1. Home
  2. Companies
  3. Cloudflare
Cloudflare

Cloudflare status: hosting issues and outage reports

No problems detected

If you are having issues, please submit a report below.

Full Outage Map

Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

  • 32% Cloud Services (32%)
  • 32% Domains (32%)
  • 14% Web Tools (14%)
  • 14% Hosting (14%)
  • 7% E-mail (7%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

CityProblem TypeReport Time
Paris Cloud Services 1 day ago
New York City Hosting 4 days ago
Manchester Domains 24 days ago
Angers Cloud Services 1 month ago
London Domains 1 month ago
Noida Hosting 2 months ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

  • paulljump
    Paul Jump (@paulljump) reported

    @AjaySohmshetty @Cloudflare @andrewk17 My worst nightmare

  • ivanhapaz
    Ivanha Paz (@ivanhapaz) reported

    @Cloudflare talk to all the tools I signed up with a different email over the years and no longer use and help me cancel ahhahah

  • Kobecoin_X0214
    Kobecoin Official (@Kobecoin_X0214) reported

    Development update: The KOBX Service Runner is now operational, providing centralized control and live monitoring for the backend, frontend, and Cloudflare services. With health checks, uptime tracking, restart controls, and auto-recovery support, our infrastructure is being prepared for a more stable launch. KOBX Hero Wars launches in 2 days. CA: 48iJcUv9jsiZ7cCisyVFLPFLMoNBKg3L43bRvktXpump

  • 4xy
    轩源 (@4xy) reported

    @Cloudflare our production D1 database has been down for over an hour due to this incident. Dashboard returns 500 and Workers return D1_ERROR: internal error. Any ETA? Thanks.

  • unclebigbay143
    U N C L E BIGBAY ✨ (@unclebigbay143) reported

    Today's Engineering Concept: '𝗥𝗮𝘁𝗲 𝗟𝗶𝗺𝗶𝘁𝗶𝗻𝗴' 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗥𝗮𝘁𝗲 𝗟𝗶𝗺𝗶𝘁𝗶𝗻𝗴? Rate limiting is the practice of restricting how many requests a user or system can make within a specific period. 𝗪𝗵𝘆 𝗱𝗼𝗲𝘀 𝗶𝘁 𝗺𝗮𝘁𝘁𝗲𝗿? Without rate limiting, a single user or malicious bot could overwhelm your server, degrade performance, or abuse your APIs. 𝗥𝗲𝗮𝗹-𝘄𝗼𝗿𝗹𝗱 𝗲𝘅𝗮𝗺𝗽𝗹𝗲 Imagine a login endpoint with no rate limit. An attacker could attempt thousands of password combinations every minute. A simple rate limit can significantly reduce the effectiveness of brute-force attacks. 𝗛𝗼𝘄 𝗶𝘀 𝗶𝘁 𝗶𝗺𝗽𝗹𝗲𝗺𝗲𝗻𝘁𝗲𝗱? Most systems track requests by IP address, user account, or API key. Once a predefined limit is reached, the server temporarily rejects additional requests, often with an HTTP 429 (Too Many Requests) response. 𝗪𝗵𝗲𝗿𝗲 𝗶𝘀 𝗶𝘁 𝘂𝘀𝗲𝗱? • 𝗚𝗶𝘁𝗛𝘂𝗯: GitHub's REST API limits how many requests you can make per hour to prevent abuse and ensure fair usage for everyone. • 𝗦𝘁𝗿𝗶𝗽𝗲: Every payment request can include an Idempotency-Key, ensuring a customer isn't charged twice if the same payment request is retried. • 𝗢𝗽𝗲𝗻𝗔𝗜: The API enforces rate limits on requests and tokens per minute, helping maintain reliability and preventing a single application from overwhelming the service. • 𝗫 (𝗳𝗼𝗿𝗺𝗲𝗿𝗹𝘆 𝗧𝘄𝗶𝘁𝘁𝗲𝗿): X limits actions such as following many accounts, liking posts, posting, or sending DMs within a short period to reduce spam and bot activity. • 𝗖𝗹𝗼𝘂𝗱𝗳𝗹𝗮𝗿𝗲: Cloudflare lets website owners configure rules like "block or challenge any IP that makes more than 100 requests in a minute" to protect against abuse and DDoS attacks. ...and almost every public API uses rate limiting to protect its infrastructure, ensure fair usage, and maintain service availability. 𝗧𝗵𝗲 𝘁𝗮𝗸𝗲𝗮𝘄𝗮𝘆 A reliable system doesn't just answer requests. It also knows when to say "not now. It's too many from YOU."

  • bold_fugu
    Bold Fugu 🇮🇱 (@bold_fugu) reported

    @PanBall343548 There is a similar option with NetBird, but the setup would be a bit finicky. Basically, it is the same as Tailscale with your own control plane on Headscale. However, you will need to expose Headscale to the internet, and you might run into problems exposing it via Cloudflare.

  • 0xBunny
    0xBunny (she/her 🏳️‍⚧️ ⚧️ ✝️) (@0xBunny) reported

    im migrating from my machine to cloudflare edge network. yes...im running a ******* mmorpg on cloudflares edge network for basically free

  • btcliveco
    BTC Live (@btcliveco) reported

    JUST IN: 🤖 Cloudflare adopts the x402 protocol, enabling websites to charge AI agents directly for data access via crypto payments. Bitcoin and Lightning Network are positioned as primary rails. Machine-to-machine payments just found their native money.

  • ownershipfm
    Ownership (@ownershipfm) reported

    "There was a campaign claiming I was some other individual arrested in Amsterdam, that this was a rug I was attempting, and the Polymarket odds started to collapse" Ranga, Co-founder of Solomon Labs, on the FUD campaign, the Cloudflare outage, and the wild final hours of the raise "Those three days leading up to the raise and conducting it were probably the most interesting days of my life. I didn't sleep for most of those days. Some of the previous projects had high amounts of commits, so I was expecting we'd get well over our target, but I didn't know to what degree. There was also this secondary market active during our raise, the Polymarket, betting on whether we'd raise anywhere from 10 million to 100 million" "The night before the raise closed, I got a DM from one of the Polymarket bettors saying they'd infiltrated the cabal orchestrating the FUD campaign, and that they'd be DDoS attacking and shutting down the site before the close. I brushed it off with a grain of salt, but messaged Kollan that someone's going to attempt this. Our target was 2 million and we had about 5 or 6 million in commits at that point" "The morning of, the largest Cloudflare outage occurred and the site went down. There were jokes about how the cabal took down the internet to take out the Solomon raise and win some Polymarket bets. It created a little FOMO, and then they started attacking the backup sites, which actually attracted more attention. Within a few hours prior to close, we jumped from about 15 million committed all the way to 100 million"

  • eliedelkind
    Eli Edelkind (@eliedelkind) reported

    @LiminalPanda @ZackKorman So, for many companies if you have to use a VPN they probably aren’t a legitimate user. But I can see some scenarios that you’re right for sure. But the other protections in Cloudflare aren’t fool proof either which is why defense in depth and attack surface minimization is always good. Also, geoblocking isn’t just WAFs. There’s many “no regret” blocks across different network capabilities.

  • GeoChrisN
    Geo Chris (@GeoChrisN) reported

    @php4fan @Cloudflare I just close all the proxies and the side come back correct with not any issue ....

  • enginoid
    Fred Jonsson (@enginoid) reported

    I went with serverless SaaS for small-scale company infra and building out products, and I basically regret it. The infra I have is fairly light. They are mostly key primitives I use in my contracting work and research, such as: - agents API/UI with jobs+observability-caching - container APIs for managing tier-3 GPUs - easy hosting and perf tuning of arbitrary OSS LLMs On top of that I've got a product in progress around evaluation, annotation and optimization of AI tasks, and relies heavily on those APIs. This product is for fairly sophisticated AI product companies and won't experience large-scale usage. Overall, it's quite a simple setup of maybe 10 Cloudflare Workers and Firebase for collaborative editing. My reasoning for going serverless was to minimize the gap from experimentation to shipping: pay very little monthly and just pay when it scales out. The other one was to treat the first product as an investment in building lots of other products without setup costs – get IaC, auth, authz, etc. working once and reuse it in other products. Yet another consideration was to use the wonderful high-level serverless primitives like Cloudflare Workers, Workflows and Firebase. You get a lot of good stuff that is genuinely hard to distribute, and it just works, so you can focus on product. But I think serverless was the wrong choice for me in this trade-off, for two reasons: 1. Cost predictability. Every few weeks I get a random runaway $50 bill from one service or another, maybe because the agents went a bit wild with E2E testing. I'm sure "random load spikes" have cost me as much as $300 at this point over a couple of months. This is not a lot of money in the grand scheme, but for an application with zero users, it's a lot of variable cost. This week I saw a notice from Cloudflare showing the way they'll charge for Workflows makes them uneconomical. And each time it's a bit disruptive to figure out what is causing the traffic -- all while I have zero users except myself. I still haven't got a horror story, thankfully, but I am worried that I'm due any day. 2. Phoenix environments. The other issue is that the best iteration speed I've found is when agents can 100% run the infra and replicate the full user experience, fast, locally and in memory. This is incredibly easy with postgres and a monolith, but it's messy to get reliable when you use services like Firebase and Durable Objects that aren't fully emulatable and are a bit messy architecturally to swap out. My preview deployments are really sprawled on CloudFlare because business logic is split between workers and DOs don't work well with preview deployments, so need to deploy a new set of services. So in that sense, using something high-level is far from simplifying compared to running of a k8s namespace or a single binary. I'm probably a little too used to startups and seeing what kind of issues you run into that I wanted to pre-empt with "proper infra." The indie hacker advice is to get a $5 VPS and set it up on postgres, validate and then think about proper deployment. Having shipped mostly software at scale and knowing what's needed, I still struggle with doing things that don't scale, but this advice seems right for day 0 and I should have heeded it. All this is to say – PaaS vs. IaaS are two very different directions worth taking seriously at the outset of a new project. The narrative is that PaaS will simplify things, but this hasn't been my experience so far. If anything, it has created a lot of novel constraints that complicate the architecture. And I think by outsourcing what I'd need to understand if I rolled it myself, I sold away too much freedom. So in retrospect, I should have gone with the other option I was considering: fixed resources via something like k8s + PlanetScale. If I were making the decision again, I would have upweight the cost predictability a bit more – at some level it was a consideration, but I thought I could tame it with lots of limits and budget notifications. But anytime you add a lot of mechanism (quotas and alerts) to replace an invariants (I can't pay for more computers than I have), it's probably worth paying closer attention. When I think about how difficult things like workflows, queues and even realtime are to implement on postgres and have an entire WAL to drive the whole application: I'm probably missing something, but the answer seems to be... not very hard. Maybe at millions of users, but not at hundreds or even thousands. So I'm going to try swinging the pendulum back in the direction of more control. I'm optimistic that if I don't operate the database layer itself, this will turn out to be a better foundation. And if I'm so lucky, I can one day write the post about moving off postgres. Let's see what happens after the honeymoon period!

  • smokedbaconai
    Brett Clark (@smokedbaconai) reported

    I let a runaway agent loose on infrastructure I didn't fully control, then tried to kill it from the outside. That was the whole spike: a self-improving system is only safe if you can pull the plug when it's running on a box you don't own. A bash-loop agent, zero knowledge it was being watched, dropped into a Cloudflare Sandbox behind a Worker. A separate stub polled its telemetry every 750ms against a hard budget: two steps. The agent blew past. The stub caught the breach at 7.5s and fired a forced kill across the HTTPS boundary in 197ms. It stopped at exactly two steps and never took a third across a 29-second watch. The honest caveat matters more than the win: this is enforcement with bounded overshoot, not synchronous gating. There's a window between breach and kill. Which is why a real budget needs both — a wrapper inside the agent that refuses to overspend, and an external brake for when it ignores the wrapper or you don't own the box. One layer trusts the agent. The other assumes it fails. You need both.

  • itsclarkholden
    Clark (@itsclarkholden) reported

    PRO TIP: Use cloudflare email routing and sending to make a custom email client for your Saas. No need to pay for support tools like Front.

  • juvation
    Mr Angry from Haight everything (@juvation) reported

    @SFFireCU logging in with the Cloudflare thing is broken "An error has occurred. Reference code: 600010"

  • vkdatta27
    𝚟𝚔𝚍 (@vkdatta27) reported

    Cloudflare DO and D1 experiencing issues

  • katewerk
    Katewerk (@katewerk) reported

    Stay clear of @Cloudflare. Even their AI support bot cannot delete my credit card info from their database. It then provides a non-existent path to billing support that loops back to the start page. This is a purported tech company. JFC.

  • poptyedev
    Crypto Safe (@poptyedev) reported

    @the_smart_ape Everything is correct except for the part about Cloudflare as far as I know, the Cloudflare account was completely blocked and he no longer had access. Second point: Amun would never have used GoDaddy as a registrar, that other domain was registered by someone else. Other than that, I agree with your version of events.

  • HotAisle
    Hot Aisle (@HotAisle) reported

    @CherryJimbo @Cloudflare @CloudflareDev wish they'd move off salesforce for their support system...

  • tsaibee15
    TSAIBEE (@tsaibee15) reported

    Thank you for using CHUNILIB. Cloudflare is currently experiencing service issues, which may cause some features of the website to be temporarily unavailable. We apologize for the inconvenience. #chunilib

  • WVROfficial
    W V R 👊🏼🦾 (@WVROfficial) reported

    I had to make some changes today and it costed me a MONTH of Codex Usage! I think it’s worth it for me to talk about it - make sure this doesn’t become you!!! So, I’m a startup founder, just like all of you guys!! We do websites as one of our many services - like a lot of the people here on TPOT where tech lives. Why wouldn’t we? It’s easy, we can outclass competition on speed, much more. Anyway - that’s not the point. The point is that i serve my sites with a wrapper that gets served over my host. That host uses ESBuild. To ship stuff that won’t compile on ES Build, and on occasion just for like more complex websites like 3D sites or heavy SEO sites with a lot of files and assets - i use a CDN. Works great, totally fine. But I realized today I had a client site’s files stored on an R2 bucket that was on the client’s domain. In this case the big issue with that is my own IP! We make the content for them, do their SEO, their communications, and more - and i very stupid it was serving everything from a CDN that was on domains I don’t own and control via my Cloudflare. In human terms that means my client could say “**** you” tomorrow and walk away with the extremely robust SEO machine I built them. So I had to spend almost a half a month worth of codex credits today to fix it ASAP. All I can say is that I won’t make that mistake again - even though it never hurt my business - it could have! And that matters.

  • talonx
    Hrishikesh Barua (@talonx) reported

    Outages today in both Google Cloud's and AWS's European datacenters (unrelated) caused many downstream services to blink out. We have been seeing this pattern of cascading service failures forever, but it only came under the spotlight after 2025's Cloudflare and AWS outages. The AWS outage in eu-central-1 was limited to a single AZ euc1-az2 in Germany, but it took out services like HENNGE One (a Japanese cloud security service), Confluent (managed Kafka), FusionAuth, among others. In addition, AWS Cloudfront suffered a global outage, leading to outages in downstream services like Frontegg, TigerData, Instructure (Canvas), Huggingface, Coda, Ubiquiti, Doxy, Blackboard. EdTech saw two outages with both Canvas and Blackboard being affected. And since FrontEgg is an identity and user management platform, its own downstream services led to more disruption. AWS's initial report says "the system responsible for distributing routing configuration to our network processors failed to load the updated configuration data correctly" - for the Cloudfront outage, which affected customers using VPC origins. The Google Cloud outage in europe-west4-a (Netherlands) was due to a cooling failure and affected VMWare Engine, NetApp volumes, and their bare metal servers. Both outages are resolved, but the same question remains - how do we prepare for cascading failures when the majority of your application's dependencies are ultimately dependent on a few providers?

  • AniC_dev
    Anicet (@AniC_dev) reported

    lmao I just changed the logic for the snapshot restore on sandbox resume/fork, now most of our slow cases are 30x faster! so the bottleneck became the network ...and I've just benchmarked that if we ditch cloudflare and use Hetzner Object Storage it's 2x faster & 2.2x cheaper

  • srism
    CSMurthy (@srism) reported

    @kav_kavi11 Checking the timeout configurations on your reverse proxy (e.g., Nginx, Cloudflare) or load balancer (e.g., AWS ALB) helps you instantly verify whether the traffic spike is triggering slow responses that break the gateway's current timeout threshold. So B is the correct answer

  • GodelTrabuco69
    Godeltrabuco69 🧲 (@GodelTrabuco69) reported

    So I built a service on it: 11 pay-per-call endpoints for web + business intelligence. • page → clean markdown • tech-stack fingerprinting • EU company enrichment (VAT, registry, contacts) • an AI company assessment On Cloudflare Workers. Cost per call ≈ nothing.

  • T3chFalcon
    IT Guy (@T3chFalcon) reported

    APT41, a Chinese state-sponsored hacking group, built malware that uses your Google Calendar as its command center. it's called TOUGHPROGRESS. also known as Calendarwalk. here's how it works. The infection A spear-phishing email arrives. it contains a link to a ZIP file hosted on a compromised government website. the ZIP looks like an export declaration document. inside: seven images of arthropods. five are real images. two are malware. 6.jpg is an encrypted payload. 7.jpg is a DLL that decrypts and launches it. you click the shortcut file pretending to be a PDF. A decoy document opens. you see nothing unusual. behind the scenes: three stages of malware are now running. stage one drops stage two into memory. stage two uses process hollowing, injects malicious code into svchost.exe, a legitimate Windows process, so it looks completely normal. stage three is TOUGHPROGRESS. it's now running inside a trusted Windows process. the C2 now here's the part that makes this different from every other malware campaign. TOUGHPROGRESS doesn't communicate with a suspicious domain or ping an unknown server. It won't generate any unusual traffic. It checks Google Calendar. the attacker creates a Google Calendar event. embeds commands in the event description. TOUGHPROGRESS reads the calendar, executes the commands, and reports back. from your network's perspective: just another device syncing with Google Calendar. nothing unusual. Google Calendar is on every corporate allowlist on earth. A companion malware called Tabbywalk does the same thing with Google Drive. This is called LOTS: Living Off Trusted Sites. instead of building malicious infrastructure that defenders can block, APT41 uses services you already trust and can't block without breaking your entire organization. Google Calendar. Google Drive. Google Sheets. Cloudflare Workers. All used as C2 channels in recent APT41 campaigns. you cannot block Google Calendar without breaking every calendar invite in your company. that's the point. Google's Threat Intelligence Group discovered the campaign in October 2024. they built custom fingerprints to identify the attacker-controlled calendars. terminated the workspace projects and shut down the infrastructure. APT41 has been doing this since at least 2023. Google Drive in 2023. Google Sheets in 2024. Calendar in 2024. each time Google shuts it down. each time they find a new cloud service. the infrastructure is endless. it's your productivity suite.

  • maria6186551590
    Ethan Walker (@maria6186551590) reported

    Follow me and I’ll help you cut through market noise and focus on the stocks with real growth potential. $SNOW — Snowflake — Don’t buy $NET — Cloudflare — Don’t buy $ZS — Zscaler — Don’t buy $NOW — ServiceNow — Buy at $92-$99 $DDOG — Datadog — Buy at $242-$249 $VEEV — Veeva Systems — Buy at $183-$188 $SAP — SAP — Buy at $144-$154 $CRM — Salesforce — Buy at $156-$164

  • twinturbomonkey
    TTM ⠞⠺⠊⠝ ⠞⠥⠗⠃⠕ (@twinturbomonkey) reported

    @egybest_1 No service that matters to me is tied to SMS any more. All the 2FA are tied to app-based auth on phone and computer. Verifications are email-based when available. Cloudflare and mail hosting are paid out of bank accounts with plenty of funds on yearly basis. 🧵

  • illyamoss
    Illya Moss (@illyamoss) reported

    Publishers and journalists. STOP LOSING MONEY. Your paywall doesn't know the difference between a first-time visitor and your most loyal subscriber. Enterprise platforms fixed this years ago - for five figures a year and a cut of your revenue. I said **** that. Spent the last few days building the same tech for under $20/month, open source: → Cloudflare Workers score every reader in <2ms at the edge → Pure TypeScript logistic regression - 4 signals (frequency, recency, engagement, velocity), zero Python, zero ML infra → Upload GA4 + Stripe exports, click train, model updates in seconds → Runs on Next.js 15 + Supabase Postgres MIT licensed. No lock-in. No revenue share. No sales call. Startup Slaying Session 03. If you're a publisher watching a dumb metered gate leak subscription revenue - comment PAYWALL and I'll DM you the repo + setup guide.

  • YourPope2026
    Your Pope (@YourPope2026) reported

    @DanNeidle Ask Cloudflare if they can help?