tencent cloud

Tencent Cloud EdgeOne

Release Notes and Announcements
Release Notes
Security Announcement
Announcements
Product Introduction
Overview
Strengths
Use Cases
Comparison Between EdgeOne and CDN Products
Use Limits
Purchase Guide
Description of Trial Plan Experience Benefits
Free Plan Guide
Billing Overview
Billing Items
Subscriptions
Renewals
Instructions for overdue and refunds
Comparison of EdgeOne Plans
About "clean traffic" billing instructions
DDoS Protection Capacity Description
Getting Started
Choose business scenario
Quick access to website security acceleration
Quick deploying a website with Pages
Domain Service&Origin Configuration
Domain Service
HTTPS Certificate
Origin Configuration
Site Acceleration
Overview
Access Control
Smart Acceleration
Cache Configuration
File Optimization
Network Optimization
URL Rewrite
Modifying Header
Modify the response content
Rule Engine
Image&Video Processing
Speed limit for single connection download
DDoS & Web Protection
Overview
DDoS Protection
Web Protection
Bot Management
API Discovery(Beta)
Edge Functions
Overview
Getting Started
Operation Guide
Runtime APIs
Sample Functions
Best Practices
Pages
L4 Proxy
Overview
Creating an L4 Proxy Instance
Modifying an L4 Proxy Instance
Disabling or Deleting an L4 Proxy Instance
Batch Configuring Forwarding Rules
Obtaining Real Client IPs
Data Analysis&Log Service
Log Service
Data Analysis
Alarm Service
Site and Billing Management
Billing Management
Site Management
Version Management
General Policy
General Reference
Configuration Syntax
Request and Response Actions
Country/region and Corresponding Codes
Terraform
Overview
Installing and Configuring Terraform
Practical Tutorial
EdgeOne Skill User Guide
Automatic Warm-up/Cache Purge
Resource Abuse/hotlinking Protection Practical
HTTPS Related Practices
Acceleration Optimization
Scheduling Traffic
Data Analysis and Alerting
Log Platform Integration Practices
Configuring Origin Servers for Cloud Object Storage (Such As COS)
CORS Response Configuration
API Documentation
History
Introduction
API Category
Making API Requests
Site APIs
Acceleration Domain Management APIs
Site Acceleration Configuration APIs
Edge Function APIs
Alias Domain APIs
Security Configuration APIs
Layer 4 Application Proxy APIs
Content Management APIs
Data Analysis APIs
Log Service APIs
Billing APIs
Certificate APIs
Origin Protection APIs
Load Balancing APIs
Diagnostic Tool APIs
Custom Response Page APIs
API Security APIs
DNS Record APIs
Content Identifier APIs
Legacy APIs
Ownership APIs
Image and Video Processing APIs
Multi-Channel Security Gateway APIs
Version Management APIs
Data Types
Error Codes
FAQs
Product Features FAQs
DNS Record FAQs
Domain Configuration FAQs
Site Acceleration FAQs
Data and Log FAQs
Security Protection-related Queries
Origin Configuration FAQs
Troubleshooting
Reference for Abnormal Status Codes
Troubleshooting Guide for EdgeOne 4XX/5XX Status Codes
520/524 Status Code Troubleshooting Guide
521/522 Status Code Troubleshooting Guide
Tool Guide
Agreements
Service Level Agreement
Origin Protection Enablement Conditions of Use
TEO Policy
Privacy Policy
Data Processing And Security Agreement
Contact Us
Glossary
DocumentationTencent Cloud EdgeOneTroubleshooting521/522 Status Code Troubleshooting Guide

521/522 Status Code Troubleshooting Guide

Focus Mode
Font Size
Last updated: 2025-09-01 14:49:23
When you use Tencent Cloud EdgeOne to accelerate site access resources, the client's requests will be sent to the EdgeOne edge node, then back to the middle layer node, and finally back to the origin. Therefore, if there are issues during the access process, it may involve problems with multiple layers of network links. When EdgeOne fails to reach the origin, a 52x error will occur. This document will guide you on how to troubleshoot when encountering a 521/522 status code.
Taking the 522 status code as an example:

Definition

The 522 status code is a custom status code defined by EdgeOne, indicating that the node's request to the origin has timed out during the TCP connection stage because the origin did not respond. Thus, the node responds to the client with a 522 status code. Please refer to the list of abnormal status codes for the meanings of other status codes.




Phenomenon



Possible Causes

Issues with the origin's own services
Security policy of the origin
ISP restrictions (HTTP)

Troubleshooting Method

Initiate an HTTP/HTTPS request from a third party (not from CDN or origin) directed at the origin for testing. The third party can be a personal PC, server, monitoring platform, etc. You can use the command-line tool CURL on the server to troubleshoot.

Step 1: Confirm the Origin Configuration Information

If you have no special configurations, it is sufficient to follow the origin, protocol, and port set in "Domain Management". If you have special configurations, you can determine them as follows:
1. Origin IP: The origin IP needs to be confirmed based on the origin, origin group, load balancing, and the configuration of "Modify Origin" in the rules engine in "Domain Management".
2. Origin-pull Protocol: The origin protocol needs to be confirmed based on "Domain Management", the rules engine "Origin HTTPS", and the origin protocol in "Modify Origin".
3. Origin-pull Port: If there are no special configurations, it will be 80 or 443. If you modified the origin port in the "Modify Origin" operation in the rules engine, follow the modified one.
4. Origin-pull HOST: Default follows the acceleration domain name. If you set it in the rules engine "Host Header Rewrite" operation, the set one shall prevail.
5. Origin-pull Path: Default follows the request URL. If you modified it in the rules engine "Rewrite Origin URL" operation, the modified one shall prevail.

Step 2: Troubleshoot Issues with the Origin's Own Services

There may be issues with the origin's services, such as port not being open. Use the command-line tool telnet to send a telnet request to the origin port from the third-party platform:
telnet  [origin_ip]  [port]
Note: Ensure CURL version is above 7.21.3.
Assuming the origin uses port 80, and the origin IP is 1.1.1.1.
telnet 1.1.1.1 80
If the TCP connection is disconnected or remains in connection from the third-party platform, execute the following command on the origin to confirm whether the origin's 80 port is open:
netstat -tnlp|grep -w 80
If the TCP connection is successfully established or you found the origin port is open, proceed to Step 3.

Step 3: Troubleshoot Origin Security Policies

Possible reasons include:
1. The origin has set a firewall, and the EdgeOne return node IP is not on the IP whitelist.
Use CURL to obtain an EO-LOG-UUID, submit it to Tencent Cloud technical support, and have them check the IP of the EdgeOne return node. Verify whether the return node IP is in the origin's IP whitelist. The method to obtain the UUID is as follows:
2. The origin has set access rate limits, causing the EdgeOne return requests to be too frequent.
Directly point to the origin and initiate multiple requests concurrently to see if the failed connection or timeout phenomenon can be reproduced.

Step 4: ISP Restrictions

If all the above checks are normal, it is possible that there are restrictions from the ISP. You need to capture packets at the origin to confirm whether TCP SYN packets are received. The troubleshooting method is as follows:
Capture packets on the EdgeOne return node and the origin concurrently, and initiate a telnet request from the EdgeOne return node to the origin (to be performed by Tencent Cloud technical support). The test command is as follows:
EdgeOne return node:
telnet  [origin_ip]  [port]

# Capture packets
tcpdump -nn -s0 -i [network card] -w src_port.pacp
Origin:
tcpdump -nn -s0 -i [network card] -w src_port.pacp
By comparing the packets from the EdgeOne return node and the origin, confirm whether the SYN packets from the EdgeOne return node were received by the origin.

Solution

For the 522 status code, if it's confirmed that the origin server has a long connection response time (EdgeOne's default connection timeout is 5 seconds), you can try adjusting the "TCP Connection Timeout." The timeout setting should not exceed the client timeout to prevent EdgeOne origin nodes from triggering client timeout disconnections while waiting for the origin server's response. Currently, "TCP Connection Timeout" is not supported as a standard feature in the console. If needed, please contact us.


Previous Topic: 520/524 Status Code Troubleshooting GuideNext Topic: Real User Monitoring

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback