Cloudflare has confirmed that a bug in one of its core services caused a major outage on Tuesday, taking large portions of the internet offline and affecting traffic to services including X, ChatGPT, and, ironically, Downdetector. The company’s CTO, Dane Knecht, posted a public apology shortly after services were restored, calling the incident "unacceptable" and attributing the disruption to a routine configuration change that triggered a crash in its bot mitigation layer.
The incident began at approximately 11:48 UTC on November 18, with Cloudflare's official status site acknowledging “internal service degradation”. As the issue spread, users across several regions reported failures to access not only Cloudflare-backed websites but also its Access and WARP services. The company later identified a specific dependency in its bot defense tooling as the source of the problem.
"We failed our customers and the broader internet," Knecht wrote. "A latent bug in a service underpinning our bot mitigation capability started to crash after a routine configuration change. That cascaded into a broad degradation to our network and other services. This was not an attack."
By 14:42 UTC, Cloudflare had deployed a fix and began restoring affected components. Dashboard functionality, including analytics and error logging, remained partially degraded into the afternoon as engineers monitored for residual faults. A temporary suspension of WARP access in London was also enacted as part of the mitigation process.
Cloudflare’s bot mitigation stack, which includes challenge flows such as Turnstile and JavaScript verification layers, sits inline with traffic to many high-profile websites and APIs. Because these systems are used not only to block malicious actors but also to gate access for legitimate users, faults in this layer can result in widespread service disruption even when core CDN or DNS infrastructure remains operational.
This is the third major outage to affect major sites in less than a month. In October, a large section of AWS’s US-East-1 region went offline for over two hours following what Amazon later attributed to a broken DNS configuration. Then, just days later, a huge Azure outage hit Microsoft.
These incidents raise broader questions about how widely used services and platforms handle internal service faults and dependency isolation at scale — roughly 19% of the Internet relies on Cloudflare, while Azure and AWS account for roughly 24% and 30% of the cloud computing market, respectively.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter Get Tom's Hardware's best news and in-depth reviews, straight to your inbox. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.