Cloudflare 527 error stipulates an interrupted connection between Cloudflare and the origin’s Railgun server.

Here at Bobcares, we have seen several such Cloudflare related errors as part of our Server Management Services for web hosts and online service providers.

Today we’ll take a look at the cause for this error and see how to fix it.

Reasons for Cloudflare error 527 – Railgun Listener to origin error

An interrupted connection between Cloudflare and the origin’s Railgun server results in Cloudflare error.

Frequently, this happens due to a firewall block or other network incidents between rg-listener and Cloudflare, such as packet loss on the line.

Some common causes of the error include:

1. Connection timeouts.
2. LAN timeout exceeded.
3. Connection refusals.
4. TLS/SSL related errors.

How to fix Cloudflare error 527

Now, let us take a look at the different suggestions our Support Engineers provide to our customers to rectify this Cloudflare error message.

Connection timeouts

Frequently, if the Railgun Listener is unable to establish a TCP handshake with the origin server, then the below errors results within the Railgun logs for requests:

~~~

connection failed 0.0.0.0:443/example.com: dial tcp 0.0.0.0:443: i/o timeout
no response from origin (timeout) 0.0.0.0:80/example.com

~~~

Therefore, our Support Engineers test for connectivity issues between your origin web server and your Railgun Listener. So, we use netat command-line utility that reads and writes data across network connections, using the TCP or UDP protocols.

For example,

nc -vz SERVERIP PORT

In addition, we use other commands like cURL, ping, or running traceroute/mtr against the web server’s source IP.

Some example commands would be:

curl -svo /dev/null --resolve example.com:PORT:SERVERIP 'http[s]://example.com/'

ping SERVERIP

And, with the help of commands ping or nc, we check whether the web server’s ports are open and accepting traffic from the Listener.

LAN timeout exceeded

By default, the timeout limit set by lan.timeout parameter, and this parameter can be found in the railgun.conf file. So,  it decides the time frame for the origin server to send an HTTP response to the Listener.

Also, If the origin server does not meet the given timeout limit, it shows the following error

connection failed 0.0.0.0:443/example.com: dial tcp 0.0.0.0:443: i/o timeout

Therefore, our Support Engineers increase the timeout limit by the lan.timeout parameter of the railgun.conf file or review the webserver configuration.

Luckily,  this helps us to find why the origin is taking a long time to respond to requests from the Listener. Sometimes, load/bandwidth

Mostly, high server load/bandwidth makes the webserver unable to respond effectively to requests.

Connection refusals

Sometimes, the connection to the origin server from the Railgun Listener is refused. Then the error message looks like

Error getting page: dial tcp 0.0.0.0:80:connection refused message occurs

So, our Support Engineers ensure the Listener’s server IP is whitelisted from the origin server’s access control settings.

[Need any further assistance in fixing Cloudflare errors? – We are here to help you.]

Conclusion

In short, this Cloudflare error 527 occurs due to an interrupted connection between Cloudflare and the origin’s Railgun server.  In today’s writeup, we saw the different causes and fixes our Support Engineers provide to our customers to fix this error.