Press "Enter" to skip to content

This Was Second Time Cloudflare Went Down

Last week, Verizon caused a serious BGP misroute that took massive chunks of the Internet, together with CDN firm Cloudflare, down for a day. In this week, the rest of the Internet has informed Verizon to hold its beer.

Cloudflare went down again for half an hour, and this time, it was the corporate’s fault—we’re still waiting on a full post-mortem, however, the short version is that a firewall regular expression rule concentrating on malicious Javascript spiked the firewalls’ CPU usage, crippling throughput and causing widespread HTTP 502 errors. Microsoft’s Office365 additionally appears to have experienced a multi-hour partial outage yesterday, with the service working over some ISPs and routes but not others for about four hours.

Facebook and its properties WhatsApp and Instagram have suffered widespread outages relating to picture show for most of at present. The issue seems to be bad timestamp data being fed to the company’s CDN in some image tags; once I appeared into the broken images littering my very own Facebook timeline, I found different timestamp arguments embedded in the identical URLs. Loading a picture from with bad “oh=” and “oe=” arguments—or no arguments at all—leads to an HTTP 403 “Bad URL timestamp.”

If you dig into the code, Facebook refers to the same picture URL with different arguments in its anchor tags and its picture tags; within the posts with broken photos, the URLs within the anchor tags work, however the ones within the image tags do not. (On the plus side, now everyone is all of a sudden noticing the AI-driven hidden alt tags the corporate has been embedding in its pictures since 2017.)

Twitter has suffered some as-yet-unexplained hiccups in its direct messaging service today as well. The outages look like mostly within the Eastern United States and Europe, with few or no reports shown in different areas on a number of third-party outage-tracking sites.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *