522 from certain cloudflare servers

[jpenilla]

I am having issues connecting to javadoc.io from a server near San Jose CA.

Testing with https://javadoc.io/doc/org.checkerframework/checker-qual/3.48.0/element-list and https://javadoc.io/doc/org.checkerframework/checker-qual/3.48.0/index.html, using curl and firefox: I get a 522 and the cf-ray in the response is 8e39e2c50f3aab97-SJC-PIG.

When connecting through cloudflare warp I get 8e39e24d4c7acef9-SJC as cf-ray and it works normally (200). This 'solution' is not practical outside of testing for various reasons.

When testing from another server that gets 8e39eacb1ca57ec5-LAX as cf-ray it also works normally.

Could javadoc.io be blocking requests from certain cloudflare servers, or is this purely a cloudflare issue? This has been happening for at least 2 days, and https://www.cloudflarestatus.com/ reports no problems at SJC. (also note that the hash in the cf-ray value changes but the pattern of rays ending in -SJC-PIG failing is consistent.)

[maxcellent]

there is no blocking rules from javadoc.io, so it could only be CF issue. If this issue persists then maybe you can privately send me addresses so that I can raise to CF

[jpenilla]

Thank you for looking into this, I've sent you an email with more details.

[yoneoarai]

I am also seeing this issue on Chrome from San Francisco (however not from Safari on same device). Let me know if there's anything I can send to help debug

[philwebb]

I'm seeing the same 522 response. San Francisco, with Sonic as my internet service provider. Things work when accessing the site via a VPN to Europe.

$ curl -vv https://javadoc.io                                                                                                                                   
* Host javadoc.io:443 was resolved.
* IPv6: (none)
* IPv4: 104.21.234.11, 104.21.234.10
*   Trying 104.21.234.11:443...
* Connected to javadoc.io (104.21.234.11) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=javadoc.io
*  start date: Oct 27 08:31:28 2024 GMT
*  expire date: Jan 25 08:31:27 2025 GMT
*  subjectAltName: host "javadoc.io" matched cert's "javadoc.io"
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://javadoc.io/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: javadoc.io]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: javadoc.io
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/2 522 
< date: Wed, 20 Nov 2024 22:27:28 GMT
< server: cloudflare-nginx
< cache-control: no-store, no-cache
< cf-cache-status: DYNAMIC
< cf-ray: 8e5bdd994d07aba3-SJC-PIG
< 
* Connection #0 to host javadoc.io left intact

[maxcellent]

I have raised ticket to server hosting company. Will keep this thread up to date