Background
A 521 error happens when Cloudflare is unable to make a TCP connection to the MediaTemple server on port 80 or 443, but received a connection refused error.
Cause 1: The Server is Down
To restart the server:
- Log in to Plesk (credentials in the New CMS Website Google Docs )
- On the left admin menu, navigate to Tools & Settings.
- Under Server Management, Restart Server.
- Confirm Yes to the dialog box.
Cause 2: Cloudflare Firewall is not recognized
This may be caused by a firewall software when the MediaTemple server refuses to respond to Cloudflare’s proxy request. All IP ranges from Cloudflare must be whitelisted on the server settings to prevent this.
The Dedicated Server (DV) of MediaTemple uses Fail2Ban –an intrusion prevention software framework written in Python– to protect the server from brute-force attacks. Fail2ban uses iptables to block attackers, so, if we want to add a permanent IP address and never be blocked, we must add it in the config file.
- Log-in with the root credentials to the server via SSH on Terminal (Mac) or Command Prompt (Windows).
- Edit the following config file:
vi /etc/fail2ban/jail.conf3. Then, check the line :
ignoreip =4. Locate the [DEFAULT] section of the file and add all the IPs to whitelist. Each IP or range IP must be separated here with whitespace. Example:
ignoreip = 192.168.0.1 192.168.5.0/325. Save the file and restart Fail2Ban:
service fail2ban restart