It turned out that the sudden traffic restriction by Cloudflare was an engineer's discretion



Cloudflare has issued a statement regarding the

fact that a small data provider on the cryptocurrency market has been subject to strict traffic restrictions from Cloudflare without notice . According to the statement, no violations of the terms were confirmed by the service, and in the first place, Cloudflare did not have a clear response to users who take a lot of bandwidth.

How Cloudflare erroneously throttled a customer's web traffic
https://blog.cloudflare.com/how-cloudflare-erroneously-throttled-a-customers-web-traffic/



Cloudflare broke customer website with traffic throttle • The Register

https://www.theregister.com/2023/02/09/cloudflare_traffic_throttle_apology/

This incident was revealed by Mr. tardis_thad of the service 'Tardis.dev' posting on Hacker News.

A story about a small SaaS suddenly getting account restrictions from Cloudflare - GIGAZINE



According to Cloudflare, the problem was caused by bandwidth restrictions between Tardis.dev's original server and Cloudflare.

However, when Mr. tardis_thad contacted Cloudflare, he was told that the restriction was imposed because it violated the 'Restrictions on providing non-HTML content' in Article 2, Paragraph 8 of the Terms of Service, but in reality, Tardis.dev was not in violation of Article 2, Paragraph 8.

Also, Tardis.dev was a paying customer of Cloudflare and a paying customer of unrestricted Cloudflare Workers. When Mr. tardis_thad consulted about the plan at the time of inquiry, a Cloudflare representative replied, 'There is a possibility that we can approve the enterprise plan,' but in this statement, Mr. tardis_thad explained that there was no need to upgrade. It has been.

At the time the limit was put in place, traffic between Tardis.dev and Cloudflare typically averaged 1500 requests per second with a payload of 0.5MB per request, but averaged 3000 requests per second and 2 Doubled, and payload jumped 25x to 12MB per request. Congestion occurred and could not be completely resolved by automatic mitigation measures, and engineers manually restricted the occurrence of a large amount of traffic.

Cloudflare said of the engineer's response, 'Cloudflare does not have and will not have an established process for throttling bandwidth-hungry customers. It was nothing. I deeply regret it.'

To prevent similar accidents from occurring, Cloudflare has established clear rules for when similar problems occur. It stipulated that multiple levels of authorization and clear communication to customers are required when taking action on a customer's domain, whether they are a paying customer or a non-paying customer.

The damage caused by this incident is said to be limited.

in Web Service, Posted by logc_nt