Published: Thu, July 04, 2019
Markets | By Otis Pena

Rogue regex trips Cloudflare worldwide - Cloud - Software

Rogue regex trips Cloudflare worldwide - Cloud - Software

During the outage, the websites faced downtime, showing the "502 Bad Gateway" error.

Responding to a user's query on Twitter, Prince said: "Massive spike in global CPU usage caused systems to fail over".

Cloudflare, the backbone of numerous web's biggest sites, experienced a global outage that left many wondering what could have happened. The problem was confirmed by Cloudflare in its blog, citing that the issue stemmed from bad software.

Matthew Prince, Co-founder and CEO of Cloudflare, acknowledged in a tweet that he is aware of the outage and the team is working on getting to the bottom of the issue.

Julian Castro moves into top five in new poll
According to the poll , four out of 10 respondents indicated they thought he did worse during the debate than expected. Biden however, has run for President three times now, but has never come close to going the distance.


There's a possibility that you tried accessing everyone's go-to website to check service outage status, i.e Down Detector. When an outage occurs, website owners are left with a critical decision to make: remove Cloudflare services from their website to get it back up as quickly as possible, or wait for the issues to be resolved. To restore global traffic we temporarily disabled certain WAF capabilities, removed the underlying software bug, then verified and re-enabled all WAF services. The system works by effectively acting as a buffer between a website and the end user, making sure to block attacks that could bring a site down by overloading it.

CloudFlare added: "This was not an attack (as some have speculated) and we are incredibly sorry that this incident occurred". It is not an exaggeration to say that Cloudflare's issues tend to shake the entire internet, which is exactly what happened recently when the service saw technical issues for about an hour.

Cloudflare had deployed new rules within its Web Application Firewall (WAF) that could help in blocking the inline JavaScript used in attacks. A week ago the company suffered a similar glitch, which they put down to a route leak impacting some Cloudflare IP ranges, as The Register reported. It is even capable of protecting them from DDoS attacks. After some internal dog-fooding, the updates are pushed out to a small group of customers "who tend to be a little bit cheeky with us" and "do naughty things" before it is progressively rolled out to the wider world.

The result? "One of these rules caused the CPU spike to 100 per cent, on all of our machines".

Like this: