Abuse approach - Cloudflare | Cloudflare

archived 29 Oct 2023 22:51:46 UTC
archive.today
webpage capture
Saved from29 Oct 2023 22:51:46 UTC
Redirected from
history←prior
next→
All snapshotsfrom host www.cloudflare.com
WebpageScreenshot
sharedownload .zipreport bug or abuseBuy me a coffee
close
short link
long link
markdown
html code
wiki code
Preview Mode
Documentation
skip to contentSales: +1 (888) 99 FLARE
Sign Up
Log In
Under attack?
Sales: +1 (888) 99 FLARE
Sign upContact Sales
Sign upUnder attack?Log in
Log In
Under attack?
Sales: +1 (888) 99 FLARE
Sign upContact Sales
Trust Hub
  • Privacy & data protection
  • Compliance resources
  • Technologies
  • Trust & Safety

Our approach to abuse

Graphic depicting a globe with dots indicating Cloudflare data centers.
Cloudflare offers security and reliability services to millions of websites, helping prevent online abuse and make the Internet more secure. When it comes to reports of abuse on websites that use our services, our ability to respond depends on the type of Cloudflare service at issue. Most abuse reports we receive pertain to websites that use our pass-through security and content delivery network (CDN) services, while far fewer reports relate to websites using our registrar services or our services to host content at the edge. Because Cloudflare offers a variety of Internet infrastructure services to users, our abuse reporting system is designed with those different services in mind.
Click here to submit an abuse report
Graphic depicting a globe with dots indicating Cloudflare data centers.

Guiding principles in handling abuse reports

Optimization gear
Service specific
Responses to abuse should reflect the nature of the services at issue and the ability to address the harm, while minimizing the possibility of unintended consequences.
Help giving blue
Access to an abuse process
Complainants should have a mechanism to present their grievances to the party best positioned to address them.
Eyeball
Transparency
We believe in being transparent about when and how we take actions to address abuse.

How infrastructure services differ from other Internet services

A graphic depicting how Internet service providers play a role in addressing harmful content online. Cloudflare products and services are highlighted throughout the graphic.
Cloudflare’s approach to abuse reflects the nature of our infrastructure services, which are fundamentally distinct from services like social media platforms and search engines that are designed to interact with and curate content. While content curator services are designed around moderating content, infrastructure services operate without content-based distinction to help make the Internet function more securely, efficiently, and reliably. These differences can be visualized in a stack, where services at the top of the stack are better positioned to address abuse in the first instance.
Everyone benefits from a well-functioning Internet infrastructure, just like other physical infrastructure, and we believe that infrastructure services should generally be made available in a content-neutral way. That is particularly true for services that protect users and customers from cyber attacks.
Cloudflare’s abuse reporting system is designed to ensure that abuse complaints related to content can be addressed by those service providers higher in the stack, and to identify those instances in which action lower down the stack is appropriate.
A graphic depicting how Internet service providers play a role in addressing harmful content online. Cloudflare products and services are highlighted throughout the graphic.

Why the Cloudflare service at issue matters

Even within the category of Internet infrastructure, different types of services have different abilities to address abusive content. While a hosting provider may be able to effectively remove particular content from a website, other services involved in the transmission of content generally cannot. In addition to being ineffective, attempts to address abuse through cybersecurity services can have unintended consequences and make the broader Internet less secure. Laws like the United States' Digital Millennium Copyright Act and the EU’s Ecommerce Directive reflect this reality by creating a framework for addressing abuse that distinguishes among hosting services, caching services, and mere conduit services.

Which Cloudflare service(s) are at issue

If you are submitting an abuse report to us because our IP address appears in the WHOIS and DNS records for a website, it is very likely that the website is one of millions of websites that use our pass-through security and content distribution network (CDN) services. Our IP address appears in the WHOIS and DNS records for those websites because of the nature of our security services. If a website uses Cloudflare’s registrar services, that will be reflected in the WHOIS records for the website. If Cloudflare might qualify as the origin hosting provider because of the use of services such as Cloudflare Stream, Cloudflare Pages, Cloudflare Workers, Cloudflare Workers KV, and Cloudflare Images that can definitively store content, our systems will account for those services in processing your report.

Reverse proxy, pass-through security, and CDN services

Diagram depicting how Cloudflare handles abuse complaints.
The vast majority of abuse reports that we receive are about websites using our pass-through security, and content distribution network (CDN) services. Cloudflare does not host content through those services, and we cannot remove content from the Internet that we do not host.
Our abuse reporting system is therefore designed to ensure that your report gets to the parties best positioned to address your complaint: the website operator and the hosting provider for the website on which the content is posted. When you submit a report relating to a website using these services, we will take the following steps:
  • |Forward your complaint to the website operator and the hosting provider to allow them to take action on it. For some categories of complaints, you can direct us not to forward your complaint to the website operator;
  • |Provide the hosting provider with the origin IP address of the content at issue to help them locate it;
  • |Depending on the nature of your complaint, respond to you with additional details so that you can follow up as necessary.
Diagram depicting how Cloudflare handles abuse complaints.
Hosting services
A small minority of abuse reports we receive relate to content definitively stored through Cloudflare Stream, Cloudflare Pages, Cloudflare Workers, Cloudflare Workers KV, or Cloudflare Images such that Cloudflare might qualify as the origin hosting provider. If your abuse report pertains to content that we host and that we believe violates the applicable supplemental terms of service, we will remove or disable access to that content. If we disable access or remove content in response to an abuse report, we generally also notify the website operator of our action and we may make the content available again if appropriate based on the website operator’s response.
We may block or remove any content we determine:
  • |Contains, displays, distributes, or encourages the creation of child sexual abuse material, or otherwise exploits or promotes the exploitation of minors;
  • |Infringes on intellectual property rights;
  • |Has been determined by appropriate legal process to be defamatory or libelous;
  • |Engages in the unlawful distribution of controlled substances;
  • |Facilitates human trafficking or prostitution in violation of the law;
  • |Contains, installs, or disseminates any active malware, or uses our platform for exploit delivery (such as part of a command and control system);
  • |Is otherwise illegal, harmful, or violates the rights of others, including content that discloses sensitive personal information, incites or exploits violence against people or animals, or seeks to defraud the public.

More details about Cloudflare's approach to abuse

Registrar services
Cloudflare Registrar offers secure domain name registration and management services. Concerns about particular content on a website are generally not properly addressed by domain name registrars, which can only take action as to entire domains.
Registrars are better positioned to address concerns tied to the domain name, such as reports regarding inaccurate WHOIS information or domain hijacking (when the registration of a domain name is changed without the permission of the original registrant). Cloudflare takes reasonable steps through our registrar-abuse process to investigate and act on reports of such abuse submitted through our abuse page. Concerns that a particular domain name violates a trademark should be directed to the domain name registrant using the WHOIS lookup process.
When Cloudflare removes or blocks access to content
Cloudflare cannot remove from the Internet content that it does not host, and the vast majority of abuse reports we receive relate to our non-hosting reverse proxy, pass-through security, and CDN services. While we cannot remove from the Internet the content identified in those reports, we will forward your report to the hosting provider and website operator who can. In the much rarer instance that an abuse report relates to content hosted by Cloudflare through Cloudflare Stream, Cloudflare Pages, Cloudflare Workers, Cloudflare Workers KV, or Cloudflare Images, we may remove or block access to content that we identify as violating our supplemental terms for those products.
When Cloudflare terminates services
As with the rest of our abuse system, Cloudflare’s approach to terminating services depends on the nature of the service at issue. Because Cloudflare’s security services help prevent cyberattack from being used as a means for network disruption, terminating all our services is not normally an appropriate or effective response to abuse. We may suspend or terminate hosting services, however, if we conclude that those services have been repeatedly used to store content in violation of our policy and that no meaningful steps have been taken to address the issue. Other services will only be terminated in narrowly defined circumstances, consistent with our Human Rights Policy, where we conclude that termination is required by laws that are precise, transparent, and legitimate under human rights law, or voluntary termination is consistent with established limitations to freedom of expression under international human rights, such as protecting the rights of others, and termination is an appropriate and proportional way to address the concern. Consistent with the terms of the Digital Millennium Copyright Act (17 U.S.C. § 512), Cloudflare has adopted and implemented a policy for the termination of services to repeat copyright infringers. Cloudflare strives to be transparent about its approach to abuse, and we report on when we have terminated services to websites, including for websites containing child sexual abuse material (CSAM), in our Transparency Report.
Sales
  • Enterprise Sales
  • Become a Partner
  • Contact Sales:
  • +1 (888) 99 FLARE
Getting Started
  • Industry Analysts
  • Pricing
  • Case Studies
  • White Papers
  • Webinars
  • Learning Center
Community
  • Community Hub
  • Blog
  • Project Galileo
  • Athenian Project
  • Cloudflare for Campaigns
  • Cloudflare TV
Developers
  • Developer Hub
  • Cloudflare Workers
  • Integrations
Support
  • Help Center
  • Cloudflare Status
  • Compliance
  • GDPR
  • Trust & Safety
Company
  • About Cloudflare
  • Diversity, Equity, & Inclusion
  • Investor Relations
  • Our Team
  • Press
  • Careers
  • Cloudflare Connect
  • Logo
  • Network Map
© 2023 Cloudflare, Inc.Privacy PolicyTerms of UseReport Security IssuesTrademark
AB
How can we help? We're here for you!
AB
0%
 
10%
 
20%
 
30%
 
40%
 
50%
 
60%
 
70%
 
80%
 
90%
 
100%