Ddos 
Earlier, multiple Cloudflare services, including R2, experienced an outage, once again stemming from an internal system issue. As a result, numerous websites relying on R2 object storage were unable to load new content.
Under normal circumstances, R2 handles storage while leveraging the CDN for external access. Consequently, once static files are cached on the CDN, they remain accessible even if R2 is temporarily unavailable. However, during the outage, users were unable to upload new files, and the CDN could not retrieve fresh content from R2.
Cloudflare has since released an incident report detailing the root cause of the disruption, which was attributed to a classic case of human error. During routine operations, a Cloudflare employee inadvertently disabled the entire R2 gateway service.
As part of its daily operations, Cloudflare regularly processes user reports and phishing website complaints from various platforms. Upon receiving such reports, employees verify the claims and execute necessary bans.
This particular outage was triggered by an operational mistake while handling a phishing site hosted within R2. Ordinarily, only the specific endpoint or storage bucket associated with the malicious content should have been restricted. However, due to an error, the employee mistakenly disabled the entire R2 gateway.
Once the gateway was blocked, R2 became entirely inaccessible. Upon detecting the issue, Cloudflare’s engineering team promptly intervened, resolving the outage within 59 minutes. Beyond R2 itself, several ancillary R2-related services were also affected.
Cloudflare identified human error and the absence of validation checks for high-impact actions as key factors behind the incident. In response, the company has now removed the ability to disable systems through the abuse review interface and implemented restrictions within the management API to prevent unintended service disruptions caused by internal accounts.
Looking ahead, Cloudflare plans to introduce additional safeguards, including enhanced account configuration protocols, stricter access controls, and a dual-approval process for high-risk operations—reinforcing oversight through both technological and human measures.
Related Posts:
- Gabagool: A Sophisticated Phishing Kit Exploiting Cloudflare R2
- Double Trouble: DDoS and Internal Errors Cause Major Microsoft Azure Outage
- Cloudflare to push the new public DNS service, 1.1.1.1
About The Author
