Cloudflare Error 522

Seji

Hi,

For the last couple of weeks I've been having problems accessing https://www.waynesbooks.net with Vivaldi (current version 3.8.2259.42). I'm getting Cloudflare Error 522 - Connection timed out. I tired some troubleshooting and this is what I found:

Error 522 appears in a standard window
Sometimes, but not always, I'm able to reach the site using Private Browsing
With a clean profile and/or cleaned cookies and cache the issue persists
With a recent snapshot (stand-alone installation) the issue persists
The site works fine in Firefox and Edge, but loads only partially or shows Error 522 in Chrome
The site works on my phone on Vivaldi, both with my ISP via wi-fi and via a mobile connection
Traceroute shows that there are no issues on the way
Finally, the site works for my friends on Chrome and Edge

Is there anything else I should try or check? I'm starting to think that the issue is not related to Vivaldi, at least not directly, given that at least my Chrome also has the same problem but I want to be sure.

Pathduck

@seji Hi, error 522 is a server error, there's nothing wrong with your client (Vivaldi). Most likely the host was down when you tried.

Traceroute just uses ICMP ping so is no guarantee http/s connections work.

Best you can do is contact the site admins to let them know. I strongly doubt this is browser-related. Unless you've set your browser to use some VPN or similar proxy solution.

Seji

@Pathduck No VPN and no proxy. I can simultaneously open the site in FF and get 522 error in Vivaldi (did that just now). The first time I've encountered this I though it would be temporary - server error, as you said, but now this is an ongoing issue.

Pathduck

@seji Well I know CF needs to set some cookies on your machine and sometimes if this fails then a redirect loop might happen for some sites. Doesn't seem to be the case for this site though. But check your cookie settings that you're not blocking anything.

You've tried in a clean profile I guess so that should exclude extensions and other possible settings.

I did a CF diagnostic test on the site, it does give some errors but again that's something the server admins will need to fix.
https://www.cloudflare.com/en-gb/diagnostic-center/?url=https%3A%2F%2Fwww.waynesbooks.net

One thing to try:

Go to url chrome://settings/security
Toggle the "Use secure DNS" setting. Most likely it's set to Enabled, i.e. use DNS over HTTPS. So set it to Disabled.
Try again

What IP are you getting for the site when pinging?

Seji

@pathduck Thanks. I'll contact the site admin then.

Secure DNS was indeed on but turning it off didn't help.
Pinging IPs while I'm on IPv6:
v4: 172.67.155.105
v6: 2606:4700:3036::ac43:9b69

After switching to IPv4:
104.21.90.93

Pathduck

@seji Yeah those IPs look OK. I get the same:

www.waynesbooks.net.    300     IN      A       172.67.155.105
www.waynesbooks.net.    300     IN      A       104.21.90.93

Seji

So, I did some more digging, contacted site admin who in turn logged a ticket with Cloudflare. Cloudflare responded that everything appears fine from their end. One user with a problem is unfortunately not a good sample.
Still, the issue persists only in Chrome and Vivaldi. Could it be something in Windows settings? I tried everything I can think of.

Pathduck

@seji Well, Firefox uses its own proxy settings, while Chrome/Vivaldi uses the OS proxy settings. Then again you said Edge and it should also use the OS setting.

Apart from maybe differences in installed extensions or maybe an anti-virus making trouble I have no idea.

Try to clear data from the site: Open Devtools (F12), Application tab, Storage, click Clear Storage, including third-party.

Try to logging out of the site, open Devtools (F12), Network tab. Recreate the issue and click the first request to www.waynesbooks.net. Then copy the content of the Headers tab from the request here in a code block (use </> icon). I can then compare with what I see here.

You could also try in an admin cmd prompt:
ipconfig /flushdns
arp -d *

I'm grasping at straws here LOL

Seji

@Pathduck I find the whole issue pretty strange. Reminds me of times with the old Opera and sites refusing to work properly unless you were using IE. And yes, Edge also does not work.

Anyway flushing DNS did not help, neither clearing the storage.
For the extensions I tried again with a clear profile today (no extensions, no adblock, no changes in the settings) - same issue. Checked Windows Security (I don't have any additional AV), removed Vivaldi and Chrome from the firewall list, added them again. Nothing.
Header content below.

Request URL: https://www.waynesbooks.net/
Request Method: GET
Status Code: 522 
Remote Address: [2606:4700:3030::6815:5a5d]:443
Referrer Policy: strict-origin-when-cross-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 652932985964fcfd-OTP
content-type: text/html; charset=UTF-8
date: Thu, 20 May 2021 23:03:19 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
set-cookie: cf_use_ob=0; path=/; expires=Thu, 20-May-21 23:03:49 GMT
X-DNS-Prefetch-Control: off
x-frame-options: SAMEORIGIN
:authority: www.waynesbooks.net
:method: GET
:path: /
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,pl-PL;q=0.8,pl;q=0.7
cache-control: max-age=0
cookie: cf_ob_info=522:652931d4acdffcfd:OTP; cf_use_ob=443
dnt: 1
referer: https://www.waynesbooks.net/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90"
sec-ch-ua-mobile: ?0
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.214 Safari/537.36

Pathduck

@Seji Well, for what it's worth this is what I get in a clean 3.8 Stable profile:

Request URL: https://www.waynesbooks.net/
Request Method: GET
Status Code: 200 
Remote Address: 104.21.90.93:443
Referrer Policy: strict-origin-when-cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, private
cf-cache-status: DYNAMIC
cf-ray: 652952448b681c0e-OSL
cf-request-id: 0a2db1bed000001c0e07306000000001
content-encoding: br
content-security-policy: img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: filesystem: mediastream: *
content-type: text/html; charset=UTF-8
date: Thu, 20 May 2021 23:24:57 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BQc%2Fdwha6RQAOerJBMVVdvXBMyBtPlUN790l2Qx5DZ9klNv%2BJpCfIcZcSxlbTP4KSb%2FwJDPNFV9QcJtS6JSbAXElvvOsUqxopPFA3oO6G7wGVIHz"}],"group":"cf-nel","max_age":604800}
server: cloudflare
set-cookie: XSRF-TOKEN=eyJpdiI6ImY0MHgwdEs0dFRmd0I4Wm9TY3BuNlE9PSIsInZhbHVlIjoiRi9kcG9sRXdYVFA5djU4Skh6WDZwdjBCNmlXTnIwZTBHNXI1WkExTE1zTzBoYStsV2NsUlFjQjl1Qkt6V1ZmcStrNnhLRVZqWldKVWVJUkVmb1phazBRQzE2NllHTGZiZ2pKWFBLMjgrSDZ4SFpBWkRkTVFQeXFXeWg5emhVMnoiLCJtYWMiOiJiYTRmZTYzNjk1ZDc4OGZhZWU5Njg2OGZhZjc0M2Y4ZTgyOTRjMGZhMjYyMGIwZmEwZWZkODhkMDYzNjBlMmRmIn0%3D; expires=Fri, 21-May-2021 04:24:57 GMT; Max-Age=18000; path=/; samesite=lax
set-cookie: chrislands_session=ArEWI25NlozPoz0xW4mMA64gDXtBucTmAzSGc4e1; expires=Fri, 21-May-2021 04:24:57 GMT; Max-Age=18000; path=/; httponly; samesite=lax
strict-transport-security: max-age=604800; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
:authority: www.waynesbooks.net
:method: GET
:path: /
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-GB,en-US;q=0.9,en;q=0.8
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90"
sec-ch-ua-mobile: ?0
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.214 Safari/537.36

I notice there's a lot more response headers, but that might just be because I actually reach the server while you stop at Cloudflare. And I use IPv4. Try disabling IPv6 on your system and see if it helps.

You said in the first post: "The site works fine in Firefox and Edge,"
But now you say "Edge also does not work."
So all these Chromium-based browsers use the OS proxy settings, might be a clue for you to double and triple-check.

Also the fact that you actually do stuff in your Firewall kind of leads me to suspect things might lie there. You said no VPN and no Proxy but never mentioned Firewall, - what firewall is this? There really should be no need for users to mess around with the Windows Firewall.

Seji

@Pathduck
Firewall- this is standard Windows 10 built-in firewall. I simply removed Vivaldi entry and Windows added it again.

So, a funny development from this morning... After switching to IPv4 the site stopped loading in any browser. The same after switching back to IPv6. It also does not work now via Wi-fi on my phone but works on a mobile connection.
I even restored the router to factory settings when looking for a possible block. No results.

Later I tried with my work laptop - the site still does not work when I'm on my Wi-fi but works when I'm using my company's VPN.

So my guess now is that it might have something to do with my ISP.

Tracert output:

Tracing route to waynesbooks.net [104.21.90.93]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  funbox.home [192.168.1.1]
  2     5 ms     2 ms     3 ms  kra-bng3.neo.tpnet.pl [83.1.5.8]
  3     3 ms     5 ms    11 ms  kra-r11.tpnet.pl [80.50.18.93]
  4    17 ms    17 ms    17 ms  ae16-10.ffttr7.frankfurt.opentransit.net [193.251.249.5]
  5    43 ms    44 ms    43 ms  hundredgige0-0-0-0.buctr1.bucuresti.opentransit.net [193.251.128.181]
  6     *        *        *     Request timed out.
  7    38 ms    40 ms    38 ms  104.21.90.93

Seji

@Gwen-Dragon Thanks, I'll let him know to check from that angle. There were cases in the past when Polish ISP was blocked here and there.

Pathduck

@seji Make sure you note down and inform them of the CF Ray ID that should show on all error pages. This will help them track down where the problem lies.

I get the following from CountryTraceRoute to that IP:

1                    192.168.0.1          router.asus.com      Reserved             0 ms                 0 ms                 0 ms                 0 ms                                      64                                                             
2                    185.1.55.18          ae6.no-323-rt1.get.n Norway               19 ms                1 ms                 1 ms                 7 ms                                      252                                                            
3                    185.1.55.41                               Norway               8 ms                 2 ms                 1 ms                 4 ms                                      251                                                            
4                    104.21.90.93                              United States        1 ms                 1 ms                 1 ms                 1 ms                                      60

Something must be up with the routing from your ISP.

davidliam

This post is deleted!