Small SaaS banned by Cloudflare after 4 years of being paying customer

OP, you have garnered a lot of sympathy by the HN community which I believe in part contributed to your problem being resolved. I think it would be fair to provide more info about what the issue was in the end. It's not OK to be like "HN I had a bad experience with Company X" and then be like "k, thx @jgrahamc, bye" when your complaint gets resolved due to the attention it received.

There are so many questions this leaves unanswered:

- Was this a one-off error in Cloudflare's processes? (These things happen on a big enough scale.)

- Were you violating a specific clause of Cloudflare's T&C? How clear was the clause? What did you do to fix this?

- Was the issue that Cloudflare estimated that you're not paying enough given the bandwidth you're consuming? Did you end up signing up for the Enterprise plan?

Transparency would benefit both Cloudflare (in not making people unnecessarily apprehensive about becoming/remaining a customer) and you (in demonstrating that you're handling this issue in a professional and responsible manner).

The comments here have mainly focused on the issue of instant suspension - which is obviously deeply concerning - but I also feel like there is a huge issue at Cloudflare regarding their Enterprise pricing model.

Cloudflare's sales team and Enterprise pricing model are one of the least effective sales organisations I have encountered in this space. Given the technical nature of their product, it's extremely hard to explain even basic uses of the tool and things like Workers are near impossible to discuss with them. I was really unsurprised to see that OP had a failed Enterprise negotiation with them as I have had the exact same conversation at three different companies now and can imagine perfectly what you were told.

The current offerings of Enterprise and Enterprise Lite simply do not map to the reality of how people use the tool and scale businesses on top of it. I think in part due to Cloudflare's history essentially selling bandwidth and caching, the model is fixated on high binary traffic workloads and simply cannot comprehend the SaaS service model that runs on it and tools like Workers.

This is mostly a rant and hopefully a small +1 signal that this area needs major improvement - but I would also love to hear if anyone else has had interactions with Cloudflare Enterprise and how they found that process?

(Disclaimer: I'm a massive fan of Cloudflare, a user of their products and hold their stock)

What even is the restriction on returning JSON? One of the examples is explicitly how to return JSON

https://developers.cloudflare.com/workers/examples/return-js...

From the terms

> 2.8 Limitation on Serving Non-HTML Content

> The Services are offered primarily as a platform to cache and serve web pages and websites. Unless explicitly included as part of a Paid Service purchased by you, you agree to use the Services solely for the purpose of (i) serving web pages as viewed through a web browser or other functionally equivalent applications, including rendering Hypertext Markup Language (HTML) *or other functional equivalents, and (ii) serving web APIs subject to the restrictions set forth in this Section 2.8*. Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service *or expressly allowed under our Supplemental Terms for a specific Service*. If we determine you have breached this Section 2.8, we may immediately suspend or restrict your use of the Services, or limit End User access to certain of your resources through the Services.

Supplemental terms

> The Cloudflare Developer Platform consists of the following Services: (i) *Cloudflare Workers*, a Service that permits developers to deploy and run encapsulated versions of their proprietary software source code (each a “Workers Script”) on Cloudflare’s edge servers; (ii) Cloudflare Pages, a JAMstack platform for frontend developers to collaborate and deploy websites; (iii) Cloudflare Queues, a managed message queuing service; and (iv) Workers KV, Durable Objects, and R2, storage offerings *used to serve HTML and non-HTML content.*

I can't quite figure out how to parse this such that workers would be deemed unusable to just run an API.

I'd absolutely have gone ahead with using it for an API.

Cloudflare has non-transparent pricing, unlike AWS, which will charge you for every thing with detailed usage tracking.

When ever there is non-transparent pricing, it's scary to try and use an infrastructure related service.

The sales teams can't go around saying that you are not a profitable customer, and they can't argue with the marketing team to be more honest about pricing on the pricing page.

So, end result, let's bump of these small free loaders. Large enterprise deals is what gets us the bonus anyways.

I like fly.io pricing in that sense. And I am sure there might be others offering a more transparent pricing, otherwise like me still stuck on AWS.

Very similar to this other one https://news.ycombinator.com/item?id=34235237

I just repost the same comment I put in the above thread

> The thing that scary me most is that his business get shut down without any notice period (at least the author not mentioning any previous communications from Cloudflare team about the issue).

> This is really a shitty thing from Cloudflare, you cannot shut down an already running business without any notice/grace period.

Around 12:00 UTC today ban has been lifted for my account thanks to @jgrahamc - thanks!

Literally just sent an email to my devops guys to move off cloudflare asap. This cavalier lack of respect is a diservice and insult to all the people who rely on my product for their livelihood.

From an earlier comment I made regarding Stripe shutting merchants down, and those merchants resorting to posting on HN and getting someone on HN to advocate for them to resolve their problem [0]:

"The main issue is not that [COMPANY] is working hard to protect itself and its customers, but that customers feel very powerless in these situations. When it takes a massive effort to get attention, especially if you're small and powerless, you feel that you have no control, and that your issues will go unanswered. What can the average, powerless customer who doesn't have the weight of social media, HN, @dang, or others on their side do when their hard-earned money or business is being held, locked, or otherwise prevented, and when the cause is not fraudulent, or if the customer is unaware of that activity? The problem is that accounts are just shut down, moneys are held, and there's no quick or clear communication, with customer support simply saying it's not in their control. It's this feeling of powerlessness that's the issue, regardless of whether or not [COMPANY] is in its rights or doing what it feels is in its and its customers best interests.

What can you do to help empower the powerless customers when their livelihoods are at stake? Can you provide some way to not instantly assume fraud or malicious intent on behalf of the customer and provide some quick and direct way for the customer to feel empowered?"

Having to resort to HN to get major problems resolved that are major customer service and potential legal / liability issues causes me a lot of stress when I realize that I have don't have nearly the same sort of power or influence as some of the others here do on HN. I worry that my complaints would simply go ignored.

@jgrahamc would love you to comment on what we can do to avoid people having to resort to HN for a solution to these problems, which favors the well-connected and squeaky wheels and disfavors everyone else.

[0] https://news.ycombinator.com/item?id=34274456

4 Billion requests per month involving 1 Petabyte of traffic doesn't seem like a "small SAAS", at least packet-wise. If its small revenue-wise, addressing that is a business concern as important as having your platform throttled for using the cheapo economy edition tier of whatever you've signed up for with Cloudflare. Did Cloudflare issue any formal communication with you warning about usage and how it violates contractual terms, or did they "ban" you out of nowhere?

Cloudflare: MitMaaS

https://framagit.org/dCF/deCloudflare/-/blob/master/readme/e...

I've asked internally to understand this.

I've recently dropped and then readded (a few months later) a zone to Cloudflare for a domain only I ever owned. And they refused to add it for "policy" reasons, so I had to wait a week or so until Cloudflare just unlocked it without providing any rationale.

It's not a company I trust to not randomly screw me over out of the blue anymore.

i'm about to move a significant amount of traffic to cloudflare. holding off until i see how this is handled. Can you please update this to reflect the total time of service outage and time to resolve. As a busy tech company, this is an unneeded problem. We pay cloudflare to be fast. Not make our sites slow and unresponsive.

I stopped paying for cloudflare after their support team was unable to debug why one of my rewrite conditions wasn't working. I provided them full details like for kindergarden, but they replied after days saying it's working on their end, lol. I deeply respect the cloudflare tech and the dev team, but support sucks and i don't trust cloudflare anymore. I won't pay even a single cent, even if they would have stellar support from now on. After reading all these cloudflare stories lately, and knowing how they treated me, i don't care about them anymore. Someone should write a "you probably dont need cloudflare" article. I'm disgusted by these kind of companies that grow large and they stop caring for the people who were there with them from day 1.

"The large print giveth, the small print taketh away" has never been more true than with Cloudflare.

None of Cloudflare's marketing or technical documentation makes any explicit reference to "permitted usages" for Cloudflare services such as R2 and Workers.

This page for example means one thing without any reference to permitted usages and would mean something entirely different if the permitted usages were promoted with the same level of visibility as the benefits.

https://www.cloudflare.com/products/r2/

Nothing here tells me I cannot write my own video serving code with Workers:

https://workers.cloudflare.com/

You might even believe "whatever you need" from this paragraph from the above link:

"Static assets with dynamic power. Say goodbye to build steps which pre-generate thousands of assets in advance. Harness the unrivaled raw power of the edge to generate images, SVGs, PDFs, whatever you need, on the fly, and deliver them to users as quickly as a static asset."

This developer documentation would takes on an entirely new meaning if a link to "acceptable uses" was prominent at the top of each page (not fine print).

https://developers.cloudflare.com/r2/get-started/

https://developers.cloudflare.com/r2/data-access/workers-api...

https://developers.cloudflare.com/r2/examples/demo-worker/

Have built an entire application around assuming there were no such limitations I now need to rebuild elsewhere.

Humph.

I now no longer even understand what "no egress fees" means - in a way that's worse than the big cloud providers where at least you know they are charging you 9 cents per gigabyte.

Looking at this with interest as I've multiple projects on cloudflare now and in development.

Cloudflare has published a blog post about this event: https://blog.cloudflare.com/how-cloudflare-erroneously-throt...

While I agree HN shouldn't be used as a way to get direct customer support, I don't think it's fair to grab and point our pitchforks to @jgrahamc over a one sided story. There's not nearly enough information from both sides to create fair judgement (these things happen, unfortunately, at larger scale with automated processes). What matters is the afterthought and actions taken of what's going to prevent a similar situation in the future (which I'd love to read from both OP and @jgrahamc if possible). HN is my go to stop for well formulated opinions written by people way smarter than me and I think we dropped the ball here, HN can do better. That said, happy that your issue got resolved OP and goodluck with your project!

My experience with the Cloudflare sales team is they were woefully disconnected from any ability to make good on their promises, and that it didn’t matter to them at all. It was a strange narcissism -bit wasn’t that they were deliberately lying, it was as if the notion of truth and lies didn’t matter. That if they kept blabbering assumed that they’d get the sale.

In general you can’t trust salespeople and need to get everything in writing. Cloudflare is a prime example of why.

And I’d add in my case because we were keeping track of their promises, we caught them before the sales process completed. It cost them seven figures a year. But maybe it doesn’t matter - their sales approach still has them worth $20 billion.

I recently signed up to CloudFlare for their Yubi key deal that was still being advertised on their website. A week later I received an email saying only customers subscribed by a certain time could claim the offer.

I asked them to delete my data or provide the Yubi offer and they did neither. So they sit in an email folder known as bad companies. Because my data has value and they lied to obtain it for their own gain (aka fraud).

In Canada we have private prosecution/rules about falsely acquired data. Every bad story on HN puts me closer to opening that folder up and ensuring my data costs at least 100k.

Enough is enough.