Cloudflare outage on November 18, 2025
blog.cloudflare.com
Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.

The issue was not caused, directly or indirectly, by a cyber attack or malicious activity of any kind. Instead, it was triggered by a change to one of our database systems’ permissions which caused the database to output multiple entries into a “feature file” used by our Bot Management system. That feature file, in turn, doubled in size. The larger-than-expected feature file was then propagated to all the machines that make up our network.

The software running on these machines to route traffic across our network reads this feature file to keep our Bot Management system up to date with ever changing threats. The software had a limit on the size of the feature file that was below its doubled size. That caused the software to fail.

  • mech@feddit.orgEnglish
    104·
    6 hours ago

    A permissions change in one database can bring down half the Internet now.

    • CosmicTurtle0@lemmy.dbzer0.comEnglish
      4·
      2 hours ago

      tbf IAM is the bastard child of many cloud providers.

      It exists to provide CISOs and BROs a level of security that no one person has access to their infrastructure. So if a company decides that system A should no longer have access to system B, they can do that quickly.

      IAM is so complex now that it’s a field all in itself.

    • SidewaysHighways@lemmy.worldEnglish
      10·
      6 hours ago

      certainly brought my audiobookshelf to its knees when i decided that that lxc was gonna go ahead and be the jellyfin server also