206
Cloudflare took down our website after trying to force us to pay 120k$ within 24h
(robindev.substack.com)
DevOps integrates and automates the work of software development (Dev) and IT operations (Ops) as a means for improving and shortening the systems development life cycle.
Rules:
Icon base by Lorc under CC BY 3.0 with modifications to add a gradient
From the post: I'm a SysOps engineer at a fairly large online casino. We have around 4 million monthly active users. We had been happy Cloudflare customers since 2018 on the "Business" plan which has some neat features and costs $250/month for "unlimited" traffic.
This seems a bit like abuse of the business plan not cloudflare bs. They are using the cdn for 4m users for $250 a month.
Maybe you're right that ultimately they were not on the correct plan and Cloudflare was right to make them move. I don't know enough about Cloudflare's different plans to say. But what I do know is that:
Is utterly indefensible anticompetitive behaviour. So is a 24 hour ultimatum for a 40x increase in cost. I don't care if they were on the free plan and should have been on enterprise. If the ToS violation isn't actively causing harm to the public, any adjustment should be done with sufficient notice that arrangements can actually be made. 30 days seem s reasonable.
As they stated in the article, they were fully open to them calling out anything that was against the ToS, but CF never explained to them what was wrong, or how they could rectify it. They attempted multiple meetings with them to try to figure out what was the culprit, but cloudflare hit them with a 120k/month bill insisting it was necessary and never telling them why.
Clouflare fucked up in multiple ways:
That and also, what company of that scale can you just go to finance and be like "Hey Cloudflare just jacked up our rate from $250/mo to $10000/mo and they want the whole 120k for the whole year right now and we need it done within 24h or they'll cut us off". Even for companies spending a million a month on AWS costs that's 12% of the budget.
And also asking it all upfront, like, what? What happened to monthly billing? What company has the money to pay infrastructure bills yearly like that, especially on such notice?
Large companies have big cash flows, they don't have 120k just laying around, it's tied in some assets somewhere especially with the inflation, having large amounts of plain cash is bad finances. They probably need to take out a loan or sell some stocks or whatever. You can't do that in 24h.
I have no doubt the author is omitting important details in the story, they may have been getting warnings for a while at this point and they just ignored them because "we're happy with our business plan". But the whole upfront part, then terminating the account as soon as they expressed looking at competitors pricing which is absolutely normal to want to do when your bill goes up 40x, if not required by company policy. Shady as fuck from Cloudflare.
just want to add in theory there are legitimate reasons to cancel other than legal, e.g. customers system is compromised and must be taken off to stop the attacker.
Fair, but then communication is key. They should have been extremely clear "This is what's happening, you have X time to rectify it or we will need to take drastic steps"
Legal is the only one I can think of that would mean radio silence from CF, for example if they were hosting illegal content and the feds were building a case. Seeing how it was all coming from sales and they were pushing for a massive chunk of money all of a sudden I doubt that was what was happening.
Nothing to do with usage imo. They were in very obvious TOS violation that was affecting IPs belonging to CF and therefore affecting all CF clients. After a 48 hour warning they were still given two weeks to switch to enterprise plan and bring their own IPs. Instead they fucked around.
Play stupid games, win stupid prizes. I hope the CTO got fired for this.
And the article stated that they were probably abusing it and were ok negotiating a new contract. Did you read past the first few sentences?
Yes I read the whole thing. This is large company A being mad at company B for cutting off their way below market rate service and company B being a dick about the situation. I did some more digging and 4m monthly users seem to be around 1/3 of Fanduel (Flutter entertainment). This guy is probably working for a company with over $1b revenue per year. Any company that relies on their website for all of their business should have had contracts in place with CF to ensure they were fully within the ToS or contingencies in place to pivot off of CF should CF decide you aren't in compliance.
CF said their account was flagged for domain rotation activities which is against the ToS. "This also means that if a country DNS-blocks our main domain, a secondary domain may still be available. This could arguably be seen as a violation of the Cloudflare TOS, as they wrote above.". They had 2 weeks to stop doing that or upgrade to the enterprise account. Instead they didn't do that and as soon as they said they said they were looking at alternatives, CF stopped giving them grace on the ToS violation in the most malicious compliance way possible.
Yeah. And I also take these posts by outraged people with a grain of salt. Sure large companies do shady shit, but we're getting just one side of the argument and it's from an angry person. Also, in this case, an online casino. Not exactly a source I trust 100%.
for what traffic again?
That it may well be, but it definitely falls on Cloudflare that they were able to take advantage of this for so long, and that the "unlimited traffic" was displayed as one of the perks in the Business plan (although I haven't seen any evidence that that was listed). The decision to charge $10k a month would seem fairer if they weren't insanely aggressive, and claimed there were violations of ToS where there don't seem to be any.