Creating exceptions for trusted websites balances privacy concerns with functional access needs, reducing unnecessary friction during regular Cloudflare attention online activities. Regularly update your operating system, browser, and security tools to ensure compatibility with current web standards and security protocols. This contextual information helps technical teams quickly identify the cause of your access restriction and implement appropriate exceptions or adjustments.

Attention Required: Understanding Cloudflare Blocks

In mid-September, the Taliban ordered the shutdown of fiber optic Internet connectivity in multiple provinces across Afghanistan, as part of a drive to “prevent immorality”. Networks impacted by these shutdowns included Earthlink (AS199739), Asiacell (AS51684), Zainas (AS59588), Halasat (AS58322), and HulumTele (AS203214). Similar to last quarter, KNET (AS206206), Newroz Telecom (AS21277), IQ Online (AS48492), and KorekTel (AS59625) were impacted by the ordered shutdowns.

Attention Required: Understanding Cloudflare Security Blocks

When we’ve had outages in the past it’s always led to us building new, more resilient systems. We’ve architected our systems to be highly resilient to failure to ensure traffic will always continue to flow. Turnstile was impacted by this outage, resulting in customers who did not have an active dashboard session being unable to log in.

Regional shutdowns by the Taliban to prevent “immoral activities”

Fiber optic cables are frequently damaged by errant ship anchors (submarine) or construction equipment (terrestrial), but on September 26, a stray bullet damaged a cable in the Dallas, Texas area, disrupting Internet connectivity for Spectrum (AS11427) customers. The impacts may only affect a single country, or they may disrupt multiple countries connected to a damaged cable. Telegeography’s Submarine Cable Map shows that the Red Sea has a high density of submarine cables that carry data between Europe, Africa, and Asia. However, the timing of the disruption coincided with protests over the rise in diesel fuel prices, and local non-governmental organizations disputed Unitel Angola’s explanation, claiming that it was actually due to a government-directed Internet shutdown. According to a subsequent post, one was damaged by work being done by CORAAVEGA (La Vega Water And Sewerage Corporation) and the other by work being done by the Dominican Electric Transmission Company.

• The disruption affected multiple ASNs owned by Claro, including AS10620, AS14080, and AS26611.
• It is essential for users to understand that such actions are not just restricted by the website they are accessing but also by Cloudflare, which acts as a security shield around it.What Can I Do To Resolve This?
• Recognizing these potential triggers helps you modify your online behavior to reduce the likelihood of encountering security blocks during important tasks.
• Stopped creation and propagation of new Bot Management configuration files.

The Cloudflare Blog

Digicel Haiti (AS27653) is no stranger to Internet disruptions caused by damage to both terrestrial and submarine cables, experiencing such problems during the first and second quarters of 2025, as well as first, second, and third quarters of 2024. According to an X post from Unitel Angola, it “was caused by a disruption at our partner Angola Cables, resulting from public road works that affected the national fiber optic interconnections.” These shutdowns are reviewed in more detail in our September 30 blog post, Nationwide Internet shutdown in Afghanistan extends localized disruptions.

However, on September 17, traffic dropped to a fraction of pre-shutdown levels. Baghlan experienced an anomalous spike in traffic on September 16, with total traffic spiking 3x higher than peaks seen during the previous weeks. In Kandahar, lower peak traffic volumes are visible between September 17 and September 21. While some nominal recovery occurred on September 23, traffic remained well below pre-shutdown levels. Balkh appeared to be one of the earliest targeted provinces, with traffic dropping midday (UTC) on September 15.

Attention Required! Understanding Cloudflare’s Security Measures

HTTP request traffic from the top 10 ASNs in Afghanistan, September 29, 2025 HTTP request traffic from the top five provinces in Afghanistan, September 29, 2025 At a regional level, it appears that traffic from Kabul fell slightly later than traffic from the other regions, trailing them by approximately a half hour. Follow us on social media at @CloudflareRadar (X), noc.social/@cloudflareradar (Mastodon), and radar.cloudflare.com (Bluesky), or contact us via email. You can use the API to retrieve data to do your own local monitoring or analysis, or the Radar MCP server to incorporate Radar data into your AI tools. However, these additional observations do not necessarily confirm a “technical fault in PTCL’s fiber optic infrastructure” as the ultimate cause of the disruption.

Understanding the “Attention Required!” Message

Our analysis of related metrics found that this disruption caused a drop in the share of IPv4 traffic, as well as a spike in the share of HTTP traffic (meaning that HTTPS traffic share had fallen), as shown in the graphs below. On July 10, Telecom Egypt announced that services affected by the fire had been restored, after operations were transferred to alternative exchanges. The fire broke out in a Telecom Egypt equipment room, and impacted connectivity across multiple providers, including Etisalat (AS36992), Mobinil (AS37069), Orange Egypt (AS24863), and Vodafone Egypt (AS24835).

These anomalies are detected through significant deviations from expected traffic patterns observed across our network. As we have noted in the past, this post is intended as a summary overview of observed and confirmed disruptions, and is not an exhaustive or complete list of issues that have occurred during the quarter. A rogue contractor, among other events, caused power outages that impacted Internet connectivity. This showed up to Internet users trying to access our customers’ sites as an error page indicating a failure within Cloudflare’s network.

• However, these additional observations do not necessarily confirm a “technical fault in PTCL’s fiber optic infrastructure” as the ultimate cause of the disruption.
• Having pre-existing relationships with site administrators can expedite resolution when security blocks occur despite preventive measures.
• Balkh appeared to be one of the earliest targeted provinces, with traffic dropping midday (UTC) on September 15.
• We can now drill down at regional and network levels, as well as exploring the impact across DNS traffic, connection bandwidth and latency, TCP connection tampering, and announced IP address space, helping us understand the impact of such events.
• Robots.txt is a plain text file hosted on your domain that implements the Robots Exclusion Protocol.

Online outages: Q3 2025 Internet disruption summary

By doing so, they have chosen to instruct companies that they do not want the content on those domains to be used for AI training. Cloudflare customers have already turned on our managed robots.txt feature for over 3.8 million domains. A website operator can then optionally express their preferences via machine-readable content signals. This policy defines three content signals – search, ai-input, and ai-train – and their relevance to crawlers. There is a real cost to website operators to serve these data scrapers, in particular when they receive no compensation in return; we are experiencing a classic free-rider problem.

Through understanding the reasons behind the block and employing strategies to resolve these issues, you can navigate the internet more confidently. Being blocked on a website due to Cloudflare’s security measures can be a frustrating experience. Be patient; they may need time to investigate and respond. Sometimes browser settings can lead to being flagged.

At the end of the exam period, the Syrian Ministry of Education posted a Telegram message that was presumably intended to justify the shutdowns, and the focus on cellular connectivity. Partial outages were observed at Sudatel (AS15706), and near-complete outages at SDN Mobitel (AS36998) and MTN Sudan (AS36972). Damage from an earthquake and a fire caused service disruptions, as did a targeted cyberattack. Cable cuts, both submarine and terrestrial, caused Internet outages, including one caused by a stray bullet. In the third quarter, we observed Internet disruptions with a wide variety of known causes, as well as several with no definitive or published cause. We observed successful recovery using the old version of the configuration file and then focused on accelerating the fix globally.

(The stable latency line at the bottom of both graphs represents probes going over the Cloudflare backbone, which was not impacted by the cable cuts.) The graphs below provide another view of the impact of the cable cuts, based on Cloudflare network probes between New Delhi (del-c) to London (lhr-a) and Bombay (bom-c) to Frankfurt (fra-a). The most recent such disruption occurred on August 26, when they experienced two different cuts on their fiber optic infrastructure, according to an X post from the company’s Director General.

I mentioned above that a change in the underlying query behaviour resulted in the feature file containing a large number of duplicate rows. Customers that had rules deployed to block bots would have seen large numbers of false positives. A change in our underlying ClickHouse query behaviour (explained below) that generates this file caused it to have a large number of duplicate “feature” rows. It accomplishes this through a set of domain-specific modules that apply the configuration and policy rules to traffic transiting our proxy. The proxy applies each customer’s unique configuration and settings, from enforcing WAF rules and DDoS protection to routing traffic to the Developer Platform and R2.

This policy is a new addition to robots.txt that allows you to express your preferences for how your content can be used after it has been accessed. If we want to keep the web open and thriving, we need more tools to express how content creators want their data to be used while allowing open access. The Cloudflare Radar team will continue to monitor traffic from Afghanistan as well, sharing our observations on the Cloudflare Radar Outage Center, via social media, and in posts on blog.cloudflare.com.