Incident Report: Feb 18-21 DDoS + Cloudflare Outage

Railway experienced a series of network disruptions from February 18th to February 21st, 2026, primarily due to Distributed Denial of Service (DDoS) attacks and compounded by reduced network capacity from fiber cuts, affecting customer workloads globally, particularly in Asia. The attacks included multiple waves, some lasting up to 48 minutes, and shifted tactics from L4 TCP floods to L7 HTTP attacks, overwhelming shared proxy infrastructure and necessitating emergency measures such as engaging Fastly to deploy a global Web Application Firewall (WAF). During this period, approximately 2,700 endpoints experienced errors due to SSL certificate issues, and a Cloudflare BGP outage further complicated recovery efforts. In response, Railway implemented immediate actions like global WAF deployment and proxy isolation for premium customers, while also planning long-term investments to improve network redundancy and incident response processes. The company acknowledges the impact on customers and has committed to compensating those affected, emphasizing improvements in customer communication and network resiliency to prevent future incidents.