Cloudflare has disclosed the cause of its major service disruption on Tuesday that left parts of the internet inaccessible for hours, describing it as the company’s worst outage since 2019. Several Nigerian websites on Cloudflare’s network experienced downtime or slow loading, affecting news media outlets, e-commerce platforms, and other online services.
The outage stemmed from an internal change to the permissions system of a database connected to Cloudflare’s Bot Management feature. The modification caused a “feature file” to double in size, exceeding software limits and triggering failures across the network. Cloudflare clarified that the incident was not related to cyberattacks, generative AI tools, or DNS issues.
Initially suspected to be a hyper-scale DDoS attack, the issue was quickly identified, and the oversized feature file was replaced with an earlier version. Core traffic began returning to normal by mid-afternoon, with all systems restored by early evening.
The disruption affected multiple global services, including X, ChatGPT, and Downdetector. Companies relying on Cloudflare’s bot rules inadvertently blocked legitimate traffic, while those not using bot-based controls remained operational. The incident highlights concerns about the increasing dependence on a small number of major internet infrastructure providers, similar to previous outages at Microsoft Azure and Amazon Web Services.
Cloudflare’s CEO outlined immediate steps to prevent recurrence, including strengthening configuration file handling, implementing global kill switches, safeguarding system resources from error reports, and reviewing failure modes across core proxy modules. The company also acknowledged that as the internet becomes more centralized, large-scale outages of this kind may become more difficult to avoid.
The incident underscores the vulnerability of online businesses, particularly MSMEs that rely on stable web infrastructure, and highlights the need for contingency planning and diversified digital strategies.
