Heh, lucky you, at least you get a message. My ISP just drops traffic to the affected IPs. No ping, no traceroute, just a spinner in the browser until it says "page not found".
Every response and comment from LaLiga, the football organization responsible for this, has been so far that this is a minor issue that only affects a few bunch of nerds who talk about "docker images" or "github repositories" or "whatever that means".
Meanwhile, there are testimonies of smart home devices like anti-theft alarms or automatic doors, that stop working whenever there is a football match, because their backends rely on Cloudflare.
Last week, a woman asked for help on social media, as the GPS tracking app she uses to see where her father with dementia is, went offline during a match. It was getting late and he still wasn't back home, and she couldn't locate the tag he was wearing to find him: https://www.infobae.com/america/agencias/2026/04/05/laliga-d...
It's hard to say this, because no one should experience an event like this, but as stressful as these are, it's the only way to make the mainstream people care about this censorship. "I cannot pull a docker image" will never be on nightly news, but safety and personal security is a more powerful driver for discourses.
> Heh, lucky you, at least you get a message. My ISP just drops traffic to the affected IPs. No ping, no traceroute, just a spinner in the browser until it says "page not found".
This is generally how the GFW works in China. Instead of an overbearing nanny like a school or corporation's DNS blocker, you're left with a sense that you're on a version of the Internet that is just intermittently and somewhat mysteriously broken.
And indeed, in China, a lot of things that probably aren't fully intended to be blocked are not reliably accessible. Implementation varies, so you get strange routing and peering issues. It feels like an Internet that isn't fully formed, that hasn't finished coming together yet.
Nation states and corporations obviously gain some things sometimes by having Internet censorship/blocking frameworks in place. Maybe, sometimes, ordinary people even benefit, too, if it helps shut down illegal and genuinely harmful businesses.
But it feels like the whole world is gradually trending towards more and more Internet censorship without realizing that we are un-building a miraculous thing that took enormous effort and cleverness and expense to build. I wish we could think about this not only in terms of freedom (and we absolutely should think about it in terms of freedom), but how we are disintegrating the infrastructure of communication and computing.
Your last paragraph: it is sad. But we had successful global networks before the Internet (the PSTN, telegraph) and we'll certainly have global networks after this at some point in human history. Perhaps in the the time between the Internet and what's next, the world will become a bit more mature about a few things.
> But we had successful global networks before the Internet (the PSTN, telegraph)
These were ripe with espionage, wiretapping and sabotage. Access to it used to be highly restricted as well, up until the 90s for example you were only allowed to connect government-licensed modems to the German PSTN directly.
> These were ripe with espionage, wiretapping and sabotage.
Just like today's Internet. BGP spoofing, CALEA, DDoS.
> Access to it used to be highly restricted as well ...
And this is where the regression or "downfall" is beginning. Access to the Internet (as in ability to send/receive arbitrary data to the wider Internet) is something I bet is going to be increasingly restricted, but most people won't notice because they don't understand the difference between apps and the Internet.
I'd be surprised if direct access to the Internet is possible for consumers in the next 10 years. Everything will have to be through approved apps (age assurance is going to be the catalyst) that work over registered tunnels contracted through ISPs, if there isn't an outright blurring or merger between the concepts of phone/CPE, ISP and CDN. Your non-tech layperson will not know any difference whatsoever if all they use are their phone plan, streaming/banking apps and Facebook.
All people affected should file a complaint with your ISP and with Oficina de Atención al Usuario de Telecomunicaciones claiming financial loss for arbitrary service censorship.
I've been filing complaints since a year ago, told others to do the same too, nothing happens. There been moments I've meant to deploy fixes to issues but I cannot, because some tooling goes offline.
I've claimed financial loss, claimed sanity loss and everything in-between, but I'm afraid unless something reaches the European/EU courts, Spain will continue to be in the pocket of the La Liga owners.
Straight up fucking censorship with wide collateral being completely accepted in a Western country in 2026, beyond comprehension how this is allowed.
Whenever I get a little down over how much power unelected corporations have in my country, I can at least cheer myself up a little by being thankful that something as stupid as football doesn't have enough power here to control whether or not I have internet access.
If anyone who’s capable in Spain set a petition or the relevant steps and put it on HN. I’m pretty sure any Spanish resident in HN would be more than happy to take part even if it means to send a Bizum for the cause.
(Sadly as living in Spain for about a year I’m still not in such place to raise this or understand the full steps needed)
Because the EU as a whole is quite happy to censor and generally wield the same tricks as "non-Western" countries in their desires to combat misinformation (however our EU bureaucrats define it), child abuse materials (see Chat Control that thing is not going to go away), and hatred (oh boy).
We've never guaranteed the right to free speech and because we haven't it's a slippery slope all the way back down to the furnaces of autocracy we sprang from.
The Spanish president has come out on record saying we don't deserve anonymity on the internet.
Used my digital certificate (which is installed in the browser), but AFAIK, you can use Cl@ve on that page above too.
In the past, I've cited BOE-A-2022-10757 (https://www.boe.es/buscar/act.php?id=BOE-A-2022-10757), done a reclamació for the repeated loss of lawful access on my connection, and a denúncia about a broader overblocking practice affecting access to lawful services.
Also, supposedly, we should be able to make claims to CNMC as well, but haven't figured out how. Also of course, been complaining to my ISP every time it happens too.
It would be great if there was a webpage with clear instructions on how to do this, maybe fill out a few questions and get a printable pdf you can mail, or at least telling you how to file an online complaint. Making complaints very low friction will lead to more of those and perhaps more attention to the issue.
Snail mail uses up physical space so it might get more attention, it would be hilarious to see news reports of truckloads of complaint mail being dumped in front of the whatever office.
> It would be great if there was a webpage with clear instructions on how to do this, maybe fill out a few questions and get a printable pdf you can mail, or at least telling you how to file an online complaint. Making complaints very low friction will lead to more of those and perhaps more attention to the issue.
This is a great idea, we definitively should make this happen! If people are curious on collaborating on something, reach out, email in profile (English or Spanish emails welcome!).
Sadly, it won't accomplish anything. La Liga seems to have enough political power in the country to bury all of that. Probably bribing everyone involved.
Corruption at that level could mean organized crime. Is there a culture of betting through illegal bookies, are they fixing matches, or ¿porque no los dos?
Well, I think when the organized crime is registered as proper businesses and they have the judges on their side even if the law isn't, I think we just call that "for-profit capitalism" nowadays.
The companies relying on cloudflare won't be in Spain. If you buy a GPS tracker by a Canadian company, developed in India, manufactured in China, they are unlikely to know, even it they cared, that a single country that accounts for a tiny percentage of their sales breaks fundamental internet infrastructure on the regular "because fútbol y dinero".
And when purchasing a product, there's no "bill of materials" telling you about the services it relies on, beyond "internet connection" at best.
I'm not saying this situation isn't bullshit, but the bigger problem is that CloudFlare is now "fundamental internet infrastructure". This is precisely the situation that the internet was designed to prevent.
Yesterday I got stuck in endless CloudFlare CAPTCHA's, trying to access theretroweb.com. I had to give up. Many such cases. I hate CloudFlare so much, it's unreal.
> This is precisely the situation that the internet was designed to prevent
Right, but on the other hand, our constitution and laws are supposed to give us the rights to access a internet where the government cannot block entire companies who host websites, because a few bad websites are hosted there.
Not to mention all us freelancers, contractors and just in general computing users, who sometimes want to continue working although 90% of the country is watching football, we should be able to do so even if pirates use Cloudflare for shitty stuff.
I agree that Cloudflare sucks, people should avoid defaulting to putting Cloudflare in front of absolutely everything they do and I too get stuck at the CAPTCHAs sometimes. But that doesn't remove the fact that Cloudflare, just like every other lawful company, should be allowed to be visited during La Liga matches.
> there are testimonies of smart home devices like anti-theft alarms or automatic doors, that stop working whenever [...] because their backends rely on Cloudflare.
The fault here lies 100% with horribly designed IoT devices that turn into bricks when they lose internet connection.
Yes you can. Fight with clever technical solutions and the politics will follow once the solution becomes common or displays its usefulness. It is in fact the most effective way to fight dumb political issues.
In my country (Russia) the politics followed, now the ISPs block the OpenVPN and wireguard packets. And sometimes the white list mode is enabled, so you cannot connect, with your clever custom VPN solution, to a host outside the country
You should be able to use things like sshuttle or even tunnel through HTTPS whatever you want, right? As you can control both sides of the tunnel with encryption (comes by default), no MITM-ing unless you are forced to use solutions that install and eavesdrop on your secure traffic too.
1) they do protocol sniffing, and any inconsistency (including statistical) gets you blocked
2) "white list mode" which engaged sometimes (poorly implemented atm), means nothing goes outside of country at all (means 99.9% of everything is broken). They really want to become North Korea soon
It depends on what the political system is trying to do.
A VPN won't help against government blanket outages, where the target is complete control of communications, and attempts to circumvent may result in extreme penalty. In this case, where the government policy is to stop unauthorized streaming, and collatoral damage is acceptable, a VPN hosted in a more favorable location is likely to work enough. Afaik, I don't think Spain has the political appetite to block VPNs and such during football matches.
You can still fight the political issue with political means, but in the mean time, you can also get work done.
> Afaik, I don't think Spain has the political appetite to block VPNs and such during football matches
Unfortunately nobody is quite sure what appetite they have, because LaLiga is doing this all on the back of a relatively narrow judicial ruling that hasn't been reviewed in a long time
That became a popular refrain at some point but the truth of it varies. In fact many political issues are brought about by technical changes so obviously the reverse must be possible as well.
What technical solutions can't change is the underlying social dynamics.
Even that is IMO untrue: "technical solutions" have indeed changed society at large quite significantly; eg. "social media" is one very influential example, "smart phone" is another, "internet" itself, etc.
Aren't you agreeing with me? None of those things changed the underlying social dynamics that humans exhibit but they nonetheless affected widespread social and political change.
That's actually part of rebellion modus operandi, so totally something realistic. But not within the frame of law and not in the sweet position of someone away from the "I'll die for the just cause" mindset.
can you rephrase your idea please. What's realistic, fighting stupid laws or corporations with a VPN? Yes, but not for long. They are always stronger than you, they can switch from blacklisting to whitelisting and your VPN becomes useless.
I was trying to refer to an actual rebel position, which is actors which use illegal practices to achieve their goals agaisnt institutions in place. Which might have the cool attitude imagery attached to it, but which is certainly not an easy one in reality.
> The football league would rather not have pirates livestream their ~90 minute games.
Funny enough, I work in IT and I've had to use a VPN to be able to do my job when soccer is on, but my two non-tech-savy family members that do watch soccer using pirate livestreams say that they've never had any issues with blocked streams.
I work in IT and have found that the issue impacts my work but not my ability to stream sports from sites of questionable legality. Of course, I don't pirate La Liga matches but that's primarily because I don't give a shit about soccer.
But the point is that the measure does more to block legitimate use than illegitimate (in my experience). And next they want to go after VPNs. Wonderful.
They don't even "lose a small amount of money." They simply gain less money than usual for a short period of time. Think of how rough that is for them.
I think it's even that they "gain less money than they could if everyone watching illegally would pay for it when they could not watch illegally" (that's usually how companies crying "piracy" calculate "losses" — "let's assume everyone watching illegally would certainly still watch it and pay the full price").
> Cloudflare would rather not block websites without a court order specifying the sites to be blocked.
why would they?
> squabble between two huge corporations
I think this is just LaLiga using it's cultural and economical power, don't think Cloudflare or the courts should be making exceptions just so they can control how people watch football
Plenty of companies proactively take action against shady users, even if not 100% required under law. Youtube has content id, social media companies have "community guidelines", and ISPs have AUPs.
technically, LaLiga themselves doesn't even do the blocking. They have a court order from some years ago that allows them to compel all the individual ISPs to block any IP addresses they specify, with no oversight or review
This must negatively impact a huge number of businesses. Is there no move for them to all get together to take legal action against LaLiga to stop them doing this?
This is a great example of why blanket IP blocking is such a terrible enforcement mechanism. Cloudflare hosts hundreds of thousands of services behind shared IP ranges — blocking one IP to stop a piracy stream
takes out everything else on that IP, including Docker registries, API endpoints, and CDNs that have nothing to do with football.
The real fix on your end until Spain sorts this out: set up a pull-through registry cache (e.g. registry:2 with proxy.remoteurl) on a VPS outside Spain, and point your Docker daemon's mirror config at it. Your
GitLab runner pulls from the cache, the cache pulls from Docker Hub via a non-blocked IP. Also insulates you from Docker Hub rate limits.
But yeah, the fact that a court order about football streaming can break docker pull for an entire country is genuinely absurd.
> This is a great example of why blanket IP blocking is such a terrible enforcement mechanism
AFAIK, they're not doing "blanket IP blocking", they're intercepting requests based on DNS and IP, and try to serve their own certificates and their own content. Obviously, in most cases it fails, as the certificate doesn't match the site, so the browser rejects it, but as far as I can see and tell, there is no "blanket IP blocks", more like "DNS and IP interception".
The difference doesn't really matter in practice, sucks regardless, but I thought I'd clarify for the ones who are not experiencing these blocks themselves at least.
I wondered how they actually managed to have their own business to be unencumbered by that. At a certain corporate level, you have to have some piece of tech in your portfolio that relies on cloudflare. I hope one day there companion or "2nd screen" apps stops working during a game, because using cloudflare.
I would imagine they do. The people running the pirate sites know what they are doing. Noone who really wants to stream pirated games is stopped. Blocking CF is performative, not effective.
i have no data to back this up but in the past cloudflare was much more lax with piracy sites and I can imagine that Azure is stricter with blocking them
Barring an Internet giant suing them in court, it really feels like this is unlikely to change as most just don’t understand the why or the effect.
Someone needs to write a heist movie set in Spain where a key part of the plan is they steal something while La Liga is blocking some key security route.
This is the moral equivalent of shutting the water off for a whole city because one dude's house has a leak. The harms to society clearly and obviously outweigh any possible benefits to society. But if that one dude has the power to shut it all off, and doesn't care...
As a Spaniard, I would be very happy it cloudflare stops serving Spain. The situation is beyond stupid and I know without international pressure and shaming we're not getting rid of this abuse.
They should at least do a single "awareness day" during which they block the same IPs and sites they are ordered by court, as if there was a football match on. Ideally with a 7 days public notice announcement. Probably won't happen though, as their contractual obligation won't allow for voluntary suspension of services.
Hah. I have had to use a US-based VPN to access GitHub pretty much every weekend lately. La Liga's efforts to curb pirate TV streams are basically undermining the internet itself at this point.
This is also not new behaviour - Theo posted a YouTube about it nearly a year ago[1].
not necesarilly, any government will make decisions, if there's no one to speak up and inform them why the decision is stupid, like the one from LaLiga, then we end up in this situation
ok, then what do you suggest? we don't get involved and decisions at the government level are made for us? I might be naive, but let's not be restrained by the cynicism of any involment in politics and governance is corruption
What? This is how governance and public opinion happen, at least in Spain. Government does something bad? Everyone out on the streets to complain, and calling politicians to change their mind.
Sometimes it works, sometimes it does not, but doing nothing is never an option if you disagree with what they're doing. To think that doing nothing is better than something, that's incredibly naive.
Maybe it’s time to reflect upon the reliance on centralized services?
Not long ago docker hub started rate limiting access and we all turned to blanket solutions like the GitLab registry cache.
I wonder if the IPFS distributed docker registry thing still exists/works.
Here in Brazil sometimes my ISP goes into a weird state where I can't SSH into a remote machune. Got two ISP links here and still sometimes I need to resort to Mullvad to get stable internet
> instado por la Liga Nacional de Fútbol Profesional y por Telefónica Audiovisual Digital,
(The trial was initiated by LaLiga and Telefonica...).
"Telefonica" is the (exclusive) distributor for the rights of streaming the matches, and is only (of course?) the main consumer (and business) Telco in Spain: they are in a game they cannot lose. This is such an abuse and no government (this, past, whichever) has done anything about it.
It is also educational to look up the overlap between Telefonica directors, LaLiga directors, and the government officials who granted the defacto monopoly
I had to Google why this happens, blocking cloudflare during football games seems.. Arbitrary, to say the least. Maybe something to do with hooligans trashing entire cities when their team loses? I could almost get behind that, if I thought it would work..
But no, it's apparently to stop piracy!? Turning off half the internet, and mostly the legitimate parts at that (since when do pirates use cloudflare?) seems like probably the worst method to go about it.
Someone ought to start streaming those games illegally without using cloudflare just to demonstrate how stupid this policy is
> Someone ought to start streaming those games illegally without using cloudflare just to demonstrate how stupid this policy is
Oh, the icing on the cake is that they already do. While my whole dev stack gets shut off every weekend, my neighbour watches pirate futbol streams just fine - not only is it a stupid policy, it's an ineffective one, and the pirates bypassed the bans ages ago
Pirates use cloudflare because it solves their biggest problem, DOS attacks. Rights owners figured out that they can shut down these sites by DDOSing them which bypasses the courts and can be done instantly, so the pirates put their sites behind cloudflare ddos protection.
Just to confirm it is true. This is LaLiga bringing down essential country-wide infrastructure on soccer hours if your internet access is through main ISPs.
I'm in Spain as well and it sucks a lot. What I do now is I go thorough Cloudflare 1.1.1.1 VPN (set up on my router). Fixes the issue and there is practically no latency or bandwidth impact.
What Spain does is basically censorship and it's very poorly executed. The docker image registry is only one out of the many collateral victims of this stupid law.
> What Spain does is basically censorship and it's very poorly executed
Basically? It is censorship, with huge collateral damage and regardless of how much we complain or share evidence that the blocks are actually financially harming us, no one seems to care as long as La Liga gets to freely block whatever hoster of websites as they wish.
It's just like the Great Firewall of China, except in service of football profits instead of political ideology. I don't know which one is dumber and more disgraceful.
I wouldn't say "instead of", just "also", these "football blocks" are not the first cases of censorship of the internet in Spain.
womenonweb.org for example was inaccessible for years, just unblocked some years ago. During the latest Catalan independence referendum, the Spanish government blocked a bunch of websites, not the very least the official website of the referendum itself.
This is just one of the most recent cases, and so far the one with widest regular impact.
The only viable way to even get most of them is to shut down internet access entirely. It's not a realistic solution, unlike blocking a few well known IP ranges belonging to a large corp like Cloudflare.
And even if you managed to get them all beforehand, some VPN providers will adapt and keep some servers in reserve, putting them online just as you managed to block the previous ones. Getting around internet censorship is a large chunk of their business, and some are really good at it.
You don’t really need to block all, you just need to annoy the users enough that paying is easier. And I think there are enough games to use up the IP reserve pretty quickly and getting new ones every time is pretty annoying.
I can provision a new VPS in about 5s of active work. I'd probably fully automate spinning up new servers and failing over because automatically detecting which got blocked is trivial. Bonus points if you use providers that let you attach multiple IPs to each VPS for cheap. Use some censorship resistant decentralized protocols to provide the next couple IPs to your client software and you're good.
And then they still need to monitor hundreds of VPN providers for whether they have new IPs, which is not neccssarily as easy as just grabbing a list of them. Once they have some, they then need to forward them to the ISPs and ask for them to be blocked. Their process is significantly less friendly to automation.
No country ever won this fight short of total shutdown/disconnects.
It's a game. The VPN marketplace is huge so it's wack-a-mole.
Big companies don't hide their VPN ASNs. Obscure, for sure, but getting a good list isn't hard. Usually they get blocked.
Smaller companies may pass under the radar, and have higher tolerance for risky strategies.
The fringe providers are the problem. They aggressively change IP ranges, front-vs-obscure ownership, and play dirty. Shady folks will resell residential ranges. End-users often get tainted goods.
... and you still have the collateral damage game when VPNs host infra with big cloud providers vs colofarms vs self-host, etc.
Yes, but that's not something many can do easily. Also already having to use a VPN is not the "right" solution. The right so solution is to beat some sense inside some politician's head, and force them to write and approve laws that don't let stupid (or conniving) judges pass orders like this one we are talking about.
But anyone who is pulling docker images in a sunday afternoon while the rest of the country is glued to their screen to watch a football game or enjoying a sunny sunday outside having beers and tapas and what not should be capable of setting up wireguard.
It is not a DNS based block, but on the IP level. Once I knew what caused the issue, I figured I use one of my Hetzner vServers as an exit node in tailscale.
But come on, this can't be true. I wonder how many other people in IT wasted hours on issues and tickets to find out it is due to a football match taking place. Admittedly, chances are low, as football matches are usually outside of office hours.
Going to play devil's advocate here but I suspect if Cloudflare had been more cooperative about taking down illegal content, LaLiga would not have resorted to blanket blocking individual IPs.
I would really like to understand more about the process that they should follow but didn't / followed but didn't satisfy them / doesn't exist, in order to remove infringing websites quickly from CloudFlare.
I work with actually malicious content (things that make people lose their life savings) and Cloudflare abuse is relatively helpful (compared to most ISPs who just don't care).
They just refuse to take down random things that some media company representatives send their way, without a court order or any oversight. And this is a good thing.
Welcome to the club, buddies! Here, in Russia, the government doesn't care about collateral damage at all when shutting down whole Internet in cities. They turn on white list mode, when only approved sites and IPs work. Businesses stop working and start losing money? They don't care. Important IT systems stop working? They don't care. People can't communicate with each other? Don't care.
And seems like it will happen everywhere else. Sad to see the whole world goes down apart.
Fair enough, I completely agree. However in the case of Russia specifically, I understand that at one point Ukrainian drones were making routine use of mobile internet within the county. Temporary internet whitelists seem like a reasonable alternative to complete blackouts in that scenario. There are plenty of historic examples of malware using just about any communication platform for the C&C transport.
Well, Cloudflare does not launch anything. They acquire to build products. Look into all their recent product launches. They acquired a relatively small company and converted the founding team to a product team.
So, if you want them to build stuff, ask yourself, are there any "Docker Registry" startups out there. If jsdelivr/globalping is not keeping you busy enough... there is an idea
I do not think that is the issue. The recent acquisitions from all these big tech companies did not have any "meaningful" user base to begin with.
I think your name alone carries significant weight in the industry and you have built a very large community.
If you even vibe code something with, you will get a stupid amount of money thrown at you and a contract that bounds your existing projects and the next 3-5 years to a particular company as project lead.
Cloudflare could resolve this without negatively impacting fundamental services... just place all newly registered sites (e.g. <30 days) on a dedicated block of IP addresses. That way, Spain's government-ordered censorship could be limited to (mostly) pirate sites. Or they could invest money in vetting customers properly.
But of course, Cloudflare rather prefers to hold their actual large customers (who don't have much of an alternative to CF) and everyday Spaniard users hostage.
What would prevent a pirate site operator from registering a domain a few months in advance and sitting on it in the meantime?
How do you propose customers ought to be vetted? Why should a host be expected to take on the duties of a hall monitor? Isn't that the judiciary's job?
I think it is actually Spain using their residents as hostages in an attempt to extort Cloudflare and other large providers. The current situation is best described as blatantly corrupt regulatory capture.
CF could just sue LaLiga and the judge as interrupting and intercepting telecomms it's a really serious crime in Spain. Call the AEPD too because of consumers' right against both ISP and LaLiga's snooping. Another huge fine.
This is not an issue under the civil code (civilian issues), but something to be dealt under penal (criminal) code.
They could potentially file the suit against Spain in European Court of Human Rights if they have exhausted national remedies. ECtHR has previously ruled some blocks to be illegal, but generally in the context where country sought the ban. Of course in both cases Court is the one that actually orders the ban.
One relevant would be Yildirim v. Turkey where court ordered blocking access to all Google sites because there was one that where someone insulted the memory of Atatürk. This was due to request from Telecommunications Directorate. This then caused the appellant's website to get blocked as well.
Another one would be Vladimir Kharitonov v. Russia.
The last sentence of this submission makes no sense. You are in Spain. Allegedly, the country has a representative government. That means that you should have a way to influence the government to fix this idiocy. If, in fact, you don’t, then it is not a representative government and …ahem… further steps may be warranted to remind the government whom they work for.
Spain is a failing country. Their economy is in shambles and the government has ceded internet control to a private corporation who runs football games.
The figures I cited are for GDP per capita, which accounts for population growth. Moreover immigration should have the opposite effect of depressing per-capita GDP, because immigrants typically take lower skilled jobs, dragging overall productivity down. So if anything, the figures are artificially depressed, not inflated.
Spain isn't a perfect country, I don't think any is. But the economy isn't in shambles, only someone who doesn't know what they're talking about would say anything like that. It does suck that La Liga can wield so much power, agree, but this is not related to the economy at all...
Those are easy enough to dissuade with readily available PoW solutions. People use CF & co. out of convenience, the exact same reason that most websites load resources from at least half a dozen third parties instead of self hosting.
Perhaps that is true, but the Cloudflare anti-bot protection is too stupid and annoying.
They should have used a cookie or something else that does not require asking me every few minutes to prove once more that I am not a bot.
There was a time when Cloudflare had become less intrusive, but for the last months it has begun again to intervene almost each time when opening some pages.
There is no doubt that anti-bot protection can be implemented in a better way than Cloudflare does, but presumably the alternatives would consume more resources on their servers, so probably they choose whatever minimizes their costs, regardless if that ensures maximum discomfort for Internet users.
Who knows what upsets ClownFlare? I'm using Vivaldi on Linux on IPv6 in Denmark with every uBlock filter enabled and Cookie Auto-delete. That seems to confuse and anger CloudFlare and I get CAPTCHA tarpitted constantly.
That, ironically, includes Cloudflare. Without rampant bots making the internet worse for everybody, they wouldn't have as much work. And their portion of profit is anything but small.
I know this is an unpopular opinion among freedom maximalists, but:
It’s precisely because CloudFlare isn’t responding like other CDNs to reasonable demands to cut off pirate origin sites that this mess exists. If they reacted quickly to remove configurations that are obviously facilitating copyright infringement, Spain wouldn’t resort to full scale ASN blocking.
How do we know it’s CloudFlare? Because other CDNs like CloudFront, Akamai, Fastly, etc. respond to takedown demands and aren’t being blocked. (Those also cost money and require customer identification.)
In an escalating war between the state and a corporation, the state will always prevail if they have the public’s backing. In Spain it’s clear that most people are happy to watch the match through legitimate channels even at the cost of blocking CloudFlare.
> It’s precisely because CloudFlare isn’t responding like other CDNs to reasonable demands to cut off pirate origin sites that this mess exists. If they reacted quickly to remove configurations that are obviously facilitating copyright infringement, Spain wouldn’t resort to full scale ASN blocking.
Apropos of anything else, CF is (reasonably) requiring a court order to remove offending material rather than just "well, company said so, so eh, just do as they say". La Liga complains that "oh, that's too slow for what we want" and just got a blanket ruling.
I am not a fan of CF but your argument seems to be "CF should just roll over any time someone says "hey, delete this", because, obviously, everyone knows it's problematic, right? Right?".
At least the DMCA in the U.S. has guardrails: not just anyone can send a takedown demand for everything. The requester has identify the works and declare under penalty of perjury that they are operating on the behalf of the owner. I imagine the equivalent EU law has similar requirements.
CloudFlare uses legal chicanery to try to subvert the DMCA by claiming that because they’re not the origin server, they’re not subject to takedown demands. So far no court has told them to knock it off. I expect that day will eventually come. Every lawsuit against them to date has ended in a settlement because CloudFlare would rather pay up than get an unfavorable ruling on the books.
CloudFlare has consistently treated loss of DMCA safe harbor protection as a material business risk; it’s been cited in every SEC filing from the 2019 IPO S-1 through the FY2025 10-K.
Heh, lucky you, at least you get a message. My ISP just drops traffic to the affected IPs. No ping, no traceroute, just a spinner in the browser until it says "page not found".
Every response and comment from LaLiga, the football organization responsible for this, has been so far that this is a minor issue that only affects a few bunch of nerds who talk about "docker images" or "github repositories" or "whatever that means".
Meanwhile, there are testimonies of smart home devices like anti-theft alarms or automatic doors, that stop working whenever there is a football match, because their backends rely on Cloudflare.
Last week, a woman asked for help on social media, as the GPS tracking app she uses to see where her father with dementia is, went offline during a match. It was getting late and he still wasn't back home, and she couldn't locate the tag he was wearing to find him: https://www.infobae.com/america/agencias/2026/04/05/laliga-d...
It's hard to say this, because no one should experience an event like this, but as stressful as these are, it's the only way to make the mainstream people care about this censorship. "I cannot pull a docker image" will never be on nightly news, but safety and personal security is a more powerful driver for discourses.
> Heh, lucky you, at least you get a message. My ISP just drops traffic to the affected IPs. No ping, no traceroute, just a spinner in the browser until it says "page not found".
This is generally how the GFW works in China. Instead of an overbearing nanny like a school or corporation's DNS blocker, you're left with a sense that you're on a version of the Internet that is just intermittently and somewhat mysteriously broken.
And indeed, in China, a lot of things that probably aren't fully intended to be blocked are not reliably accessible. Implementation varies, so you get strange routing and peering issues. It feels like an Internet that isn't fully formed, that hasn't finished coming together yet.
Nation states and corporations obviously gain some things sometimes by having Internet censorship/blocking frameworks in place. Maybe, sometimes, ordinary people even benefit, too, if it helps shut down illegal and genuinely harmful businesses.
But it feels like the whole world is gradually trending towards more and more Internet censorship without realizing that we are un-building a miraculous thing that took enormous effort and cleverness and expense to build. I wish we could think about this not only in terms of freedom (and we absolutely should think about it in terms of freedom), but how we are disintegrating the infrastructure of communication and computing.
> a version of the Internet that is just intermittently and somewhat mysteriously broken.
That's actually just how the Internet is. Nothing to do with the great firewall.
Your last paragraph: it is sad. But we had successful global networks before the Internet (the PSTN, telegraph) and we'll certainly have global networks after this at some point in human history. Perhaps in the the time between the Internet and what's next, the world will become a bit more mature about a few things.
this is teleological thinking. it's not necessarily the case that things get better over time.
> But we had successful global networks before the Internet (the PSTN, telegraph)
These were ripe with espionage, wiretapping and sabotage. Access to it used to be highly restricted as well, up until the 90s for example you were only allowed to connect government-licensed modems to the German PSTN directly.
> These were ripe with espionage, wiretapping and sabotage.
Just like today's Internet. BGP spoofing, CALEA, DDoS.
> Access to it used to be highly restricted as well ...
And this is where the regression or "downfall" is beginning. Access to the Internet (as in ability to send/receive arbitrary data to the wider Internet) is something I bet is going to be increasingly restricted, but most people won't notice because they don't understand the difference between apps and the Internet.
I'd be surprised if direct access to the Internet is possible for consumers in the next 10 years. Everything will have to be through approved apps (age assurance is going to be the catalyst) that work over registered tunnels contracted through ISPs, if there isn't an outright blurring or merger between the concepts of phone/CPE, ISP and CDN. Your non-tech layperson will not know any difference whatsoever if all they use are their phone plan, streaming/banking apps and Facebook.
There was also no way for a normal person to easily and cheaply communicate with 20 million people in realtime.
All people affected should file a complaint with your ISP and with Oficina de Atención al Usuario de Telecomunicaciones claiming financial loss for arbitrary service censorship.
I've been filing complaints since a year ago, told others to do the same too, nothing happens. There been moments I've meant to deploy fixes to issues but I cannot, because some tooling goes offline.
I've claimed financial loss, claimed sanity loss and everything in-between, but I'm afraid unless something reaches the European/EU courts, Spain will continue to be in the pocket of the La Liga owners.
Straight up fucking censorship with wide collateral being completely accepted in a Western country in 2026, beyond comprehension how this is allowed.
Whenever I get a little down over how much power unelected corporations have in my country, I can at least cheer myself up a little by being thankful that something as stupid as football doesn't have enough power here to control whether or not I have internet access.
Ignorance is a bliss, agree :) Sometimes we all need to force ourselves into that so we can get a bit more joy.
La Liga is basically operating like an "unelected corporation" as well.
It would if it were bigger business in your country. Try torrenting an MCU movie and see what happens to your ISP account.
Someone in Texas torrenting an MCU slop doesn’t disconnect me from half the Internet.
If anyone who’s capable in Spain set a petition or the relevant steps and put it on HN. I’m pretty sure any Spanish resident in HN would be more than happy to take part even if it means to send a Bizum for the cause.
(Sadly as living in Spain for about a year I’m still not in such place to raise this or understand the full steps needed)
Because the EU as a whole is quite happy to censor and generally wield the same tricks as "non-Western" countries in their desires to combat misinformation (however our EU bureaucrats define it), child abuse materials (see Chat Control that thing is not going to go away), and hatred (oh boy).
We've never guaranteed the right to free speech and because we haven't it's a slippery slope all the way back down to the furnaces of autocracy we sprang from.
The Spanish president has come out on record saying we don't deserve anonymity on the internet.
how do you make claims, here: https://usuariosteleco.digital.gob.es/? Can't find a way of doing it with Cl@ve
I've used this: https://usuariosteleco.digital.gob.es/reclamaciones/telefoni...
Used my digital certificate (which is installed in the browser), but AFAIK, you can use Cl@ve on that page above too.
In the past, I've cited BOE-A-2022-10757 (https://www.boe.es/buscar/act.php?id=BOE-A-2022-10757), done a reclamació for the repeated loss of lawful access on my connection, and a denúncia about a broader overblocking practice affecting access to lawful services.
Also, supposedly, we should be able to make claims to CNMC as well, but haven't figured out how. Also of course, been complaining to my ISP every time it happens too.
I think this is it: https://reg.redsara.es/#login
It would be great if there was a webpage with clear instructions on how to do this, maybe fill out a few questions and get a printable pdf you can mail, or at least telling you how to file an online complaint. Making complaints very low friction will lead to more of those and perhaps more attention to the issue.
Snail mail uses up physical space so it might get more attention, it would be hilarious to see news reports of truckloads of complaint mail being dumped in front of the whatever office.
> It would be great if there was a webpage with clear instructions on how to do this, maybe fill out a few questions and get a printable pdf you can mail, or at least telling you how to file an online complaint. Making complaints very low friction will lead to more of those and perhaps more attention to the issue.
This is a great idea, we definitively should make this happen! If people are curious on collaborating on something, reach out, email in profile (English or Spanish emails welcome!).
Sadly, it won't accomplish anything. La Liga seems to have enough political power in the country to bury all of that. Probably bribing everyone involved.
Corruption at that level could mean organized crime. Is there a culture of betting through illegal bookies, are they fixing matches, or ¿porque no los dos?
Well, I think when the organized crime is registered as proper businesses and they have the judges on their side even if the law isn't, I think we just call that "for-profit capitalism" nowadays.
penalti para el real madrid!
Yep, flood them with complaints.
At this point the protests should be against the matches themselves. But let's be honest: nobody cares anymore.
It's ridiculous and wrong what LaLiga does. But it's also a weakeup call to consider ditching cloudflare's centralization.
The companies relying on cloudflare won't be in Spain. If you buy a GPS tracker by a Canadian company, developed in India, manufactured in China, they are unlikely to know, even it they cared, that a single country that accounts for a tiny percentage of their sales breaks fundamental internet infrastructure on the regular "because fútbol y dinero".
And when purchasing a product, there's no "bill of materials" telling you about the services it relies on, beyond "internet connection" at best.
>fundamental internet infrastructure
I'm not saying this situation isn't bullshit, but the bigger problem is that CloudFlare is now "fundamental internet infrastructure". This is precisely the situation that the internet was designed to prevent.
Yesterday I got stuck in endless CloudFlare CAPTCHA's, trying to access theretroweb.com. I had to give up. Many such cases. I hate CloudFlare so much, it's unreal.
> This is precisely the situation that the internet was designed to prevent
Right, but on the other hand, our constitution and laws are supposed to give us the rights to access a internet where the government cannot block entire companies who host websites, because a few bad websites are hosted there.
Not to mention all us freelancers, contractors and just in general computing users, who sometimes want to continue working although 90% of the country is watching football, we should be able to do so even if pirates use Cloudflare for shitty stuff.
I agree that Cloudflare sucks, people should avoid defaulting to putting Cloudflare in front of absolutely everything they do and I too get stuck at the CAPTCHAs sometimes. But that doesn't remove the fact that Cloudflare, just like every other lawful company, should be allowed to be visited during La Liga matches.
I’d love for a way to put all my sites behind Cloudflare only during La Liga matches.
> there are testimonies of smart home devices like anti-theft alarms or automatic doors, that stop working whenever [...] because their backends rely on Cloudflare.
The fault here lies 100% with horribly designed IoT devices that turn into bricks when they lose internet connection.
Perhaps its time to put a VPN into all your CI jobs
You can't fight political issues with clever technical solutions
Yes you can. Fight with clever technical solutions and the politics will follow once the solution becomes common or displays its usefulness. It is in fact the most effective way to fight dumb political issues.
In my country (Russia) the politics followed, now the ISPs block the OpenVPN and wireguard packets. And sometimes the white list mode is enabled, so you cannot connect, with your clever custom VPN solution, to a host outside the country
You should be able to use things like sshuttle or even tunnel through HTTPS whatever you want, right? As you can control both sides of the tunnel with encryption (comes by default), no MITM-ing unless you are forced to use solutions that install and eavesdrop on your secure traffic too.
1) they do protocol sniffing, and any inconsistency (including statistical) gets you blocked 2) "white list mode" which engaged sometimes (poorly implemented atm), means nothing goes outside of country at all (means 99.9% of everything is broken). They really want to become North Korea soon
And eventually even a worm will turn.
It depends on what the political system is trying to do.
A VPN won't help against government blanket outages, where the target is complete control of communications, and attempts to circumvent may result in extreme penalty. In this case, where the government policy is to stop unauthorized streaming, and collatoral damage is acceptable, a VPN hosted in a more favorable location is likely to work enough. Afaik, I don't think Spain has the political appetite to block VPNs and such during football matches.
You can still fight the political issue with political means, but in the mean time, you can also get work done.
> Afaik, I don't think Spain has the political appetite to block VPNs and such during football matches
Unfortunately nobody is quite sure what appetite they have, because LaLiga is doing this all on the back of a relatively narrow judicial ruling that hasn't been reviewed in a long time
That became a popular refrain at some point but the truth of it varies. In fact many political issues are brought about by technical changes so obviously the reverse must be possible as well.
What technical solutions can't change is the underlying social dynamics.
Even that is IMO untrue: "technical solutions" have indeed changed society at large quite significantly; eg. "social media" is one very influential example, "smart phone" is another, "internet" itself, etc.
Aren't you agreeing with me? None of those things changed the underlying social dynamics that humans exhibit but they nonetheless affected widespread social and political change.
That's actually part of rebellion modus operandi, so totally something realistic. But not within the frame of law and not in the sweet position of someone away from the "I'll die for the just cause" mindset.
can you rephrase your idea please. What's realistic, fighting stupid laws or corporations with a VPN? Yes, but not for long. They are always stronger than you, they can switch from blacklisting to whitelisting and your VPN becomes useless.
What is this "sweet position" you talk about?
Sorry for being unclear.
I was trying to refer to an actual rebel position, which is actors which use illegal practices to achieve their goals agaisnt institutions in place. Which might have the cool attitude imagery attached to it, but which is certainly not an easy one in reality.
You totally can, that's why bittorrent still exists and works fine.
They block the whole of Cloudflare R2, I believe the Docker hub is just (heh) a collateral.
When the La Liga match starts, everything that's proxied via CF (including zero access reverse tunnels) stops working.
There's even a website made for checking if the match is on: https://hayahora.futbol/
You can check if your host is affected: https://hayahora.futbol/#comprobador&domain=docker-images-pr...
Ah man, that shader in the background is like a rite of passage for people including a shader on their website.
https://www.shadertoy.com/view/lscczl
Why do they do that? Sorry, I don't speak Spanish.
The football league would rather not have pirates livestream their ~90 minute games.
Pirates would rather not be blocked, so they create a new, disposable website for every game. Any blocking must happen fast.
Cloudflare would rather not block websites without a court order specifying the sites to be blocked.
The courts would rather not create a special fast lane through the courts, just to resolve a squabble between two huge corporations.
> The football league would rather not have pirates livestream their ~90 minute games.
Funny enough, I work in IT and I've had to use a VPN to be able to do my job when soccer is on, but my two non-tech-savy family members that do watch soccer using pirate livestreams say that they've never had any issues with blocked streams.
I work in IT and have found that the issue impacts my work but not my ability to stream sports from sites of questionable legality. Of course, I don't pirate La Liga matches but that's primarily because I don't give a shit about soccer.
But the point is that the measure does more to block legitimate use than illegitimate (in my experience). And next they want to go after VPNs. Wonderful.
But think of the children ... and futbol!
But you must realize, the alternative to this is that some very wealthy Spanish companies ... lose a small amount of money.
Surely you understand now. Go about your business, poor person.
They don't even "lose a small amount of money." They simply gain less money than usual for a short period of time. Think of how rough that is for them.
I think it's even that they "gain less money than they could if everyone watching illegally would pay for it when they could not watch illegally" (that's usually how companies crying "piracy" calculate "losses" — "let's assume everyone watching illegally would certainly still watch it and pay the full price").
I once remember reading an article about shareholders selling off a stock because the rate of increase in profit had slowed.
> Cloudflare would rather not block websites without a court order specifying the sites to be blocked.
why would they?
> squabble between two huge corporations
I think this is just LaLiga using it's cultural and economical power, don't think Cloudflare or the courts should be making exceptions just so they can control how people watch football
> why would they?
Well, in this case, the alternative is all of Spain intermittently blocking lots of Cloudflare.
But if Cloudflare bows to Spain in this case, every jurisdiction will want to pile up lots of special case rules for Cloudflare to try and implement.
>why would they?
Plenty of companies proactively take action against shady users, even if not 100% required under law. Youtube has content id, social media companies have "community guidelines", and ISPs have AUPs.
So what, do they just block a range of IP addresses and are then done with it?
technically, LaLiga themselves doesn't even do the blocking. They have a court order from some years ago that allows them to compel all the individual ISPs to block any IP addresses they specify, with no oversight or review
This must negatively impact a huge number of businesses. Is there no move for them to all get together to take legal action against LaLiga to stop them doing this?
The US is captured by the Israeli lobby. Spain is captured by the football lobby.
Here's a good English-language article about it, with a timeline: https://daniel.es/blog/cloudflare-vs-la-liga/
Looks like same old regulatory capture.
Also, a classic tweet from the Cloudflare CEO re their fight with Italians authorities re censorship:
https://xcancel.com/eastdakota/status/2009654937303896492
Everyone looks bad in this conflict.
How does this make Matthew look bad?
Matt acting like he's a free speech absolutist. Hilarious.
Italy and Spain are the bad actors here. Not cloudflare.
On a scale of oppression he certainly leans towards free.
HN in 2026: free speech is hilarious.
You have it backwards. I'm the free speech absolutist. Cloudflare is not.
Because LaLiga and football in general is what is governing Spain really.
to stop people pirating football streams while matches are on. Insanity
The website has a language selector on the right just below the initial screen, just FYI.
to """"""""""prevent piracy""""""""""
This is a great example of why blanket IP blocking is such a terrible enforcement mechanism. Cloudflare hosts hundreds of thousands of services behind shared IP ranges — blocking one IP to stop a piracy stream takes out everything else on that IP, including Docker registries, API endpoints, and CDNs that have nothing to do with football.
> This is a great example of why blanket IP blocking is such a terrible enforcement mechanism
AFAIK, they're not doing "blanket IP blocking", they're intercepting requests based on DNS and IP, and try to serve their own certificates and their own content. Obviously, in most cases it fails, as the certificate doesn't match the site, so the browser rejects it, but as far as I can see and tell, there is no "blanket IP blocks", more like "DNS and IP interception".
The difference doesn't really matter in practice, sucks regardless, but I thought I'd clarify for the ones who are not experiencing these blocks themselves at least.
just wait until they block Azure as well so the official La Liga site also stops working
I wondered how they actually managed to have their own business to be unencumbered by that. At a certain corporate level, you have to have some piece of tech in your portfolio that relies on cloudflare. I hope one day there companion or "2nd screen" apps stops working during a game, because using cloudflare.
Dumb question but why don’t the pirate sites all host on Azure if Cloudflare is blocked and Azure isn’t?
I would imagine they do. The people running the pirate sites know what they are doing. Noone who really wants to stream pirated games is stopped. Blocking CF is performative, not effective.
i have no data to back this up but in the past cloudflare was much more lax with piracy sites and I can imagine that Azure is stricter with blocking them
Hmmm. Don't they have a reporting form or something like that? Down with those filthy Azure pirates on IP 52.166.113.188.
Sounds like the answer here is to host alt streams on Azure.
Barring an Internet giant suing them in court, it really feels like this is unlikely to change as most just don’t understand the why or the effect.
Someone needs to write a heist movie set in Spain where a key part of the plan is they steal something while La Liga is blocking some key security route.
This is the moral equivalent of shutting the water off for a whole city because one dude's house has a leak. The harms to society clearly and obviously outweigh any possible benefits to society. But if that one dude has the power to shut it all off, and doesn't care...
If you think that's even remotely close to the worst the Spanish government has done, don't look up "Catalunya".
https://int.assemblea.cat/civil-and-human-rights-abuses/tool...
As a Spaniard, I would be very happy it cloudflare stops serving Spain. The situation is beyond stupid and I know without international pressure and shaming we're not getting rid of this abuse.
They should at least do a single "awareness day" during which they block the same IPs and sites they are ordered by court, as if there was a football match on. Ideally with a 7 days public notice announcement. Probably won't happen though, as their contractual obligation won't allow for voluntary suspension of services.
As a Spaniard I couldn't agree more. This situation is just absolutely ridiculous.
Hah. I have had to use a US-based VPN to access GitHub pretty much every weekend lately. La Liga's efforts to curb pirate TV streams are basically undermining the internet itself at this point.
This is also not new behaviour - Theo posted a YouTube about it nearly a year ago[1].
[1]: https://www.youtube.com/watch?v=1-geGEYEw7g
Ah, so that's why my site is "down" there:
https://hayahora.futbol/#sobre-los-bloqueos&domain=taoofmac....
They're blocking the CDN too, not just R2.
LOL this is so hilarious, blocking a portion of a web infra for a football match
It is somewhat funny until you realize the amount of power some copyright mafia knuckleheads have over the (local) internet.
It isn't even an authoritative regime censoring something, but much more silly.
This is why technology businesses and professionals need to take a little bit of an active role in local politics. Otherwise you get nonsense.
That's an interesting euphenism for 'spend a massive amount of money on ~~corruption~~ lobbying',
not necesarilly, any government will make decisions, if there's no one to speak up and inform them why the decision is stupid, like the one from LaLiga, then we end up in this situation
This is incredibly naive.
ok, then what do you suggest? we don't get involved and decisions at the government level are made for us? I might be naive, but let's not be restrained by the cynicism of any involment in politics and governance is corruption
What? This is how governance and public opinion happen, at least in Spain. Government does something bad? Everyone out on the streets to complain, and calling politicians to change their mind.
Sometimes it works, sometimes it does not, but doing nothing is never an option if you disagree with what they're doing. To think that doing nothing is better than something, that's incredibly naive.
Doing nothing can't be better, but it's entirely possible that doing nothing has exactly the equal effect as doing something.
> but it's entirely possible
You're right, it possibly has the same effect. How could we figure out what's the actual answer in practice?
Maybe it’s time to reflect upon the reliance on centralized services? Not long ago docker hub started rate limiting access and we all turned to blanket solutions like the GitLab registry cache. I wonder if the IPFS distributed docker registry thing still exists/works.
Here in Brazil sometimes my ISP goes into a weird state where I can't SSH into a remote machune. Got two ISP links here and still sometimes I need to resort to Mullvad to get stable internet
> instado por la Liga Nacional de Fútbol Profesional y por Telefónica Audiovisual Digital,
(The trial was initiated by LaLiga and Telefonica...).
"Telefonica" is the (exclusive) distributor for the rights of streaming the matches, and is only (of course?) the main consumer (and business) Telco in Spain: they are in a game they cannot lose. This is such an abuse and no government (this, past, whichever) has done anything about it.
It is also educational to look up the overlap between Telefonica directors, LaLiga directors, and the government officials who granted the defacto monopoly
Interesting alternative. Cloudflare (market cap $58B) buys La liga (market value $5 billion), drops suit.
Set an example. Buy them, fire everyone, shut it down and liquidate the property.
Less headaches, free futbol matches!
I had to Google why this happens, blocking cloudflare during football games seems.. Arbitrary, to say the least. Maybe something to do with hooligans trashing entire cities when their team loses? I could almost get behind that, if I thought it would work..
But no, it's apparently to stop piracy!? Turning off half the internet, and mostly the legitimate parts at that (since when do pirates use cloudflare?) seems like probably the worst method to go about it.
Someone ought to start streaming those games illegally without using cloudflare just to demonstrate how stupid this policy is
> Someone ought to start streaming those games illegally without using cloudflare just to demonstrate how stupid this policy is
Oh, the icing on the cake is that they already do. While my whole dev stack gets shut off every weekend, my neighbour watches pirate futbol streams just fine - not only is it a stupid policy, it's an ineffective one, and the pirates bypassed the bans ages ago
Makes you wonder why they keep the ban up? Are more people watching more football now that everything else stops working during matches?
Talk about unfair business practices!
Pirates use cloudflare because it solves their biggest problem, DOS attacks. Rights owners figured out that they can shut down these sites by DDOSing them which bypasses the courts and can be done instantly, so the pirates put their sites behind cloudflare ddos protection.
Just to confirm it is true. This is LaLiga bringing down essential country-wide infrastructure on soccer hours if your internet access is through main ISPs.
I'm in Spain as well and it sucks a lot. What I do now is I go thorough Cloudflare 1.1.1.1 VPN (set up on my router). Fixes the issue and there is practically no latency or bandwidth impact.
POSSIBLE FIX:
I think changing your default DNS servers to Google 8.8.8.8 or Cloudflare 1.1.1.1 might bypass the spanish sunday ban on Cloudlflare.
macOS + Cloudlfare 1.1.1.1 https://developers.cloudflare.com/1.1.1.1/setup/macos/
Google 8.8.8.8 https://developers.google.com/speed/public-dns/docs/using
I don’t think it’s a DNS ban, it looks like they actually ban connections to the IP range.
But you can just use a VPN.
Nope, it’s IP ban. At least for Vodafone and Telefónica.
This is a know issue and it is completely fucked up: https://www.techradar.com/vpn/vpn-privacy-security/cloudflar...
What Spain does is basically censorship and it's very poorly executed. The docker image registry is only one out of the many collateral victims of this stupid law.
> What Spain does is basically censorship and it's very poorly executed
Basically? It is censorship, with huge collateral damage and regardless of how much we complain or share evidence that the blocks are actually financially harming us, no one seems to care as long as La Liga gets to freely block whatever hoster of websites as they wish.
It's just like the Great Firewall of China, except in service of football profits instead of political ideology. I don't know which one is dumber and more disgraceful.
I wouldn't say "instead of", just "also", these "football blocks" are not the first cases of censorship of the internet in Spain.
womenonweb.org for example was inaccessible for years, just unblocked some years ago. During the latest Catalan independence referendum, the Spanish government blocked a bunch of websites, not the very least the official website of the referendum itself.
This is just one of the most recent cases, and so far the one with widest regular impact.
It's a disgrace, but apparently all relevant forces still consider soccer the most important thing in the country.
Time to use a VPN in your docker pipelines ;) Or run your systems outside of Spain.
Or can this be avoided by using an alternate DNS?
They are planning to also block VPN providers during football matches, see https://www.techradar.com/vpn/vpn-privacy-security/la-liga-w...
They are not "planning" to block VPNs. A technologically illiterate judge has ordered it, but there are no plans nor mechanisms to enforce it.
The exact same stupid mechanism they are already using. Forcing ISPs to blackhole whole subnets if they belong to the VPN provider ASN(s).
If they can block IPs of cloudflare what extra mechanisms would be needed to block VPN IPs?
The only viable way to even get most of them is to shut down internet access entirely. It's not a realistic solution, unlike blocking a few well known IP ranges belonging to a large corp like Cloudflare.
And even if you managed to get them all beforehand, some VPN providers will adapt and keep some servers in reserve, putting them online just as you managed to block the previous ones. Getting around internet censorship is a large chunk of their business, and some are really good at it.
You don’t really need to block all, you just need to annoy the users enough that paying is easier. And I think there are enough games to use up the IP reserve pretty quickly and getting new ones every time is pretty annoying.
I can provision a new VPS in about 5s of active work. I'd probably fully automate spinning up new servers and failing over because automatically detecting which got blocked is trivial. Bonus points if you use providers that let you attach multiple IPs to each VPS for cheap. Use some censorship resistant decentralized protocols to provide the next couple IPs to your client software and you're good.
And then they still need to monitor hundreds of VPN providers for whether they have new IPs, which is not neccssarily as easy as just grabbing a list of them. Once they have some, they then need to forward them to the ISPs and ask for them to be blocked. Their process is significantly less friendly to automation.
No country ever won this fight short of total shutdown/disconnects.
It's a game. The VPN marketplace is huge so it's wack-a-mole.
Big companies don't hide their VPN ASNs. Obscure, for sure, but getting a good list isn't hard. Usually they get blocked.
Smaller companies may pass under the radar, and have higher tolerance for risky strategies.
The fringe providers are the problem. They aggressively change IP ranges, front-vs-obscure ownership, and play dirty. Shady folks will resell residential ranges. End-users often get tainted goods.
... and you still have the collateral damage game when VPNs host infra with big cloud providers vs colofarms vs self-host, etc.
When talking about VPNs, it doesn't have to mean "third party VPN". You can host your own on any VPN service outside of Spain.
Yes, but that's not something many can do easily. Also already having to use a VPN is not the "right" solution. The right so solution is to beat some sense inside some politician's head, and force them to write and approve laws that don't let stupid (or conniving) judges pass orders like this one we are talking about.
I agree it is not the right solution.
But anyone who is pulling docker images in a sunday afternoon while the rest of the country is glued to their screen to watch a football game or enjoying a sunny sunday outside having beers and tapas and what not should be capable of setting up wireguard.
It takes very light technical skills to deploy algo
Given the context of the HN audience, it's probably something you can do.
"A _Sanish_ Court has ordered NordVPN and Proton VPN to block IPs transmitting illegal football streams" [emphasis added], that is inspain.
Alternate DNS doesn't help, they block at IP level.
Yes, they block IPs belonging to CDNs (CF including R2, BunnyCDN, CDN77, Fastly, Alibaba, Akamai even)...
> run your systems outside of Spain
So much for digital sovereignty :-)
It is not a DNS based block, but on the IP level. Once I knew what caused the issue, I figured I use one of my Hetzner vServers as an exit node in tailscale.
But come on, this can't be true. I wonder how many other people in IT wasted hours on issues and tickets to find out it is due to a football match taking place. Admittedly, chances are low, as football matches are usually outside of office hours.
Going to play devil's advocate here but I suspect if Cloudflare had been more cooperative about taking down illegal content, LaLiga would not have resorted to blanket blocking individual IPs.
I would really like to understand more about the process that they should follow but didn't / followed but didn't satisfy them / doesn't exist, in order to remove infringing websites quickly from CloudFlare.
I work with actually malicious content (things that make people lose their life savings) and Cloudflare abuse is relatively helpful (compared to most ISPs who just don't care).
They just refuse to take down random things that some media company representatives send their way, without a court order or any oversight. And this is a good thing.
LaLiga wanted the right to tell Cloudflare to block specific sites without going through a court.
Cloudflare, rightfully, said that was ridiculous and unreasonable.
A Spanish court, wrongfully, decided to let LaLiga block all of Cloudflare.
They will take down anything you get a judge to agree with.
Why are you working instead of watching the match?
Could you bypass this with a VPN?
Yes, and all of Spain is learning how to use VPNs
Thankfully, Adamo hasn’t implemented the blockade yet (if ever).
Welcome to the club, buddies! Here, in Russia, the government doesn't care about collateral damage at all when shutting down whole Internet in cities. They turn on white list mode, when only approved sites and IPs work. Businesses stop working and start losing money? They don't care. Important IT systems stop working? They don't care. People can't communicate with each other? Don't care. And seems like it will happen everywhere else. Sad to see the whole world goes down apart.
I think perhaps there's a difference in expectations between wartime versus a country at peace going after pirates.
I wanted to say that Internet freedom dismantlement is a global trend.
Fair enough, I completely agree. However in the case of Russia specifically, I understand that at one point Ukrainian drones were making routine use of mobile internet within the county. Temporary internet whitelists seem like a reasonable alternative to complete blackouts in that scenario. There are plenty of historic examples of malware using just about any communication platform for the C&C transport.
BT used to block the entire streamable.com site during football matches
Off topic but I wonder when Cloudflare is going to launch their own Docker registry as a product.
It's pretty easy to write your own. I made this one a while ago: https://github.com/chainguard-dev/crow-registry
https://github.com/cloudflare/serverless-registry
I've seen it but it's buggy and lacking in features. Feels like an afterthought instead of a real product
Well, Cloudflare does not launch anything. They acquire to build products. Look into all their recent product launches. They acquired a relatively small company and converted the founding team to a product team.
So, if you want them to build stuff, ask yourself, are there any "Docker Registry" startups out there. If jsdelivr/globalping is not keeping you busy enough... there is an idea
Honestly I would build it if I knew how to properly market it to quickly get users.
Globalping and jsDelivr took years to gain a meaningful user base
I do not think that is the issue. The recent acquisitions from all these big tech companies did not have any "meaningful" user base to begin with.
I think your name alone carries significant weight in the industry and you have built a very large community.
If you even vibe code something with, you will get a stupid amount of money thrown at you and a contract that bounds your existing projects and the next 3-5 years to a particular company as project lead.
Here is a list of acquisitions Cloudflare made recently: https://blog.cloudflare.com/tag/acquisitions/
Most of these companies did not have a half dozen paying customer or even a fully fleshed-out product before they were acquired.
I wish I had as much faith in myself as you have in me :)
What would the business case be?
Capture developers and funnel them to the Workers platform
Just use a VPN
Vote early, vote often
Cloudflare could resolve this without negatively impacting fundamental services... just place all newly registered sites (e.g. <30 days) on a dedicated block of IP addresses. That way, Spain's government-ordered censorship could be limited to (mostly) pirate sites. Or they could invest money in vetting customers properly.
But of course, Cloudflare rather prefers to hold their actual large customers (who don't have much of an alternative to CF) and everyday Spaniard users hostage.
What would prevent a pirate site operator from registering a domain a few months in advance and sitting on it in the meantime?
How do you propose customers ought to be vetted? Why should a host be expected to take on the duties of a hall monitor? Isn't that the judiciary's job?
I think it is actually Spain using their residents as hostages in an attempt to extort Cloudflare and other large providers. The current situation is best described as blatantly corrupt regulatory capture.
Yeah, I know. Welcome to the club :(
https://x.com/ahachete/status/2035783292549755228
CF could just sue LaLiga and the judge as interrupting and intercepting telecomms it's a really serious crime in Spain. Call the AEPD too because of consumers' right against both ISP and LaLiga's snooping. Another huge fine.
This is not an issue under the civil code (civilian issues), but something to be dealt under penal (criminal) code.
In Spanish
https://www.fiscal.es/memorias/memoria2020/FISCALIA_SITE/rec...
Oh, and BTW, LaLiga has just partnered with a CF rival.
Now CF can just sue both like hell because of unfair competition:
https://nitter.tiekoetter.com/xataka/status/2042658662850724...
Looks like they already tried to appeal the block, and lost:
https://x.com/jaumepons/status/1904906677335245294
They could potentially file the suit against Spain in European Court of Human Rights if they have exhausted national remedies. ECtHR has previously ruled some blocks to be illegal, but generally in the context where country sought the ban. Of course in both cases Court is the one that actually orders the ban.
One relevant would be Yildirim v. Turkey where court ordered blocking access to all Google sites because there was one that where someone insulted the memory of Atatürk. This was due to request from Telecommunications Directorate. This then caused the appellant's website to get blocked as well.
Another one would be Vladimir Kharitonov v. Russia.
I think they are doing it already.
Yea, La Liga it's crapping out as always. Docker needs either some I2P gateway, or a Tor service.
The pirate streams need an I2P service that way LaLiga might give up.
The last sentence of this submission makes no sense. You are in Spain. Allegedly, the country has a representative government. That means that you should have a way to influence the government to fix this idiocy. If, in fact, you don’t, then it is not a representative government and …ahem… further steps may be warranted to remind the government whom they work for.
Good. Cloudflare is the next evil entity on the internet.
Spain is a failing country. Their economy is in shambles and the government has ceded internet control to a private corporation who runs football games.
>Their economy is in shambles
But it's among the fastest growing in the EU? Granted, part of this is starting from a low base, but it's hardly "in shambles"
https://data.worldbank.org/indicator/NY.GDP.PCAP.KD.ZG?locat...
They are doing this by artificially inflating the numbers, destroying the country forever: https://i.imgur.com/0MAeFaF.jpg
>total population change in EU countries
The figures I cited are for GDP per capita, which accounts for population growth. Moreover immigration should have the opposite effect of depressing per-capita GDP, because immigrants typically take lower skilled jobs, dragging overall productivity down. So if anything, the figures are artificially depressed, not inflated.
Spain isn't a perfect country, I don't think any is. But the economy isn't in shambles, only someone who doesn't know what they're talking about would say anything like that. It does suck that La Liga can wield so much power, agree, but this is not related to the economy at all...
To note that this isn't the executive or legislative but the judiciary doing the bidding.
Cloudflare is cancer. And the tumor is now too big.
You've got it backwards. Spain's ISPs are blocking Cloudflare and other CDNs because of LaLiga/football piracy. CloudFlare isn't doing anything here.
You are correct, but Cloudflare is still a cancer on the Internet.
Rampant bot traffic and scrapers are the real cancer. Until that goes away everyone is going to need cloudflare or some other bot firewall service.
Those are easy enough to dissuade with readily available PoW solutions. People use CF & co. out of convenience, the exact same reason that most websites load resources from at least half a dozen third parties instead of self hosting.
Perhaps that is true, but the Cloudflare anti-bot protection is too stupid and annoying.
They should have used a cookie or something else that does not require asking me every few minutes to prove once more that I am not a bot.
There was a time when Cloudflare had become less intrusive, but for the last months it has begun again to intervene almost each time when opening some pages.
There is no doubt that anti-bot protection can be implemented in a better way than Cloudflare does, but presumably the alternatives would consume more resources on their servers, so probably they choose whatever minimizes their costs, regardless if that ensures maximum discomfort for Internet users.
You're getting frequent verification requests because you're behaving like a bot. Are you modifying your user agent string or using a VPN?
Who knows what upsets ClownFlare? I'm using Vivaldi on Linux on IPv6 in Denmark with every uBlock filter enabled and Cookie Auto-delete. That seems to confuse and anger CloudFlare and I get CAPTCHA tarpitted constantly.
> They should have used a cookie or something else that does not require asking me every few minutes to prove once more that I am not a bot.
> every uBlock filter enabled and Cookie Auto-delete
Hmm
So you know why.
No, it could be any, or other, totally normal and reasonable factors. Or maybe I posted too much Cloudflare hate on HN and they singled me out.
They're in the walls!
It won’t. Some people are perfectly happy to destroy and destroy as long as they get some small portion as profit for themselves.
That, ironically, includes Cloudflare. Without rampant bots making the internet worse for everybody, they wouldn't have as much work. And their portion of profit is anything but small.
I know this is an unpopular opinion among freedom maximalists, but:
It’s precisely because CloudFlare isn’t responding like other CDNs to reasonable demands to cut off pirate origin sites that this mess exists. If they reacted quickly to remove configurations that are obviously facilitating copyright infringement, Spain wouldn’t resort to full scale ASN blocking.
How do we know it’s CloudFlare? Because other CDNs like CloudFront, Akamai, Fastly, etc. respond to takedown demands and aren’t being blocked. (Those also cost money and require customer identification.)
In an escalating war between the state and a corporation, the state will always prevail if they have the public’s backing. In Spain it’s clear that most people are happy to watch the match through legitimate channels even at the cost of blocking CloudFlare.
> It’s precisely because CloudFlare isn’t responding like other CDNs to reasonable demands to cut off pirate origin sites that this mess exists. If they reacted quickly to remove configurations that are obviously facilitating copyright infringement, Spain wouldn’t resort to full scale ASN blocking.
Apropos of anything else, CF is (reasonably) requiring a court order to remove offending material rather than just "well, company said so, so eh, just do as they say". La Liga complains that "oh, that's too slow for what we want" and just got a blanket ruling.
I am not a fan of CF but your argument seems to be "CF should just roll over any time someone says "hey, delete this", because, obviously, everyone knows it's problematic, right? Right?".
At least the DMCA in the U.S. has guardrails: not just anyone can send a takedown demand for everything. The requester has identify the works and declare under penalty of perjury that they are operating on the behalf of the owner. I imagine the equivalent EU law has similar requirements.
CloudFlare uses legal chicanery to try to subvert the DMCA by claiming that because they’re not the origin server, they’re not subject to takedown demands. So far no court has told them to knock it off. I expect that day will eventually come. Every lawsuit against them to date has ended in a settlement because CloudFlare would rather pay up than get an unfavorable ruling on the books.
CloudFlare has consistently treated loss of DMCA safe harbor protection as a material business risk; it’s been cited in every SEC filing from the 2019 IPO S-1 through the FY2025 10-K.
cf is failing to comply with Spanish law and as a result is being blocked in Spain
I can agree on how much power on the global traffic they have, but this blocks affect many other CDNs like Fastly, Akamai, CDN77, BunnyCDN, Alibaba...
Spain is mandating their ISPs block cloudflare to stop people from illegally streaming soccer games. Cloudflare isn't the one doing the blocking.
You made a few typos in "LaLiga"
How so?