Why does Cloudflare timeout exactly at 100 seconds?

Cloudflare enforces a strict 100-second limit on the time it waits for an origin server to send the first byte of the HTTP response. This is a global setting designed to prevent connection exhaustion on Cloudflare's edge nodes. Only Enterprise customers can adjust this limit up to 6000 seconds.

I'm getting a 504 Gateway Timeout instead of a 524. What's the difference?

A 524 error means Cloudflare successfully connected to your origin server, but the origin didn't respond in time. A 504 error usually means Cloudflare couldn't even establish the TCP connection to your origin, often because the origin is completely offline, the firewall is blocking Cloudflare IPs, or the origin's connection queue is totally full.

Can I bypass the timeout by sending keep-alive headers?

No, standard TCP keep-alive packets do not reset the 100-second timer. However, if your application supports it, you can keep the connection open by continuously flushing small amounts of data (e.g., whitespace or a heartbeat JSON object) to the client while the heavy processing continues. This prevents the 524 error, but requires the client to handle streaming responses.

How do I fix a timeout when uploading large files?

If the upload takes longer than 100 seconds, the connection will drop. To fix this, implement chunked uploads (resumable uploads). Break the file into smaller chunks (e.g., 10MB each) on the client side, and send each chunk as a separate API request. The server then recombines them.

Does disabling the proxy (grey-clouding) fix the timeout?

Yes, if you change your DNS record in Cloudflare from 'Proxied' (orange cloud) to 'DNS Only' (grey cloud), traffic will go directly to your origin server, bypassing Cloudflare's 100-second limit entirely. However, you will lose all Cloudflare security, WAF, caching, and DDoS protection for that subdomain. This is only recommended for internal API endpoints not exposed to the public.

Fixing Cloudflare API Timeout Errors: HTTP 524 and 504 Gateway Timeouts

Resolve Cloudflare API timeouts (Error 524 A Timeout Occurred, 504 Gateway Timeout). Learn to diagnose origin server delays, increase limits, and implement retr

Last updated: February 23, 2026

Last verified: February 23, 2026

1,242 words

Key Takeaways

Cloudflare's default timeout for HTTP requests is 100 seconds (Error 524). Enterprise customers can increase this limit.
Timeouts often indicate that the origin server is overwhelmed, processing heavy database queries, or experiencing a deadlock.
Implement exponential backoff and retry logic in your API clients to handle transient 524 and 504 errors gracefully.
Use asynchronous processing (e.g., webhooks, Celery, Redis queues) for long-running tasks instead of holding the HTTP connection open.

Fix Approaches Compared
Method	When to Use	Time	Risk
Implement Async Processing	Long-running tasks (>100s) like reporting or video rendering	High	Low
Optimize Origin Server	Database queries or script executions are too slow	Medium	Low
Increase Cloudflare Timeout	Enterprise plan users needing >100s for legacy synchronous APIs	Low	Low
Client-Side Retries	Transient network issues or temporary origin spikes	Low	Medium

Understanding the Error

When working with the Cloudflare API or routing your own API traffic through Cloudflare, you may encounter timeout errors. The most common manifestations are HTTP 524 A Timeout Occurred and HTTP 504 Gateway Timeout. These errors occur when Cloudflare establishes a successful TCP connection to the origin server, but the origin fails to respond with a HTTP response within the expected timeframe. For most Cloudflare plans (Free, Pro, Business), the default and maximum timeout is exactly 100 seconds. If your origin server does not send the HTTP headers within this window, Cloudflare drops the connection and serves a 524 error page or JSON response to the client.

Exact error messages you might see in your API client or logs include:

HTTP/2 524 A Timeout Occurred
cf-ray: 85d1...-EWR
curl: (28) Operation timed out after 100001 milliseconds with 0 bytes received
Requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='api.example.com', port=443): Read timed out. (read timeout=100)

Step 1: Diagnose the Bottleneck

The first step is determining where the delay is happening. Is it a transient network issue, a completely locked-up origin server, or simply a task that legitimately takes longer than 100 seconds?

Check Origin Server Logs: Log into your origin server and review the access and error logs for your web server (Nginx, Apache) and application server (Gunicorn, Node.js, PHP-FPM). Look for requests that correspond to the timestamp of the 524 error. If the request is in the access log with a duration greater than 100 seconds, the task is simply too slow. If it's not in the logs, the application server might be completely deadlocked or out of worker threads.
Bypass Cloudflare: Attempt to reproduce the issue by hitting the origin server directly via its IP address (if your firewall allows it, or from an internal network). Use curl -v -H "Host: api.yourdomain.com" http://<ORIGIN_IP>/endpoint. Measure how long it actually takes to respond.
Monitor Resource Usage: Use tools like top, htop, or Datadog to check CPU, Memory, and I/O wait on the origin server during the API request. High I/O wait often indicates a slow database query holding up the HTTP thread.

Step 2: Implement Short-Term Fixes

If you need immediate relief while working on a long-term architectural fix, consider these options:

Client-Side Retries: If the timeouts are intermittent (e.g., 1 in 100 requests), implement an exponential backoff retry mechanism in your API client. This handles temporary spikes in origin load gracefully.
Optimize Database Queries: A frequent cause of API timeouts is missing database indexes. Use EXPLAIN ANALYZE on your Postgres or MySQL queries to identify table scans. Adding a simple index can drop query time from 120 seconds to 50ms.
Increase Limits (Enterprise Only): If you are on an Enterprise Cloudflare plan, you can increase the proxy_read_timeout beyond 100 seconds via the Cloudflare API or dashboard. Use the API endpoint: PATCH /zones/:zone_identifier/settings/proxy_read_timeout.

Step 3: Architectural Fix - Asynchronous Processing

The most robust solution for tasks that inherently take a long time (generating massive PDF reports, triggering CI/CD pipelines, processing video) is to stop holding the HTTP connection open. You must transition from synchronous to asynchronous processing.

Acknowledge Immediately: When the client sends the API request, the server should immediately return an HTTP 202 Accepted response. This response should include a task_id or a Location header pointing to a status endpoint.
Queue the Work: The origin server places the heavy workload onto a message queue (e.g., Redis, RabbitMQ, Amazon SQS).
Background Workers: A background worker process (e.g., Celery in Python, Sidekiq in Ruby) picks up the task from the queue and processes it at its own pace, completely independent of the Cloudflare 100-second limit.
Polling or Webhooks: The API client can then poll the status endpoint (GET /api/v1/tasks/{task_id}) every few seconds to check if the job is complete, or the origin server can fire a webhook back to the client when the data is ready.

By decoupling the HTTP request cycle from the heavy processing logic, you completely eliminate the risk of Cloudflare 524 timeout errors and dramatically improve the scalability of your API.

Frequently Asked Questions

bash

# 1. Diagnose: Test origin response time directly, bypassing Cloudflare
# Replace <ORIGIN_IP> with your actual server IP address
curl -v -o /dev/null -w "Connect: %{time_connect} TTFB: %{time_starttransfer} Total time: %{time_total}\n" -H "Host: api.yourdomain.com" http://<ORIGIN_IP>/slow-endpoint

# 2. Check Nginx error logs on the origin for worker exhaustion
tail -n 100 /var/log/nginx/error.log | grep "worker_connections are not enough"

# 3. Enterprise Plan: Increase proxy_read_timeout via Cloudflare API (e.g., to 300 seconds)
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/YOUR_ZONE_ID/settings/proxy_read_timeout" \
     -H "Authorization: Bearer YOUR_API_TOKEN" \
     -H "Content-Type: application/json" \
     --data '{"value": 300}'

Error Medic Editorial

Error Medic Editorial is a team of veteran Site Reliability Engineers and DevOps practitioners dedicated to demystifying complex infrastructure failures.

Sources

Explore More API Errors Guides

AWS API Rate Limit Exceeded (ThrottlingException): Complete Troubleshooting Guide

Fix AWS ThrottlingException and API timeouts with exponential backoff, Service Quotas increases, and optimized API polling strategies for your workloads.

Azure API Timeout: 'The operation timed out' — Root Causes and Fixes

Fix Azure API timeouts caused by misconfigured APIM policies, backend latency, or connection limits. Step-by-step diagnostics and policy fixes included.

Azure API Timeout: Fix 504 Gateway Timeout and RequestTimeout Errors in Azure API Management, Functions, and ARM

Diagnose and fix Azure API timeout errors (504, 408, RequestTimeout) across API Management, Functions, and ARM. Includes policy fixes, host.json config, and CLI