A few days ago, Cloudflare suffered an outage. On Thursday, February 6, 2025, the American company triggered a generalized malfunction of several of its services. The outage lasted a little less than an hour, Cloudflare says in a report published on its website.
The origins of the outage are "human error". Apparently, an employee wanted to take action against a phishing site. The employee wanted to block the URL of the malicious site as part of a "routine abuse correction". Cloudflare had received a complaint about the presence of this site on Cloudflare R2, an online storage service.
Cloudflare admits shortcomings
Unfortunately, the employee made a blunder. It didn’t block the URL identified as malicious, but it did disable the entire R2 Gateway service, which manages access to stored files. In short, the employee disabled the gateway to all files, rather than just one endpoint.
Cloudflare says that “insufficient validation checks” resulted in the service being disabled, disrupting all systems that rely on that infrastructure. A host of Cloudflare services went down, or didn’t function properly for nearly an hour. However, “this incident did not result in the loss or corruption of stored data.”
Cloudflare takes precautions
The company admits that the outage was the result of a “failure of multiple system-level checks” and an issue with the “training of operators” responsible for the blocking. Following the outage, Cloudflare has taken steps, such as removing the option to disable systems in the abuse management interface and adding restrictions in the admin API. In the same vein, Cloudflare will apply more stringent access controls and introduce two-step verification for any high-risk actions. These additions should prevent an employee from accidentally blocking an entire system in the future.
This is the second outage Cloudflare has suffered in the space of a few months. In November 2024, some of the group's services were inaccessible for more than three hours. Some of the logs sent to customers were lost during this time. To explain the outage, the firm explained that it had encountered a bug in Logpush, a service that automatically sends logs to third-party storage or analysis platforms.
Source: Cloudflare
0 Comments