Cloudflare confirms Russia restricting access to services amid free internet crackdown

Russian internet service providers have been restricting access to websites protected by Cloudflare, significantly disrupting web traffic within the country, the U.S. internet infrastructure company confirmed.

Cloudflare said last week the throttling began on June 9 and is preventing Russian users from accessing websites and services that rely on its platform for security and performance. The company’s internal data shows that ISPs are capping data transfers at just 16 kilobytes per request, rendering most websites nearly unusable.

“The action is outside of Cloudflare’s control,” the company said in a statement. “We are unable, at this time, to restore reliable, high-performance access for Russian users in a lawful manner.”

Russia has been cracking down on Cloudflare for months, and other foreign cloud and hosting providers — including Hetzner, DigitalOcean, and OVH — have reportedly faced similar restrictions. The country’s internet regulator, Roskomnadzor, has urged users to stop using their services and switch to domestic hosting providers. 

In November, Roskomnadzor blocked thousands of websites using Cloudflare’s Encrypted Client Hello (ECH), a privacy-enhancing feature that conceals which websites users are attempting to access. The agency claimed the technology enabled users to bypass government censorship and violated Russian law.

Local media reported that Cloudflare traffic in Russia has dropped by around 30% since early June. Russian authorities have denied that such disruptions are taking place.

Cloudflare said it has not received any explanation from Russian regulators but noted the disruptions appear consistent with broader efforts by Moscow to isolate its internet infrastructure and replace foreign technologies with domestic alternatives. 

Russian internet providers such as Rostelecom, Megafon, Vimpelcom, MTS, and MGTS are using various methods to throttle or block websites protected by Cloudflare. These include injecting fake packets to break connections, blocking data to cause timeouts, and most recently limits on data transfers which make only a fraction of webpage content accessible. 

“If you are using Cloudflare to protect your sites, unfortunately, at this time, Cloudflare does not have the ability to restore internet connectivity for users based in Russia,” the company said, advising local users to contact Russian authorities and request that the restrictions be lifted.

Russian experts say small businesses, particularly online retailers, are likely to be hit hardest by the Cloudflare disruptions, potentially losing significant web traffic. They also note that domestic services still cannot fully replicate Cloudflare’s capabilities, and migrating away would be costly and technically complex.

Unlike many Western tech firms, Cloudflare did not fully exit Russia after the 2022 invasion of Ukraine, saying at the time: “Russia needs more internet access, not less.” However, it did terminate services for clients linked to sanctioned entities, including financial institutions and influence operations.

Local media reported that, following the invasion, some Russian businesses voluntarily stopped using Cloudflare due to its U.S. origin. Others continued relying on its protections, particularly amid a growing wave of distributed denial-of-service (DDoS) attacks.