Error 523 Origin Is Unreachable — Causes & Fix Guide

Error 523 Origin Is Unreachable means the CDN cannot reach your origin server at all. The network connection fails before any response is received.

This is a connectivity issue. It usually points to DNS errors, incorrect IP configuration, firewall blocks, or server downtime.

Quick Fix

• Verify your server is online and reachable via its IP address.
• Check DNS records point to the correct origin IP.
• Ensure the server IP hasn’t changed.
• Whitelist CDN IP ranges in your firewall.
• Disable restrictive security rules temporarily.
• Restart networking services if needed.

In most cases, Error 523 Origin Is Unreachable is caused by incorrect DNS or a blocked IP address.

What Is Error 523 Origin Is Unreachable?

Error 523 occurs when the CDN attempts to connect to your server but fails to establish a network route.

No TCP handshake completes. No HTTP response is received.

Connection flow breakdown:

• User → CDN
• CDN → Origin server
• Connection attempt fails
• Error 523 is returned

This differs from:

• Error 521 (connection refused)
• Error 522 (connection timed out)
• Error 520 (unexpected response)

Error 523 means the server is unreachable at the network level.

Why Error 523 Is Critical

• The site becomes completely inaccessible.
• Search engines cannot crawl pages.
• Users receive immediate failure messages.
• Downtime affects trust and revenue.

This is not a minor glitch. It requires immediate investigation.

Common Causes of Error 523

1. Incorrect DNS Configuration

If your DNS record points to the wrong IP address, the CDN cannot connect.

This often happens after:

• Server migration
• Hosting change
• IP reassignment

Outdated DNS records are the most frequent cause.

2. Server IP Changed

Hosting providers sometimes assign new IP addresses.

If DNS is not updated immediately, Error 523 appears.

3. Firewall Blocking CDN IP Ranges

Security systems may block proxy traffic.

If the CDN cannot connect, it assumes the origin is unreachable.

4. Server Offline or Crashed

If the origin server is powered off or overloaded, it will not respond to network requests.

Check uptime immediately.

5. Incorrect Routing or Network Misconfiguration

Sometimes the issue lies in network routing tables.

This usually requires hosting-level intervention.

6. IPv6 / IPv4 Mismatch

If DNS points to an IPv6 address but the server is not configured for IPv6, connectivity fails.

How to Fix Error 523 (Step-by-Step)

Step 1 — Confirm Server Is Online

1. Log into hosting control panel.
2. Check server status.
3. Attempt direct access via IP address.

If direct IP fails, the server is offline.

Step 2 — Verify DNS Records

Check A and AAAA records.

• Ensure they point to the correct IP.
• Remove outdated entries.
• Avoid duplicate records.

Propagation may take time, but incorrect records must be fixed first.

Step 3 — Test Without CDN

Temporarily pause proxying.

If the site loads directly, the issue is CDN-to-origin connectivity.

Step 4 — Whitelist CDN IP Ranges

1. Download official IP ranges.
2. Add them to firewall allowlist.
3. Reload firewall configuration.

This resolves many 523 incidents instantly.

Step 5 — Disable Overly Strict Security Rules

Temporarily disable:

• ModSecurity
• Rate limiting
• Geo-blocking rules

Test again after each change.

Step 6 — Check Network Configuration

Verify:

• Port 80 and 443 are open.
• Server is listening on correct interfaces.
• No outbound restrictions exist.

Step 7 — Confirm Hosting IP Assignment

Contact hosting support to verify that your server IP has not changed.

Advanced Troubleshooting

Run Traceroute

Trace the path from CDN to origin.

Look for dropped hops or routing failures.

Check ARP and Routing Tables

Improper routing can make the server invisible externally.

Verify Reverse DNS

Incorrect reverse DNS entries may cause connectivity issues.

Inspect Network Firewalls

Cloud-level firewalls may override server settings.

Prevention Tips

Monitor Server Uptime

Use monitoring tools to detect outages immediately.

Document IP Changes

Track infrastructure changes to avoid DNS mismatches.

Keep Firewall Rules Updated

Ensure CDN IP ranges remain whitelisted.

Use Stable Hosting Infrastructure

Reliable networks reduce routing errors.

When to Contact Support

Escalate to hosting provider if:

• The server is online but unreachable externally.
• Routing issues appear in traceroute results.
• IP changes were made recently.

Provide timestamps and diagnostic outputs for faster resolution.

FAQ

Is Error 523 a DNS issue?

Often yes. Incorrect or outdated DNS records are the most common cause.

Can firewall rules cause Error 523?

Yes. Blocking CDN IP ranges prevents connectivity.

Is Error 523 temporary?

Only if caused by brief server downtime. Persistent issues require configuration fixes.

How is Error 523 different from Error 522?

522 means timeout. 523 means no network connection at all.

Does Error 523 affect SEO?

Yes. Extended downtime prevents crawling and can impact rankings.

Final Thoughts

Error 523 Origin Is Unreachable is a network-level problem. It indicates that your server cannot be reached from the CDN.

Focus on DNS accuracy, firewall configuration, and server availability. Stable connectivity prevents repeated outages.