On November 18, 2025, the Internet experienced one of its most disruptive days in recent memory. Cloudflare—one of the world’s most critical Internet infrastructure providers—suffered a widespread outage that caused millions of websites, apps, APIs, and online services to return 5xx errors for hours.
Given Cloudflare’s massive global presence in CDN delivery, DDoS protection, application security, routing, and traffic optimization, the impact was immediate and far-reaching.
This article breaks down exactly what went wrong, why it happened, and what Cloudflare plans to do to ensure this never occurs again.
A Timeline of the Outage
12:05 CET — A harmless change triggers a chain reaction
Cloudflare CEO Matthew Prince revealed that everything started with a modification to permissions inside a ClickHouse database cluster, a core component used to feed data into multiple internal services.
The change was intended to improve transparency and data-permission control. Instead, it produced an unexpected and dangerous side effect:
The system began generating duplicate rows in the feature file used by Cloudflare’s Bot Management machine-learning model.
This file is regenerated every few minutes and propagated worldwide.
The sudden size increase exceeded the parsing limits of the module that reads it.
12:20 CET — Internal errors turn into a global failure
As the corrupted file spread across Cloudflare’s edge nodes, the core proxy began failing.
From that moment:
CDN and security layers began returning 5xx error pages.
Turnstile stopped loading.
Workers KV showed elevated 5xx rates.
The Cloudflare dashboard was accessible only to users already logged in.
Email Security and Cloudflare Access became nearly unusable.
Debugging tools increased system load, worsening latency.
A strange coincidence made things even more confusing:
Cloudflare’s external status page also went down, even though it’s hosted outside their own infrastructure.
13:05 CET — First mitigation efforts
Cloudflare implemented emergency internal bypasses for:
Workers KV
Cloudflare Access
This forced them to temporarily fall back to an older, stable proxy version.
14:24 CET — The root cause is confirmed
Engineers definitively identified the corrupted feature file and halted its distribution.
14:30 CET — The fix rolls out globally
A validated, older version of the file was pushed to the entire network.
Services gradually returned to normal.
18:06 CET — Full recovery
All systems were confirmed operational.
Why a Single File Broke Half the Internet
Cloudflare’s infrastructure is highly distributed. When a config file is:
automatically generated,
automatically propagated,
required for essential ML-based traffic filtering,
…any corruption becomes a systemic risk.
The outage showed how a small misconfiguration can scale instantly into a global failure when not guarded by strict validation, propagation controls, and kill-switch mechanisms.
Cloudflare’s Future Safeguards
Matthew Prince outlined key changes to prevent similar incidents:
1. Treat configuration files like user-generated input
Files must be validated as strictly as external content.
2. Introduce global kill switches
Instant shutdown of any suspicious configuration propagation.
3. Improve error-reporting mechanisms
Diagnostic tools must never overload critical systems during emergencies.
4. Rewrite parts of the core proxy
To ensure components degrade gracefully rather than fail catastrophically.
Prince summarized the event clearly:
“Today we had our worst outage since 2019. An outage like this is unacceptable.”
And closed with an apology to the entire Internet:
“We are deeply sorry for the disruption we caused today.”
What This Incident Teaches Us About Internet Fragility
The Cloudflare outage exposes a truth the industry often underestimates:
The modern Internet runs on a few massive chokepoints.
When one of them fails—even for minutes—huge parts of global services fail with it.
Whether you’re a developer, a business, or just a user, this outage is a reminder that redundancy, validation, and failsafes aren’t optional—they’re essential.
