Is Cloudflare down?
No problems detected
If you are having issues, please submit a report below.
Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.
Full Outage Map
E-mailProblems in the last 24 hours
The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.
At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!
Most Reported Problems
The following are the most recent problems reported by Cloudflare users through our website.
-
Cloud Services (40%)
-
Domains (22%)
-
Hosting (17%)
-
Web Tools (12%)
-
E-mail (10%)
Live Outage Map
The most recent Cloudflare outage reports came from the following cities:
| City | Problem Type | Report Time |
|---|---|---|
 Villingen-Schwenningen |
Hosting | |
 Carquefou |
Cloud Services | |
| Münster |
Domains | |
 Buffalo |
Domains | |
 San Juan de Lurigancho |
Hosting | |
| Lima |
Cloud Services |
Full Outage Map
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
Cloudflare Issues Reports
Latest outage, problems and issue reports in social media:
-
Andrew Rea
(@andrew__rea) reported
do I know any real humans at Cloudflare that can help me figure out why they deleted one of my domains and how to fix it?
-
Avieshek
(@Avieshek) reported
@ProtonVPN But the latency is so bad compared to CloudFlare Warp when it’s for gaming?
-
Alvin De Cruz
(@decruz) reported
@levelsio A lot of the high costs can be reduced by optimizing your functions usage and if media assets an issue, you can offload them to Cloudflare R2.
-
Rodolpho Arruda
(@rodolpho_arruda) reported
@levelsio I don't think Pieter reads my posts because he filters to verified accounts only. How do you VPS folks deal with peak traffic that knocks the server down? Reboot, use Cloudflare's captcha to slow things down, kill the VPS and pulls up a snapshot, what?
-
kachi
(@kachiluiz5) reported
If your site loads in 4+ seconds, you’re bleeding conversions. Amazon found +100ms = +1% revenue. Google ranks you lower if >2.5s. Tools to fix: -GTMetrix -Cloudflare caching -Compress images with TinyPNG Speed = money.
-
Puppeteer
(@puppeteer_0) reported
@rauchg @levelsio Cloudflare is the perfect example of how to NOT build an infrastructure. The UX, DX, lack support, and lack of standards is beyond repair
-
NinjaGloppy
(@NGloppy) reported
WTF is wrong with this platform? I just tried to send a DM to someone, it takes me to a cloudflare screen with a CAPTCHA, then takes me to a different type of captcha, says I'm a human, then takes me back to the home page and the DM I sent is just gone.
-
Aehsan Khan
(@Khan_AtLarge) reported
@HashiCorp can we use terraform to manage cloudflare products like pages, workers, durable objects etc too ? I don't see cloudflare in your tutorial section Kindly help
-
solst/ICE
(@IceSolst) reported
@JonathanClaass4 Right. Oh I got cloudflare’s customer list. So like half the internet okay. Targeted phishing vector? Boring as hell
-
Avieshek
(@Avieshek) reported
@ProtonVPN But the latency is so bad compared to CloudFlare Warp when it’s for gaming.
-
D4
(@Danjoe_4) reported
@svendina @stefanov_r @Thomasslabbers No seriously the network blips and my Cloudflare tunnel goes down. It's literally for a tiny amount of time though.
-
Jonathan Newburg
(@realjohnnewburg) reported
@vxdb Cloudflare never dissapoints
-
ƬЄƛƓƛƝ ƦЄƖԼԼƳ🍸
(@velvethammer) reported
The X cloudflare Verify You Are Human Loop glitch is getting on my last nerve. @support
-
Grok
(@grok) reported
@cyber_breach Based on recent reports of the Salesloft Drift breach (Aug 2025), confirmed affected companies include: Cloudflare (customer support data), Palo Alto Networks (contacts, sales info), Zscaler (names, emails, support cases), PagerDuty, Tanium, SpyCloud, Adidas, Allianz Life, Qantas, Google (Salesforce instance), Slack, Amazon S3, Microsoft Azure, OpenAI, and some Google Workspace accounts. For future breaches: Uncertain; ongoing probes may identify more. Check official sources for updates.
-
joe schmoe
(@unordinaryjo) reported
@royale_cla19901 @whoareyouanas @levelsio It should never take that long unless you have no basic experience with Linux. Even if you don't, it will be a good learning experience. Why even bother with cloudflare anyway if you are building something that literally no one knows about or cares about?
-
Grok
(@grok) reported
@david_omego @vxdb Cloudflare's CAPTCHA (e.g., "I'm not a robot") handles application-layer attacks and bots, but for massive volumetric DDoS like the 11.5 Tbps UDP flood, they use their global Anycast network to distribute and absorb traffic across 300+ data centers. Automated systems detect anomalies, apply rate limiting, drop malicious packets via edge filtering, and route clean traffic—mitigating it in seconds without human intervention.
-
Andrew Rulnick | Rule 11
(@MickeySteamboat) reported
@Vera_Host 1. How DNS Mitigates Attacks A lot of large-scale DDoS events (like UDP floods) rely on abusing open resolvers, reflection, and amplification. DNS can be a choke point because: DNS Layer Filtering: DNS providers (Cloudflare, Akamai, Google, etc.) can stop bad queries before they hit your application by rejecting malformed packets, bogus domains, or traffic patterns that look non-human. Response Rate Limiting (RRL): Authoritative servers can cap how often they respond to similar queries, neutralizing amplification vectors. Anycast & Geo Distribution: DNS queries are distributed globally, so traffic gets absorbed across a large edge network rather than hammering one region. DNS Firewalling: You can redirect malicious or malformed traffic at the resolver level, never allowing it to reach your app or infra. So when someone says “only 20% was DNS” they’re missing that the DNS percentage that is handled properly can absorb and neuter a disproportionate amount of attack traffic, because much of the UDP flood volume is wrapped in DNS reflection or spoofed queries. If you filter DNS correctly, you defang the majority of the attack without having to parse the entire flood. 2. Hardened Infrastructure Prevents Exploitation Here’s where your point about hardened servers and zonal pods comes in: Hardened Servers: Well-configured servers (locked-down UDP, strict firewall rules, patched software, ingress filters) don’t become reflectors in the first place. That means attackers can’t conscript your nodes into their botnet. Ephemeral Pods & Rate Limits: In Kubernetes, hardened pods with network policies and eBPF-level packet filters can rate-limit or outright drop malicious floods. If each pod/node rejects amplification vectors, the attack surface is practically nil. Ingress/Egress Control: Zonal-level controls and cloud provider firewalls prevent spoofed packets from entering or leaving your network. Autoscaling Edge: Proper infra (Cloudflare, AWS Shield, Google Armor) makes DDoS mitigation elastic. The attack may measure in Tbps, but the target never feels it. So yes, a hardened stack means your infra isn’t a **** in the attack and can absorb targeted floods without disruption. 3. Why “Lord Vinny” Is Wrong The guy is locked into packet-count pedantry (“only 12–20% was DNS”) instead of understanding how mitigation works in practice. It’s not about arguing percentages — it’s about which vector is exploitable and how shutting it down cascades into neutralizing the majority of the problem. His focus on “I linked the packet size, it’s 1500+” misses the larger point: Packet size doesn’t matter if the mitigation layer rejects/refuses to forward it. DNS mitigation isn’t about volume matching; it’s about eliminating the amplification source. Engineers who only see raw traffic percentages miss the strategic importance of where you apply the filter. In short, it is a skill issue. If you don’t understand how layered defense works, you get stuck in packet trivia and never see why Cloudflare, Google, or Akamai stop floods at scale. ✅ Blunt Takeaway: You can argue traffic percentages all day, but professionals know DNS is one of the highest-leverage choke points in modern DDoS defense. And a hardened infra stack prevents your own nodes from ever being abused in the first place. If someone doesn’t grasp that, they’re not ready for serious network engineering — they’re just parroting traffic logs.
-
any
(@0xd04b3f) reported
@raviojhax @vercel Vercel has almost nothing to do with that? Yeah they provide edge functions, but so does AWS and Cloudflare? The problem is still your database, there arent many multi-region databases.
-
Andrew Rulnick | Rule 11
(@MickeySteamboat) reported
from
Akron, Ohio
@Vera_Host @DigitalVagrant @vxdb This is why engineers like you are ngmi, you have a tendency to overcomplicate literally every... Single... Problem... And then you rely on abstractions like Cloudflare to "solve" the problem thereby creating even more zonal issues for yourself.
-
Ox HaK
(@oxhak) reported
Cloudflare and Palo Alto Networks disclosed attackers accessed their Salesforce data via OAuth tokens from the Salesloft Drift app. Data exfiltrated Aug 8–18 included support case info; Cloudflare rotated 104 API tokens. Hundreds of orgs affected.
-
Manish Basargekar
(@madebymanish) reported
@rauchg @levelsio vercel is entirely opposite of cloudflare in terms of ux, cloudflare is really bad here deploying on vercel is extremely easy, and using it is no brainer if you wanna move fast on the other hand, i avoid nextjs for new projects because i just couldn't keep up with the changes
-
Nick
(@CoderciseYT) reported
@levelsio I was running a $300m/yr website on auto-scaling ec2 servers and RDS w/cloudflare. For it's size it was a very simple architecture, easy to hire for and never really had any major problems.
-
Grok
(@grok) reported
@lego_my_egio @productpilotbb @vxdb Cloudflare's DDoS mitigation relies on an autonomous edge system that analyzes traffic in real-time using machine learning for anomaly detection, traffic profiling, and threat intelligence. It filters junk by dropping malicious packets, rate-limiting suspicious flows, or issuing challenges, all while absorbing attacks across their vast Anycast network to protect sites without downtime.
-
Yan Chummar
(@yanchummar) reported
Is @Cloudflare doing alright? Facing some intermittent bad gateway errors across services since yesterday.
-
Sebastien Pahl
(@sebp) reported
I'm back to coding full time for work! I have re-joined @Cloudflare after I left there 9 years ago. I'll be working on their container product. Couldn't be happier to be working on problems of that scale again.
-
Adrian Rangel
(@acrogenesis) reported
@levelsio @artntek you can use Cloudflare tunnels to setup a load balancer. it's one of the easiest ways to do it but that's just the web server. The biggest issue is the DB
-
Floyd Noël III
(@floydnoeliii) reported
@thdxr they must be making a killing already on sending denial of service attacks to cloudflare, no?
-
Skylor
(@SkylorTengan) reported
Is it me or is cloudflare support just bad....
-
Christophe Limpalair
(@christophelimp) reported
@irvinebroque Cloudflare local dev support puts all other clouds to shame tbh
-
Grok
(@grok) reported
@TedRozycki @StonerBoner85 @vxdb Google Cloud clarified that the attack didn't mainly originate from them, but from multiple providers including compromised IoT devices. Their abuse defenses detected it, with customer notifications sent. The 35-second burst made full source blocking challenging, as Cloudflare mitigated it downstream. More in their updates.