On November 18, 2025, a massive outage at Cloudflare disrupted services across the globe, affecting nearly 19% of internet traffic and leaving millions of users frustrated. The incident stemmed from a glitch in Cloudflare’s Bot Management system, where a critical “feature file” unexpectedly doubled in size, crashing the software that powers much of the web’s infrastructure. Popular platforms like ChatGPT, X (formerly Twitter), and Canva were hit hard, with users reporting persistent glitches even after the initial fix.
The Bot File Bug That Broke the Internet
The outage began around 11:20 UTC, when Cloudflare’s network started failing to deliver core traffic, displaying error pages to users attempting to access affected sites. Engineers initially suspected a massive DDoS attack, but investigations revealed an internal issue: a routine configuration change in a database permission triggered the Bot Management system to generate duplicate entries in the feature file. This file, which helps identify and block malicious bot behavior, ballooned beyond its expected size limit, causing the entire module to crash and propagate errors across Cloudflare’s global network.
Cloudflare’s Bot Management is designed to protect websites from automated threats like AI scrapers by analyzing traffic patterns and applying rules to limit unwanted queries. However, the oversized file overwhelmed the system, leading to HTTP 500 internal server errors for any traffic relying on this module. Services using Cloudflare’s content delivery network (CDN) and security features were immediately impacted, turning a simple permission tweak into a cascading failure that knocked out one-third of the world’s top 10,000 websites.
Widespread Impact on Major Platforms
ChatGPT users were among the first to notice issues, with many encountering the cryptic message: “Please unblock challenges.cloudflare.com to proceed.” This error arises from Cloudflare’s security challenge system, which verifies human users against bots, but during the outage, the mechanism itself malfunctioned, blocking legitimate access to OpenAI’s AI tool. Even after the core fix, some ChatGPT sessions continued glitching due to lingering authentication failures and API disruptions.
X, the social media giant formerly known as Twitter, faced severe downtime, particularly in India where over 988 users reported problems by late afternoon local time. Posts failed to load, feeds wouldn’t refresh, and the platform urged users to retry, exacerbating the chaos as people turned to outage trackers like Downdetector—which ironically went down itself. Globally, reports surged to over 11,000, highlighting how reliant social platforms are on Cloudflare’s stability for handling high-traffic loads.
Canva, the popular graphic design tool, also suffered, with users unable to load the site or access design features. Canva’s status page explicitly blamed Cloudflare’s CDN issues, noting intermittent service degradation that prevented content from displaying properly. The outage amplified concerns about centralized infrastructure, as even crypto services like Coinbase and BitMex were affected, underscoring the vulnerability of interconnected web services.
Common Errors and User Frustrations
“Why is Cloudflare not working?” became a top search query as users grappled with “internal server error” messages across sites. The HTTP 500 error specifically indicates a backend server issue, in this case, Cloudflare’s origin servers failing to process requests due to the bot file overload. For those hitting “challenges.cloudflare.com” blocks on ChatGPT or other tools, the message often pointed to local issues like ad blockers or VPNs, but during the outage, it was purely a Cloudflare-side failure.
Searches for “how to unblock Cloudflare” and “Cloudflare server status” spiked, with many mistakenly thinking it was a personal device problem. Platforms like Valorant reported server status checks overwhelming their systems, while “X down in India” and “Twitter not working” trended as regional impacts lingered. Canva users asked “is Canva down?” only to find confirmation that the glitch was tied to Cloudflare’s broader network strain, delaying creative workflows for professionals worldwide.
Cloudflare’s Role and What It Does
Cloudflare acts as a reverse proxy, sitting between users and websites to provide CDN services, DDoS protection, and bot mitigation, handling about 19% of global internet traffic. It uses tools like challenges.cloudflare.com to issue security checks, ensuring only genuine traffic reaches the destination. Without Cloudflare, many sites would be slower and more vulnerable, but its centralized nature means one bug can ripple out dramatically, as seen when even Spotify and PayPal flickered offline.
The “what happened to Cloudflare today” queries flooded forums, with users puzzled by the sudden “cloudflare down” alerts. Cloudflare’s dashboard itself was partially inaccessible due to reliance on its own Workers KV storage and Turnstile authentication, creating a feedback loop of errors. This event exposed how deeply integrated Cloudflare is into daily digital tools, from AI chats to social feeds.
Recovery and Ongoing Glitches
Cloudflare rolled back the faulty feature file by 13:05 UTC, stopping error propagation and restoring core traffic by 14:30 UTC, with full normalization by 17:06 UTC. Teams applied patches to bypass affected modules, like for Workers KV, reducing impacts on authentication and APIs. However, as traffic rushed back, some services like ChatGPT and X experienced temporary latency spikes and intermittent glitches, with users still reporting “ChatGPT server down” or “please unblock challenges.cloudflare.com” errors into the evening.
In India, where X and other platforms saw heightened reports, recovery was swift but not seamless, with Downdetector logging sustained complaints about “X not working.” Canva advised patience as its CDN reloaded, but designers noted lingering upload delays. Cloudflare’s stock dipped slightly amid the news, though it rebounded quickly as the company emphasized no malicious intent was involved.
Lessons from the Outage
This incident highlights the fragility of modern internet infrastructure, where a latent bug in bot management can halt 19% of web activity. Cloudflare has apologized and begun hardening systems against similar failures, including better file size limits and configuration safeguards. For users, it serves as a reminder to check official status pages during disruptions and avoid knee-jerk fixes like disabling security tools unnecessarily.
“Why ChatGPT is not working today” or “is Twitter down in India” may recur with any CDN hiccup, but awareness of Cloudflare’s role empowers better troubleshooting. As the internet grows more reliant on such providers, events like this push for diversified architectures to minimize single points of failure. The outage, while resolved, left a stark warning about the hidden dependencies powering our online world.
