Connection Timed Out — the origin server took too long to complete the TCP handshake
What 522 Means
The 522 error on the Cloudflare Edge-Errors indicates connection timed out — the origin server took too long to complete the tcp handshake. This typically occurs due to extreme server cpu or memory overload delaying responses.
A The 522 error indicates that the connection request was dispatched to the origin server, but the server failed to respond to the initial network handshake within the strict 15-second timeout threshold.
Technical Background
The 522 status represents a symptom of acute network or server exhaustion. While a 521 means the server actively refused the connection, a 522 means the server is simply ignoring the connection attempt, forcing the proxy to eventually stop waiting.
Mechanically, this means the proxy sent an initialization packet to initiate contact, but never received the return packet from the origin within the short window. This is fundamentally a deep networking failure, not an application code issue.
Load balancers and security groups often cause 522 errors if misconfigured. If an appliance decides to silently drop invalid traffic rather than reject it, the persistent silence appears indistinguishable from a server that is crippled by heavy load.
Common Causes
- Extreme server CPU or memory overload delaying responses
- Asymmetric routing causing packet loss in one direction
- Rate-limiting firewalls dropping packets instead of refusing them
- Network congestion between the edge and the origin host
Typical Scenarios
- A database query locks the entire server CPU, preventing the OS from acknowledging network traffic
- A malicious attack floods the origin port, causing legitimate traffic to time out in the queue
- A routing error sends return packets to a black hole instead of back to the proxy
What to Know
A 522 error directs diagnostic attention squarely to network appliance rules and overall server load limits. If the server is not overwhelmed by traffic, administrators must audit firewalls to ensure packets from Cloudflare are not being silently dropped.
Frequently Asked Questions
Common questions about Cloudflare 522 error
It means the proxy tried to contact your origin server, but the server did not answer the initial network packet within the maximum waiting period.
A 521 means the server actively rejected the connection immediately. A 522 means the server ignored the connection attempt entirely until a timeout occurred.
Check your server's CPU and memory usage to ensure it isn't completely frozen. If the server is healthy, verify that your firewall is not silently dropping the proxy IPs.