The Setup
A client running an OpenCart store and a WordPress site reported intermittent Cloudflare 520 errors. Initial reports mentioned issues with custom security software they were running (a proof-of-work challenge being injected via auto_prepend_file), which we helped them disable. The 520s continued.
The Pattern That Made No Sense
Over the following days, the client did remarkably thorough testing on their end and identified a pattern none of us could explain:
- 520 errors only occurred when traffic routed through Cloudflare’s LAX (Los Angeles) PoP
- Other Cloudflare PoPs worked perfectly
- DNS-only mode (no proxy) worked perfectly
- Direct origin access via hosts file worked perfectly
- A clone of the site on a different host, behind the same Cloudflare configuration, worked perfectly
By every measure available to them, the issue was specific to the combination of their site + Cloudflare LAX + our infrastructure.
Continue reading “The Cloudflare 520 Mystery: How a Threat Intel Feed Took Down One Customer Through One Specific PoP”