Cloudflare recently addressed a major outage that occurred on November 18, 2025, which disrupted internet traffic globally. This incident is noted as the worst service failure for the company since 2019. Initially, there were concerns that the cause was a large-scale DDoS attack; however, CEO Matthew Prince later confirmed that the problem was due to an internal misconfiguration.
The outage began around 11:20 UTC, leading to increased HTTP 5xx error messages for users accessing various websites and services reliant on Cloudflare’s infrastructure. The failure stemmed from a permission update in a ClickHouse database cluster that affected the Bot Management system. A query intended to create a configuration file generated duplicate entries, which increased its size beyond the memory limits set in Cloudflare’s routing software and caused cascading failures.
As problematic feature files propagated across Cloudflare’s network, conflicting versions appeared on various servers, causing the system to struggle between functional and failing states. This unpredictability led to confusion, with spikes in traffic and service interruptions mistakenly pointing to an external attack.
By 14:24 UTC, Cloudflare’s teams began taking steps to stabilize the situation by halting the distribution of new files and restoring operational protocols. By approximately 14:30 UTC, traffic flow started recovering, with full service restored by 17:06 UTC.
The failure had a significant impact, particularly because it affected core functionalities such as TLS termination, request routing, and security enforcement. Both current services—like Cloudflare’s Turnstile authentication and Workers KV key-value store—and their dashboards experienced performance issues or outright failures. Although essential functions like DDoS mitigation remained unaffected, there was an immediate decline in spam detection accuracy due to the disruption.
In response to the incident, Cloudflare is implementing several systemic changes to prevent future occurrences. These additions include enhanced validation of configuration files, global kill switches for critical features, improvements in error handling across proxy modules, and methods to manage resource usage efficiently during high-failure events.
This incident serves as a stark reminder of the potential for small configuration errors to result in widespread outages within large-scale networks. The situation underscores the importance of resilience engineering and robust configuration management in preventing such failures, especially in an era of increasingly complex cloud environments.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.