Cloudflare chief technology officer John Graham-Cumming said in a statement that the CPU spike was caused by the error in software deployment which was rolled back after the problem was noticed.
"Once rolled back the service returned to normal operation and all domains using Cloudflare returned to normal traffic levels," he said.
Graham-Cumming said the outage had been noticed at 1342 UTC (11.42pm AEST 2 July) right across the entire network with all sites that used Cloudflare as a proxy showing a 502 (bad gateway) error.
"These rules were being deployed in a simulated mode where issues are identified and logged by the new rule, but no customer traffic is actually blocked so that we can measure false positive rates and ensure that the new rules do not cause problems when they are deployed into full production."
But one rule had a regular expression that caused CPU usage to spike to 100% on all Cloudflare machines, with traffic dropping by 82% at the peak of the problem.
Graham-Cumming said the techies had understood what was happening by 1402 UTC (0.02am AEST 3 July) and stopped all the rulesets seven minutes later.
well that's never a good sign pic.twitter.com/VvV0uNPN5x— Kenn White (@kennwhite) July 2, 2019
"We then went on to review the offending pull request, roll back the specific rules, test the change to ensure that we were 100% certain that we had the correct fix, and re-enabled the WAF Managed Rulesets at 1452 UTC (0.52am 3 July AEST)," he said.
On 24 June, Cloudflare was affected by a large-scale border gateway protocol leak cause by US telco Verizon, with the routes to many big websites instead transiting through DQE Communications, a small company in Pennsylvania.
At the time, Cloudflare's Tom Strickx said in a blog post that the problem had been magnified by the involvement of a so-called BGP optimiser product from a company known as Noction. The problems began at about 10:30 UTC (8.30pm 24 June AEST) and were sorted two hours later.
Verizon has not yet issued any explanation as to how it caused this issue.
Disclosure: iTWire uses Cloudflare's services.