Error 523
This error occurs when Cloudflare cannot contact your origin web server.
This typically occurs when a network device between Cloudflare and the origin web server does not have a route to the origin's IP address.
In AWS environments, a common cause is an overly broad route such as 172.0.0.0/8 in a VPC route table. Cloudflare uses public IP ranges in 172.64.0.0/13, and a broad route can accidentally capture traffic intended for Cloudflare.
Contact your hosting provider and share the necessary error details to exclude the following common causes at your origin web server:
- Confirm the correct origin IP address is listed for A or AAAA records within your Cloudflare DNS app.
- Troubleshoot Internet routing issues between your origin and Cloudflare, or with the origin itself.
- In AWS, review VPC route tables and make sure you are not sending
172.64.0.0/13toward a private destination. If required, add a more specific route for172.64.0.0/13to your Internet Gateway.
If none of the above leads to a resolution, request the following information from your hosting provider or site administrator:
- An MTR or traceroute from your origin web server to a Cloudflare IP address ↗ that most commonly connected to your origin web server before the issue occurred. Identify a connecting Cloudflare IP from the logs of the origin web server.