I have a one-click WordPress droplet with Apache which I’m setting up with Cloudflare, but I’m getting the 521 error after 24 hours of running correctly. In the ufw found these logs:
Oct 9 03:13:11 server kernel: [321863.958922] [UFW BLOCK] IN=eth0 OUT= MAC=aa:55 SRC=188.8.131.52 DST=192.241.xxx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=24217 DPT=443 WINDOW=0 RES=0x00 RST URGP=0 Oct 10 23:04:43 server kernel: [479753.958110] [UFW BLOCK] IN=eth0 OUT= MAC=aa:55 SRC=184.108.40.206 DST=192.241.xxx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=0 DF PROTO=TCP SPT=61238 DPT=443 WINDOW=0 RES=0x00 RST URGP=0 Oct 10 23:03:52 server kernel: [479703.575523] [UFW BLOCK] IN=eth0 OUT= MAC=aa:55 SRC=220.127.116.11 DST=192.241.xxx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=52244 DPT=443 WINDOW=0 RES=0x00 RST URGP=0 Oct 10 09:16:25 server kernel: [430057.326473] [UFW BLOCK] IN=eth0 OUT= MAC=aa:55 SRC=18.104.22.168 DST=192.241.xxx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP SPT=64694 DPT=443 WINDOW=0 RES=0x00 RST URGP=0 Oct 10 09:20:12 server kernel: [430283.566827] [UFW BLOCK] IN=eth0 OUT= MAC=aa:55 SRC=22.214.171.124 DST=192.241.xxx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP SPT=13066 DPT=443 WINDOW=0 RES=0x00 RST URGP=0 Oct 10 10:11:24 server kernel: [433355.930680] [UFW BLOCK] IN=eth0 OUT= MAC=aa:55 SRC=126.96.36.199 DST=192.241.xxx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=58 ID=53124 DF PROTO=TCP SPT=65446 DPT=8443 WINDOW=64240 RES=0x00 SYN URGP=0
And in the fail2ban plugin found these:
2022-10-10 09:00:36,485 fail2ban.filter : INFO [wordpress-hard] Found 188.8.131.52 - 2022-10-10 09:00:36 2022-10-10 09:01:37,795 fail2ban.filter : INFO [wordpress-hard] Found 184.108.40.206 - 2022-10-10 09:01:37 2022-10-10 09:10:48,327 fail2ban.filter : INFO [wordpress-hard] Found 220.127.116.11 - 2022-10-10 09:10:48 2022-10-11 01:43:59,172 fail2ban.filter : INFO [wordpress-hard] Found 18.104.22.168 - 2022-10-11 01:43:59 2022-10-11 01:36:52,798 fail2ban.filter : INFO [wordpress-hard] Found 22.214.171.124 - 2022-10-11 01:36:52 2022-10-11 01:37:54,128 fail2ban.filter : INFO [wordpress-hard] Found 126.96.36.199 - 2022-10-11 01:37:54
For these reasons, I though the problem was the UFW firewall and the fail2ban plugin, so I whitelisted the Cloudflare IP addresses. However, after I have done this, the next day the same thing happened. The longs for UFW showed IP from the 162.158.x.x getting blocked and the WordPress login got blocked by Jetpack before it said that the 162.158.x.x was doing security violations, which of course, this was not my actual IP address.
It’s not until I disable Cloudflare that I can regain access to the site.
Also, at Cloudflare, the site is configured with the “Full” SSL option. The WordPress site is using HTTPS with a Let’s Encrypt certificate.
PS: I have already read the Cloudflare recommendations (at https://community.cloudflare.com/t/community-tip-fixing-error-521-web-server-is-down/42461) but the solutions are working for me.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Click below to sign up and get $200 of credit to try our products over 60 days!
Have you allowed the IPs for port 443 as well? You can use the following command in order to allow it.
You can also check this question that was previously asked in our community