Connection limits
When HTTP/HTTPS traffic is proxied through Cloudflare, there are often two established TCP connections: the first is between the requesting client to Cloudflare and the second is between Cloudflare and the origin server. Each connection has their own set of TCP and HTTP limits, which are documented below.
Between client and Cloudflare
| Type | Limit (seconds) | HTTP status code at limit | Configurable |
|---|---|---|---|
| Connection Keep-Alive HTTP/1.1 | 400 | TCP connection closed | No |
| Connection Idle HTTP/2 | 400 | TCP connection closed | No |
Between Cloudflare and origin server
| Type | Limit (seconds) | HTTP status code at limit | Configurable |
|---|---|---|---|
| Complete TCP Connection | 15 | 522 | No |
| TCP ACK Timeout | 90 | 522 | No |
| TCP Keep-Alive Interval | 30 | 520 | No |
| Proxy Idle Timeout | 900 | 520 | No |
| Proxy Read Timeout | 100 | 524 | Yes |
| Proxy Write Timeout | 30 | 524 | No |
| HTTP/2 Pings to Origin | Off | - | Yes |
| HTTP/2 Connection Idle | 900 | No | No |
Configurable limits
Some TCP connections can be customized for Enterprise customers. Reach out to your account team for more details.
Keep-Alives
Cloudflare maintains keep-alive connections to improve performance and reduce cost of recurring TCP connects in the request transaction as Cloudflare proxies customer traffic from its global network to the site’s origin server.
Ensure HTTP keep-alive connections are enabled on your origin. Cloudflare reuses open TCP connections up to the Proxy Idle Timeout limit after the last HTTP request. Origin web servers close TCP connections if too many are open. HTTP keep-alive helps avoid connection resets for requests proxied by Cloudflare.