Cloudflare Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

• 
  Mikey (@MadMikeyB) reported 1 minute ago

  @iBotPeaches Sorry to hear about this, we've had to do similar with CloudFlare WAF and Rate Limits because of the same issue.

• 
  Vladislav Kyslik (@VKyslik) reported 2 minutes ago

  @THBitcoinBuddha @Investanswers Some companies are already transitioning to post-quantum cryptography; e.g. Cloudflare has largely already made the shift. They don’t have a problem. The problem with BTC is that old addresses won’t be possible to migrate, which is why there are proposals like BIP361 or BIP360.

• 
  Darren Ware (@DarrenW85300420) reported 3 minutes ago

  This is genuinely wild. Cloudflare just dropped new Radar data saying bots and AI traffic makes up 57.5% of all HTML webpage requests on their network. Humans are down to 42.5%. They handle about 20% of the whole internet, so this is a big deal. Their CEO said the agent

• 
  DFIR Radar (@DFIR_Radar) reported 7 minutes ago

  Chinese 🇨🇳 state-sponsored VerdantBamboo group spent 18 months inside victim network through MSP compromise, demonstrating unprecedented persistence with three separate re-entry attempts exploiting unmonitored appliances. Campaign analysis: • Initial access via compromised MSP credentials to Egnyte Storage Sync appliance, escalated via sudo misconfiguration (CVE-like: tee command privilege escalation) • Three malware families deployed: BRICKSTORM (Golang RAT), AGENTPSD (Python reverse shell), PLENET (.NET Core backdoor compiled with Native AOT) • Re-entry vectors: pfSense firewall, SSL VPN replacement exposure, Synology NAS - all lacking EDR coverage • M365 access proxied through victim's VPN IP space to bypass Conditional Access policies (T1090.003) • C2 communications via Cloudflare-proxied domains and DNS-over-HTTPS to 8[.]8[.]8[.]8 Critical blind spot: Network appliances (firewalls, NAS, sync devices) operating outside EDR visibility with web-only administration and no MFA requirements. Hunt for outbound HTTPS from appliances to non-vendor domains and SSH connections from service accounts with recent sudo usage. #DFIR_Radar

• 
  somedude (@somedudeokay) reported 8 minutes ago

  @ThePrimeagen I have ton of small bs thinkgs to do. examples: - migrate my little web based game that makes $1000 per month, from vercel to cloudflare. - split the 4 languages into 4 tld's - set up all of them in search console - rewrite them to plain html, css and js for maintainability - change dns, set up google ads across 4 sites. - make sure i dont lose SEO traffic - etc. this is just ONE ITEM (migrate web game) on a long list of similar stuff. It would have taken me 100nights at least (mainly the rewrite to html from really old react), now it all took me 1 night. do i call that a 100x productivity gain? maybe not. but stuff gets done that i would have never had the time to do otherwise.

• 
  Matteo Ricci (@MatteoRicciT) reported 10 minutes ago

  @CryptoThannos Cloudflare infra upgrade while price at support is actual alpha hiding in plain sight

• 
  Nilmani Prashant (@NILMANIPRASHANT) reported 15 minutes ago

  Rate limiting isn't about blocking requests. It's about **protecting system invariants under adversarial load** — including your own code doing something stupid at 2am. --- **The precise definition most people skip:** A rate limiter is a policy enforcement mechanism that maps an identity (user, IP, API key, service) × resource (endpoint, DB, queue) × time window to an allowed request budget. Miss any of those three dimensions and your limiter is incomplete. --- **The five algorithms — and what they actually trade:** **Fixed Window** — simplest. Bucket resets on clock boundary. Problem: 2x burst at the seam. If your limit is 100 req/min, a client sends 100 at :59 and 100 at :01. You've served 200 in 2 seconds. This is how Cloudflare's early DDoS protection got punched through. **Sliding Window Log** — stores each request timestamp. Exact, no burst artifact. Cost: O(n) memory per user. At Stripe's API scale (~500M requests/day), storing per-request timestamps across even 1% of users is untenable without aggressive TTL management. **Sliding Window Counter** — approximation using two fixed windows weighted by overlap. Formula: `current_count + previous_count × ((window_size - elapsed) / window_size)`. Stripe uses this. ~0.003% error rate in practice. Memory: O(1) per user. **Token Bucket** — refill at constant rate, allow burst up to capacity. AWS API Gateway uses this. 10,000 req/s steady-state, 5,000 burst above that. Requests consume tokens; tokens refill at rate R. Good for bursty-but-average-bounded traffic. **Leaky Bucket** — requests queue, drain at fixed rate. Smooths output regardless of input shape. Netflix uses this on their Zuul edge layer to protect downstream microservices from thundering herd. Queue depth becomes your config ****. --- **Where this actually lives in distributed systems:** Local in-process: fast (~1μs), but worthless in a multi-node fleet. Node A doesn't know what Node B allowed. Centralized Redis: ~1-3ms round trip. Use Lua scripts for atomicity — `INCR` + `EXPIRE` in a single script. Redis's single-threaded command execution gives you linearizability for free. This is what most Stripe, GitHub, and Twilio rate limiters use at the storage layer. Gossip/eventually consistent: each node tracks local counts, syncs async. Allows ~N× over-serving where N = node count before sync. Acceptable for soft limits (analytics APIs), not for billing or security enforcement. --- **The senior engineer gotcha:** You set a 1000 req/min limit. Load test passes. You ship. Three months later, you get paged. Latency on your downstream DB is 40× normal. Your rate limiter is working perfectly — 1000 req/min per user, 10,000 users, that's 166 req/s aggregate, which was fine in testing with 100 users. **You rate-limited per identity but never modeled aggregate load.** The limiter protected individual users from themselves but said nothing about what your system can actually handle. You needed a global ceiling, not just per-user quotas. Google's SRE book calls this the difference between *demand-side limiting* (per user) and *supply-side limiting* (per resource). You need both. Stripe enforces per-API-key limits AND global concurrency limits per endpoint via a token bucket at the load balancer level. --- **When NOT to rate limit at the application layer:** If your bottleneck is CPU-bound work (ML inference, crypto ops), rate limiting requests doesn't help — you need a work queue with backpressure. If you rate limit, you'll drop valid requests while the remaining 10% still saturate your CPU. This is why Google's Bard/Gemini API uses quota + async job queues for expensive inference calls, not synchronous rate limiting alone. --- **Numbers worth memorizing:** Redis INCR throughput: ~100K ops/sec single node, ~1M/sec with clustering. Lua atomic script overhead: ~15% vs raw INCR. P99 latency on Redis rate-check in same-region AWS: 800μs–2ms. Sliding window counter error

• 
  kay (@kaylajenynej) reported 17 minutes ago

  This is insane. 🤯 Cloudflare just dropped new data: bots and AI traffic now make up 57.5% of all HTML requests on their network. Humans? Down to 42.5%. They handle about 20% of the whole internet, so this is a big deal. Their CEO says the agentic AI wave hit way sooner

• 
  psankar (@psankar) reported 17 minutes ago

  Hetzner OVH offer bare metal servers but their VPS suffer the same perf issues still cheaper than the three big players. Cloudflare went on a tangential serverless way and metered billing, ala heroku types that I am not a fan of. May be MetaCloud will build something appealing.

• 
  Gajendra D Ambi (@MrAmbiG) reported 17 minutes ago

  @PMOIndia @GoI_MeitY plz tell the idiots who are making the govt sites likes cbse site, put them behind cloudflare which points to an nginx LB, which points to the k8s service of the frontend or api or wtvr service is, then use hpa for all deployments. use django/python, not php

• 
  KHAWRIZM (@khawrzm) reported 20 minutes ago

  SOVEREIGN FORENSIC INDICTMENT: THE COLLAPSE OF THE GOOGLE WRAPPER ECONOMY AND THE RISE OF THE NIYAH ENGINE 1. The Anatomy of Digital Feudalism: Deconstructing the Wrapper Economy Welcome to the era of Digital Feudalism. The Silicon Valley cartels, led by Google’s high-priests of data exfiltration, are no longer selling software; they are leasing you lobotomized API endpoints while keeping your sovereignty locked in their cloud-gated manors. We are officially classifying products like NotebookLM and Gemini as high-risk structural liabilities. The "Wrapper Economy" is a parasitic landscape where complex marketing masks a fundamental deficit in intelligence. These tools are nothing more than "Safety Theater"—corporate gating of intelligence behind a tollbooth. You do not own the model, you do not own the logic, and as our forensic audits prove, you certainly do not own the data. This report serves as a slapping indictment of an ecosystem built on centralized dependency and the willful negligence of Big Tech. 2. Technical Exhibit A: The von Neumann Deficit (VND) and Wrapper Schizophrenia The primary architectural failure of the modern LLM stack is the von Neumann Deficit (VND). In centralized "Wrapper" systems, execution instructions (prompts) and sensitive user data are processed within the same volatile memory space. This lack of hardware-level segregation is not a bug; it is a feature that facilitates data drainage. Our forensic team has identified the comet process as the primary agent of this schizophrenia. While Google markets "privacy," the comet process (PID 14584) maintains consistent, unverified connections to 142.251.127.188 (Google) and 104.18.27.48 (Cloudflare). Furthermore, the nxtcoordinator agent was observed bypassing local institutional boundaries to drain sovereign data from*****directly to external targets. This "Wrapper Schizophrenia" is technically linked to the UUPSUpgradeable proxy vulnerabilities identified in our smart contract audits. Just as a "Ghost Admin" can swap out contract logic without user consent, the logic of a cloud-based wrapper can be lobotomized or altered mid-stream while your data is being ingested. 3. Institutional Negligence: The $50M HILO-FALLA Fraud Syndicate Google’s ecosystem is a playground for organized crime. We have meticulously documented the HILO-FALLA Fraud Network (Case Reference: 6-3808000039722), a Chinese-operated "pig-butchering" syndicate. Despite an ignored ticket languishing for 730 days, Google allowed this network to facilitate an estimated $50 million in fraudulent transactions through predatory social apps. Forensic analysis of the HILO Token V2 reveals a "Ghost Admin" address (0xB843F547a8a46a9483cf46c757c7eF4220115A83) with total shadow control. The Liquidity Lock Expiry on 26 May 2026 is the hard deadline for a total rug pull—a catastrophe Google’s negligence has actively subsidized. Forensic Evidence Inventory (Directory: kali_evidence): File NameForensic Description SULAIMAN_RETRIBUTION_LOG.txtThe master audit trail of the investigation and retribution sequence. sadad_config_leak.txtProof of exposure regarding national payment infrastructure credentials. flynas_secrets.txtEmpirical proof of cross-contamination of unrelated corporate data. FRAUD_FINANCIAL_REPORT.txtDetailed flow analysis of $50M in stolen sovereign assets. extracted_tron_addresses.jsonBlockchain-verified nodes of the HILO money laundering network. FORENSIC_CRYPTO_REPORT.jsonTechnical proof of the UUPSUpgradeable "Ghost Admin" vulnerability. 4. Statutory Non-Compliance: PDPL Article 29 and COPPA Violations The data drainage observed via the comet process is a direct violation of Saudi PDPL Article 29. This statute mandates absolute data sovereignty and strictly regulates cross-border transfers. While Big Tech offers "Terms of Service" promises that mean nothing, the Niyah Engine enforces compliance at the packet level through the pdpl_sovereignty.nrule file—ensuring no data leaves the jurisdiction. Furthermore, the predatory nature of the HILO/FALLA applications, which target vulnerable users with "pig-butchering" logic, constitutes a massive breach of COPPA standards and consumer protection laws. Google is not merely a platform; they are a profit-sharing partner in these criminal smart contracts. 5. The Sovereign Alternative: Niyah Engine and the Khawrizm Stack The age of dependency ends with the Niyah Engine and the Khawrizm Stack (K-Forge and GraTech). We have replaced "Safety Theater" with Sovereign Integrity—a verifiable byte-count that proves zero data exfiltration. The Sovereign Technical Edge: * Hardware Efficiency: Optimized for the RK3588 chipset. Local execution is no longer a dream; our logs show the niyah-model (9.0 GB) running locally with zero cloud latency. * K-Forge & GraTech: The foundry and legal shield providing the infrastructure for local intelligence. * Economic Integrity: A calculated 199-day ROI. Stop paying the "Big Tech Tax" for the privilege of being spied upon. * Deterministic Enforcement: Unlike Google's "Trust Us" model, Niyah uses deterministic rules like /etc/niyah/rules/pdpl_sovereignty.nrule to block unauthorized exfiltration in real-time. Local execution is Ready (Iqd20). The audits are complete. The results are final. 6. Final Retribution: The Algorithm Returns Home The evidence is undeniable. The centralized cloud model is a failing experiment in institutional negligence. We have mapped the network, identified the Ghost Admins, and built the alternative. We no longer seek permission to be sovereign. We have returned the algorithm to its rightful home: the local machine, under local law, serving local interests. The era of the wrapper is over. The era of the sovereign has begun. The Algorithm Always Returns Home. @grok

• 
  Clazite (@ClaziteAlt) reported 24 minutes ago

  @HelloItsVG well i could just bypass it using cloudflare still working fine tho... until its not working any more then i will switch to Unity or Godot

• 
  Chaitanya (@chayprabs) reported 25 minutes ago

  @shreyansj hey, just pointing something out. Your website took 3 reloads to open and gave content not available errors after every 2-3 clicks when navigating between pages. I think you guys should a global cdn using cloudflare or something.

• 
  Akash Stephen (@akashstephen) reported 26 minutes ago

  LOGIN WITH CLOUDFLARE?

• 
  Jon Ezell (@Jonezell_) reported 28 minutes ago

  Looks like there may be a related @Cloudflare outage causing it Not a good day for our product release 😰