The spike, and subsequent fluctuations, show our system failing due to loading the incorrect feature file. Normally this should be very low, and it was right up until the start of the outage. The chart below shows the volume of 5xx error HTTP status codes served by the Cloudflare network. It is also the beginning, though not the end, of what we plan to do in order to make sure an outage like this will not happen again. We are sorry for the impact to our customers and to the Internet in general. The software had a limit on the size of the feature file that was below its doubled size.
Although Telkom acknowledged the initial service disruption and its subsequent resolution in posts on X, it didn’t provide any information about the cause in these posts. As a result, internet users in Pakistan may experience some service degradation during peak hours.” (Initial reporting that the cable cuts occurred near Jeddah were apparently incorrect, as the damage occurred in Yemeni waters.) On September 6, Pakistan Telecom (AS17557) posted a message on X that stated “We would like to inform that submarine cable cuts have occurred in Saudi waters near Jeddah, impacting partial bandwidth capacity on SMW4 and IMEWE systems. Cuts to these cables can significantly impact connectivity, ranging from increased latency on international connections to complete outages. In our second quarter post, we covered the cellular connectivity-focused exam-related Internet shutdowns that Syria chose to implement this year in an effort to limit their impact.
- Although Starlink generally acknowledges disruptions to their global network on their X account, and often providing a root cause, in this case they apparently published an acknowledgement on X, but deleted it after the issue was resolved.
- Modern websites employ sophisticated security systems to shield themselves from various online threats.
- In these cases, patience and clear communication with the website administrators can be key in resolving temporary blocks.It is crucial for internet users to understand the role of security services like Cloudflare in protecting online content.
- Security systems like Cloudflare generate unique identifiers for each blocked request.
- These networks used advanced electronic technologies and devices in their attempt to manipulate the exam process.
Power outages cause Internet disruptions
A slightly more unusual government directed shutdown took place in Venezuela on August 18 when Venezuelan provider SuperCable (AS22313) ceased service. The network was seized in cooperation with the Lattakia Education Directorate, following close monitoring and detection of suspicious Cloudflare attention attempts. These networks used advanced electronic technologies and devices in their attempt to manipulate the exam process.
To their credit, South African provider RSAWEB (AS37053) quickly acknowledged an issue with their FTTx and Enterprise connectivity on September 10, but neither their initial post nor subsequent updates provided any information on the cause of the problem. In addition, routing data shows that there was also a small drop in announced IPv4 address space coincident with the outage. And a post thread on X referenced, and disputed, a claim that the disruption was due to a DDoS attack. The Nayatel disruption was likely less significant than the one seen at Transworld because Transworld is upstream of only a portion of the prefixes originated by Nayatel — traffic from other Nayatel prefixes was carried by other providers that remained available. Further analysis also found the share of TCP connections terminated in the Post SYN stage doubled during the observed outage, from 39% to 78%, as shown below.
Nationwide Internet shutdown in Afghanistan extends localized disruptions
The notification indicates that the web server has identified your traffic as potentially harmful or out of the ordinary. Understanding these security measures can help you know what’s going on and how to navigate the issue seamlessly. Learn about Cloudflare’s security features and find solutions for when you’re blocked. While such systems aim to enhance user safety, they may also lead to unintended consequences or confusion for those who interact with websites protected by these measures. You can send an email explaining the situation, including details about what action triggered the page and the Cloudflare Ray ID found at the bottom of the ‘Attention Required’ page.
- Customers that had rules deployed to block bots would have seen large numbers of false positives.
- This showed up to Internet users trying to access our customers’ sites as an error page indicating a failure within Cloudflare’s network.
- You can alternatively turn on our managed robots.txt feature if you would like to express your preference to disallow training.
- It accomplishes this through a set of domain-specific modules that apply the configuration and policy rules to traffic transiting our proxy.
- Interestingly, we did not see a corresponding full loss of announced IP address space when traffic disappeared.
Government-directed shutdowns
Understanding how security systems like Cloudflare operate can provide insight into why these alerts occur. Website administrators can review security logs to determine whether your activity was incorrectly flagged or if additional steps are needed to grant access. This information helps administrators investigate what triggered the security system and potentially whitelist your access if appropriate. Security protection systems constantly monitor website traffic for unusual behaviors that might indicate malicious intent.
Understanding website security mechanisms
Teams worked on ways to repair the service in multiple workstreams, with the fastest workstream a restore of a previous version of the file. Mitigations such as traffic manipulation and account limiting were attempted to bring the Workers KV service back to normal operating levels. The team investigated elevated traffic levels and errors to Workers KV service.
Afghanistan
All failed authentication attempts resulted in an error page, meaning none of these users ever reached the target application while authentication was failing. While the dashboard was mostly operational, most users were unable to log in due to Turnstile being unavailable on the login page. We solved the problem by stopping the generation and propagation of the bad feature file and manually inserting a known good file into the feature file distribution queue. Eventually, every ClickHouse node was generating the bad configuration file and the fluctuation stabilized in the failing state. Bad data was only generated if the query ran on a part of the cluster which had been updated.
At the end of the exam period, the Syrian Ministry of Education posted a Telegram message that was presumably intended to justify the shutdowns, and the focus on cellular connectivity. Partial outages were observed at Sudatel (AS15706), and near-complete outages at SDN Mobitel (AS36998) and MTN Sudan (AS36972). Damage from an earthquake and a fire caused service disruptions, as did a targeted cyberattack. Cable cuts, both submarine and terrestrial, caused Internet outages, including one caused by a stray bullet. In the third quarter, we observed Internet disruptions with a wide variety of known causes, as well as several with no definitive or published cause. We observed successful recovery using the old version of the configuration file and then focused on accelerating the fix globally.
How Cloudflare processes requests, and how this went wrong today
We identified that the Bot Management module was the source of the 500 errors and that this was caused by a bad configuration file. Stopped creation and propagation of new Bot Management configuration files. We were confident that the Bot Management configuration file was the trigger for the incident.
After an apparent complete shutdown, on September 23, a small amount of traffic was again visible. After experiencing an apparent issue at the start of the month, Internet traffic in Oruzgan, again fell on September 19. Except for a return to near-normal levels on September 21 & 22, the disruption remained in place through the end of the month.
Services like Cloudflare act as protective barriers between users and web servers, analyzing traffic patterns and blocking suspicious activities. Modern websites employ sophisticated security systems to shield themselves from various online threats. These security alerts protect websites from potential threats but often leave users wondering what happened and how to proceed. Opt for reputable services that are less likely to trigger Cloudflare’s filters. Avoid actions that may seem robotic, like rapidly clicking links or refreshing pages multiple times in a short period.
Cloudflare bot solutions identify and mitigate automated traffic to protectyour domain from bad bots. Maintaining updated browsers and security software helps ensure your connection appears legitimate to security systems. These systems analyze numerous factors including browsing patterns, request headers, and network characteristics.
How to add content signals to your website
Users can be blocked due to various reasons, including submitting specific content, executing SQL commands, or inputting malformed data. Content signals allow anyone to express how they want their content to be used after it has been accessed. In practice, that means a request to robots.txt on that domain would return the comments that define what content signals are. Starting today, we also will serve the commented, human-readable Content Signals Policy for any free customer zone that does not have an existing robots.txt file. The Content Signals Policy integrates into website operators’ robots.txt files.
HTTP request traffic is traffic coming from web browsers, applications, and automated tools, and is a clear signal of the availability of Internet connectivity. Cloudflare traffic data for AS38472 (Afghan Wireless) and AS (Etisalat) shows that traffic from these mobile providers remained available during that period. And while these blog posts feature graphs from Radar and the Radar Data Explorer, the underlying data is available from our rich API. The recent launch of regional traffic insights on Radar brings yet another perspective to our ability to investigate observed Internet traffic anomalies. Although Starlink generally acknowledges disruptions to their global network on their X account, and often providing a root cause, in this case they apparently published an acknowledgement on X, but deleted it after the issue was resolved.
Recent Comments