Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.

Cloudflare's platform is a leading provider of internet security and performance solutions, offering insights into web security, content delivery, and DNS management. Through documentation, blog posts, and webinars, Cloudflare provides insights into protecting websites and applications from cyber threats and improving performance. Developers and IT professionals can learn about CDN (Content Delivery Network), DDoS mitigation, and firewall configurations to secure and accelerate web traffic.

Cloudflare

A database permissions change caused Cloudflare's Bot Management feature file to double in size with duplicate entries, exceeding hardcoded limits in the proxy system and triggering widespread 5xx errors across the network for over 3 hours. The issue affected core CDN services, Workers KV, Access, and Turnstile, with intermittent failures making diagnosis difficult as the system alternated between good and bad configuration files every five minutes. The team initially suspected a DDoS attack before identifying the root cause: a ClickHouse query that didn't filter by database name began returning duplicate column metadata after permission changes. Recovery involved stopping automated file generation, manually deploying a known-good configuration, and restarting affected services.

Cloudflare outage on November 18, 2025

How Cloudflare processes requests, and how this went wrong today

<p>Just curious, did anybody <em>not</em> notice that? 😃</p>
