• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Fixing Error 521: Web server is down (plesk + cloudflare)

A

Ale

New Pleskian
Current setup: DigitalOcean>Droplet>Plesk>Domain>Wordpress

Cloudflare
- DNS
- A Domain IP, orange cloud
- CNAME www Domain, orange cloud
- Crypto > SSL > Full

Few times a day I am getting “Error 521 - Web server is down” when editing things inside Wordpress, the site would restore itself after some time.

Any ideas on how to fix that?
 
AusWeb said:
Are you running Web Application Firewall (ModSecurity) and Fail2Ban?

To me this sounds like you are getting blocked while editing WP. This is common, False Positive from ModSecurity and get banned by Fail2Ban.
Click to expand...

It can't be WAF! I also had the same problem appearing randomly in some sites during the last month. I finally removed Cloudflare from the affected sites as i couldn't pinpoint what caused it.

According to Cloudflare: "A 521 error happens when we are unable to make a TCP connection to your origin server. Specifically, Cloudflare tried to connect to your origin server on port 80 or 443, but received a connection refused error. This is often caused by security or firewall software and happens if the origin server has directly refused Cloudflare’s proxy request."

WAF would return a 403 error or something after a successful connection! It can't refuse TCP connections. Also note that Apache is behind Nginx - it doesn't connect directly to the outer world.

When i had the same problem i checked everything! I checked all the logs (server logs and ModSecurity logs) and there no trace of the connection/request. Also tried to disable firewall and double checked against the Cloudflare IP ranges to ensure that i don't block the incoming connection. I also checked Fail2Ban but it blocked only connections on SSH port and none of those was insede the Cloudflare IP range. So currently i think it could be a Cloudflare issue. :(
 
AusWeb said:
Yes, It can be WAF + Fail2Ban.

Disable the Fail2Ban and check the result.
Click to expand...
Hi , it's happen to me too when i check cloudflare is already listed to failban by (ModSecurity)
So what i did is to whitelist Cloudflare IP , Now i don't get error 521
 
I am having the same problems, not only error 521 but error 524 as well

how can I whitelist all CloudFlare IPs in Plesk?

www.cloudflare.com

IP Ranges

This page is intended to be the definitive source of Cloudflare’s current IP ranges.
www.cloudflare.com www.cloudflare.com

will that make fail2ban "blind" or should fail2ban process real IPs from visitors (provided by CloudFlare)
 
I'm having the same problem, is it safe to whitelist all Cloudflare IPs in Fail2Ban?
Is there any downside in terms of security?
 
Kapnos said:
I'm having the same problem, is it safe to whitelist all Cloudflare IPs in Fail2Ban?
Is there any downside in terms of security?
Click to expand...
Yes
No
* You are trusting cloudflare anyway, or you wouldn't use them.
* Any ban would overreach massively since you have no way to tell legit access from scriptkiddies.
If you don't like that, don't use cloudflare as the whole point is that all connections are proxied over their machines.
(You can, however, block almost all web access EXCEPT cloudflare. But you should leave some way of access open in case cloudflare is down or something.)
 
I had kinda same issue, some images won't load and return 521 error, and some js-s. I have added all the IPs of Cloudflare to whitelist of Fail2ban and everything seems fine now.. that was spooky

Upd: Now my server start returning 521 for whole website unpredictably. I switch off fail2ban and everything is ok. I can rely on my insane passwords and hidden login pages I guess
 
Last edited:
Try adding the following line to nginx configuration:

proxy_hide_header Upgrade;

The error might be caused due to invalid headers.
 
You must log in or register to reply here.

Similar threads

S
Issue Plesk not showing correct IPs in error logs and is blocking cloudflare IPs in fail 2 ban resulting in server going down.
Replies
4
Views
932
sulabhpuri
S
C
Question Plesk with Cloudflare Proxy DNS Records and Letsencrypt..
Replies
0
Views
962
cpulove
C
kaw.one
Question (VPS) Cloudflare, Gmail and Other Plesk Panel 8443 (2 minutes - slow read)
Replies
1
Views
2K
kaw.one
kaw.one
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
8
Views
2K
HHawk
HHawk
I
Question Configuring Plesk with a Reverse Proxy and Cloudflare
Replies
1
Views
3K
kriteodoro
K
Back
Top