Cloudflare Outage Confirmed Not to Result from Cyber Attack
Cloudflare confirmed that a major outage on November 18 was misidentified as a cyber attack. In a detailed blog post, CEO Matthew Prince clarified the situation, stating the problem stemmed from a permissions change in their database systems.
Details of the Outage
Prince explained that the outage was not due to any malicious activity. Instead, a file essential for their Bot Management system encountered issues due to internal changes.
Mechanism Behind the Outage
- The Bot Management system utilizes a machine learning model.
- This model scores bots based on their request behavior.
- Clients depend on these scores to manage bot access to their websites.
One of the key functions of bot scores is preventing unauthorized AI companies from using website content to develop their large language models (LLMs). In July, Cloudflare introduced a program called “pay per crawl,” offering website owners compensation for granting AI bots access to their pages.
Technical Explanation
According to Prince, a configuration file crucial to making predictions about automated bot requests was altered. The error stemmed from a change that increased this file’s size, which disrupted the traffic processing system.
Impact of the Outage
This incident has been noted as Cloudflare’s most significant outage in several years. It was the first time since 2019 that a majority of core traffic was halted across their network. Prince extended an apology to customers for the inconvenience caused by this disruption.
