Fixing Cloudflare API Timeout Errors (HTTP 524 A Timeout Occurred)
Resolve Cloudflare API timeout errors (HTTP 524, 504). Learn how to diagnose origin server delays, adjust proxy settings, and implement async API processing.
- HTTP 524 (A Timeout Occurred) happens when the origin server fails to send an HTTP response within Cloudflare's strict 100-second limit.
- HTTP 522 (Connection Timed Out) indicates Cloudflare could not establish a TCP connection to your origin server within 15 seconds.
- HTTP 504 (Gateway Timeout) usually points to an issue between your origin's reverse proxy (e.g., Nginx) and the application server (e.g., Gunicorn/Node).
- Quick Fix: For long-running tasks, switch from synchronous API requests to an asynchronous pattern using background workers and polling or webhooks.
| Method | When to Use | Implementation Time | Risk Level |
|---|---|---|---|
| Implement Async Processing (Workers) | For tasks inherently taking >100s (e.g., reporting, bulk imports) | High (Days) | Low |
| Optimize Database/Application | When API responses are unusually slow due to unoptimized queries or bad code | Medium (Hours) | Medium |
| Bypass Cloudflare (Grey Cloud) | Temporary fix or for internal subdomains handling massive payloads | Low (Minutes) | High (Exposes Origin IP) |
| Upgrade to Enterprise Plan | When you need to increase the timeout limit up to 600s without code changes | Low | Low |
Understanding Cloudflare API Timeouts
When routing traffic through Cloudflare, your architecture changes. Instead of clients connecting directly to your server, they connect to Cloudflare's edge nodes, which then proxy the request to your origin server. This introduces a strict time limit: Cloudflare will wait a maximum of 100 seconds for an HTTP response from your origin server. If your server doesn't respond within this window, Cloudflare drops the connection and returns an HTTP 524 A Timeout Occurred error to the client.
While 100 seconds is generous for standard web traffic, APIs dealing with bulk data exports, machine learning inferences, or heavy database aggregations often exceed this limit, leading to frustrating timeout issues.
Diagnosing the Exact Error
Before implementing a fix, it is crucial to identify which component is timing out. Cloudflare uses specific HTTP status codes to indicate the nature of the failure:
- Error 524 (A Timeout Occurred): Cloudflare successfully connected to your origin server via TCP, but the origin did not return an HTTP response within 100 seconds.
- Error 522 (Connection Timed Out): Cloudflare could not establish a TCP connection to your origin. This usually means your server is down, a firewall (like iptables or AWS Security Groups) is blocking Cloudflare's IPs, or routing is misconfigured.
- Error 504 (Gateway Timeout): Often generated by your origin server's reverse proxy (e.g., Nginx or HAProxy) when it fails to get a response from the upstream application server (e.g., Node.js, PHP-FPM, or Gunicorn) in time. Cloudflare simply passes this 504 error to the client.
Step 1: Rule Out Network and Firewall Issues (Error 522)
If you are seeing Error 522, the API timeout is a connectivity issue, not a processing delay.
- Check Server Status: Ensure your origin server is online and the web server service (Nginx/Apache) is running.
- Verify Cloudflare IPs: Cloudflare proxies requests from specific IP ranges. Ensure your firewall allows inbound traffic on ports 80/443 from all of Cloudflare's published IP ranges (
https://www.cloudflare.com/ips/). - Check Cloudflare SSL/TLS Settings: If your origin does not have a valid SSL certificate but Cloudflare is set to 'Full (Strict)', the connection will fail. Temporarily switch to 'Full' or 'Flexible' to test.
Step 2: Address Origin Server Timeouts (Error 504)
If you see a 504 Gateway Timeout, Cloudflare isn't killing the connection; your own infrastructure is.
For Nginx:
Check your Nginx error logs (/var/log/nginx/error.log). You might see upstream timed out (110: Connection timed out) while reading response header from upstream. Increase the proxy timeout settings in your nginx.conf or virtual host configuration:
location /api/ {
proxy_read_timeout 120s;
proxy_connect_timeout 120s;
proxy_send_timeout 120s;
fastcgi_read_timeout 120s; # If using PHP-FPM
proxy_pass http://localhost:8000;
}
For Gunicorn/uWSGI (Python):
If you are using Python, Gunicorn's default timeout is often 30 seconds. Increase it in your startup command or config:
gunicorn --timeout 120 main:app
Step 3: Fix Cloudflare 100-Second Timeouts (Error 524)
If you are hitting the hard 100-second limit and cannot upgrade to a Cloudflare Enterprise plan (which allows increasing the limit up to 600 seconds), you have two primary architectural options.
Option A: Implement Asynchronous API Processing (Recommended)
Synchronous APIs block the client until the task is complete. For long-running tasks, this is an anti-pattern. Instead, implement an asynchronous job queue:
- Client requests task: The client calls
POST /api/v1/generate-report. - Server queues task: The API server immediately places the job in a message broker (e.g., RabbitMQ, Redis, AWS SQS) and returns an
HTTP 202 Acceptedwith ajob_idand a polling endpoint (e.g.,Location: /api/v1/jobs/123). This takes milliseconds. - Worker processes task: A background worker (e.g., Celery for Python, Sidekiq for Ruby, BullMQ for Node.js) picks up the job and processes it without keeping the HTTP connection open.
- Client polls for status: The client periodically sends
GET /api/v1/jobs/123. The server returnsstatus: pendingorstatus: completedwith the result URL.
This pattern completely eliminates 524 errors, improves API resilience, and provides a better user experience.
Option B: Bypass Cloudflare (Grey-Clouding)
If refactoring the API is not feasible in the short term, you can bypass Cloudflare's proxy for specific endpoints.
- Create a new DNS A record (e.g.,
api-direct.yourdomain.com) pointing to your origin IP. - Crucial: Click the orange cloud icon in the Cloudflare DNS dashboard to turn it grey (DNS Only). This means traffic will route directly to your server, bypassing Cloudflare's CDN, WAF, and timeout limits.
- Update your clients to point to this new subdomain for long-running endpoints.
Warning: This exposes your origin server's IP address, making it vulnerable to DDoS attacks. Only use this as a temporary stopgap or for strictly internal tools secured by IP whitelists or strong authentication.
Frequently Asked Questions
# Diagnostic script to test API endpoint response times and headers
# This helps determine if the timeout is occurring at the origin or the edge.
API_ENDPOINT="https://api.yourdomain.com/v1/long-running-task"
echo "Testing API Endpoint: $API_ENDPOINT"
echo "--------------------------------------------------"
# Run cURL with detailed timing output
curl -w "\n\nTime Connect: %{time_connect}s\nTime TTFB: %{time_starttransfer}s\nTotal Time: %{time_total}s\nHTTP Code: %{http_code}\n" \
-o /dev/null \
-s \
-D - \
-X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_TOKEN" \
-d '{"action": "export", "range": "all"}' \
"$API_ENDPOINT"
# How to read the results:
# If 'Total Time' hits ~100s and 'HTTP Code' is 524, it's a Cloudflare timeout.
# If 'Time TTFB' is slow but completes, your origin is just slow.
# If 'Time Connect' fails, check your firewall (potential 522).Alex Mercer, Sr. SRE
Alex Mercer is a Senior Site Reliability Engineer with over 10 years of experience managing high-traffic APIs, optimizing reverse proxies, and architecting resilient cloud infrastructure.