Break-glass guidance for incident teams

Start with the safest path. Escalate only when the business impact justifies the risk.

Use this matrix to separate control-plane issues from traffic-impacting failures, confirm prerequisites, and pick a response that preserves security wherever possible.

1Confirm scopeStatus, origin, device, or local network?
2Prefer safe modeWait or tune if protections still work.
3Break glassBypass or fail over only with approval.

First, identify what failed

Learn More (Whitepaper)

Control Plane

The "Brain"

Dashboard, API, and configuration management. If the control plane fails, traffic usually continues on the last-known configuration. Wait unless you must make an urgent change. Learn more →

No bypass needed during Control Plane outages

Data Plane

The "Workhorse"

The anycast edge handles live traffic. Data-plane issues can affect users directly, but the network is designed for localized, independent failure rather than global cascade.

Data Plane issues may require failover actions

Fail Small

Code Orange — Complete

Cloudflare's resilience model now emphasizes smaller blast radius: health-mediated config deployments, fail-stale/open/closed patterns, segmentation, and defined break-glass procedures.

Initiative complete — stronger network, new engineering Codex enforced via AI review
Read the completion post →
Original initiative overview →

Before You Bypass: The Security Trade-off

The critical question: Is downtime now more dangerous than temporarily reducing Cloudflare protections?

Risks of Bypassing Cloudflare:

  • Protection drops - WAF, bot controls, DDoS mitigation, filtering, or logging may stop applying.
  • Origins can be exposed - direct IPs discovered during bypass may remain targetable later.
  • Edge behavior changes - Workers, Rules, Snippets, cache, and Access/Gateway flows may be unavailable.

For most scenarios, maximizing native Cloudflare resilience is safer than a manual bypass. Evaluate your specific operational constraints, regulatory requirements, and risk tolerance before proceeding.