Cloudflare 520 Error

slvmr

Verified User
Joined
Jul 31, 2020
Messages
8
Hello!

I am getting 520 errors on some websites. Could a wrong configuration on the openlitespeed side cause this? where should I start debugging? I've been trying to solve this problem for a long time

Note: Today I upgraded the openlitespeed version from 1.7.4 to 1.7.5 and the problem started to appear more and more.

Thanks.
 

jamgames2

Verified User
Joined
Aug 16, 2019
Messages
148
this sharing my experiment.

did you allow and ignore to " cloudfalre ip list " to security like mod_security " OWASP or COMODO " or what ever like your firewall

this hard to debug
it's should be problem since your main " Internet Switch " to your server.

You told " on some websites ". then should check your Server first.

long ago I face with this problem too, and I debug from "tcpdump" to track cloudflare connection to makesure cloudflare can access to my server.
then it's my firewall problem.

and try to custom your /etc/sysctl.conf
becarefully should learning one by one and not change value until you know it.



#nginx_apache
 

slvmr

Verified User
Joined
Jul 31, 2020
Messages
8
Hello @jamgames2 !

Thank you for sharing your experiences. I'm using CSF and Mod Security OWASP. When i disabled csf and modsecurity (for problematic site) still getting 520 Error. Do you think an openlitespeed setting could cause this? The site is running normally and when I want to refresh the page constantly (after 4-5 times) I see error 520. Frequent occurrence of this error after updating the openlitespeed version made me suspicious.
Also my sysctl.conf is empty. Are there any special settings I should check? For add new config to sysctl.conf

Thank you!
 

jamgames2

Verified User
Joined
Aug 16, 2019
Messages
148
yes, need to find problem with directly

because there are so many way that cause 520ERROR


only I know default sysctl can't hold many client. You have to tuning with yourself


and some csf option shoud disable it directly


as I know cloudflare will use keepalive to resend data.
default sysctl keepalive will 60Second try pullup like 300 - 900 second


because About network are diferrently I can't help anymore than this

Thanks.
 

sysdev

Verified User
Joined
Jul 16, 2007
Messages
226
Just a few things to keep in mind:

First, check your logs for the obvious like service crashing, empty response pages etc.
Next, make sure your headers (headers + cookies etc) are below 8k in total because that's CloudFlares limit (iirc).
Check if your website doesn't return invalid http status codes.
 

slvmr

Verified User
Joined
Jul 31, 2020
Messages
8
Actually server sends an empty response when cloudflare disabled. There is no error in the website logs, I will try to look at all system logs. @sysdev
 

sysdev

Verified User
Joined
Jul 16, 2007
Messages
226
Actually server sends an empty response when cloudflare disabled. There is no error in the website logs, I will try to look at all system logs. @sysdev
'good'... because it explains the 520 error. Now find out why your server outputs an empty page. This is most likely the cause of a crashing litespeed service.
 
Top