider if the entire data center or network segment is unreachable.
Error 524: A Timeout Occurred
A 524 error means the TCP connection to the origin was established successfully, but the origin server did not send an HTTP response within the timeout period. The connection was established but the server did not respond in time.
Common causes:
- A long-running server-side process (database query, API call, file processing) that exceeds the edge timeout.
- PHP scripts hitting the
max_execution_timelimit or timing out during external API calls. - The origin server's application is deadlocked or waiting on a resource that is not available.
- Slow database queries blocking the web server worker from responding.
How to fix:
- Identify and optimize slow operations on your server. Check slow query logs for database performance issues.
- Increase PHP
max_execution_timeif the process legitimately needs more time, but also investigate why the operation is slow. - Move long-running operations to background workers or async job queues rather than processing them in the HTTP request cycle.
- If the operation must be long-running (file uploads, data exports), consider using the NOC dashboard to increase the origin response timeout for specific paths.
General Troubleshooting Steps
For any connection error, start with these steps:
- Bypass the CDN: Access your origin server directly by its IP address to confirm it is responding. If the origin is down, the issue is on your server, not with NOC.
- Check origin server logs: Review your web server and application error logs for errors that correspond with the time of the CDN error.
- Verify firewall rules: Ensure your origin firewall allows inbound HTTP/HTTPS connections from NOC edge IP ranges.
- Check NOC dashboard: Review the WAF and monitoring logs in the NOC dashboard for additional error details and patterns.
- Test with curl: Use
curl -I https://your-origin-ip -H "Host: yourdomain.com"to simulate the CDN's connection to your origin and see the raw response.
Get
Started