BLOG

28th June 2025

The “16 KB Wall”: Russian Digital Censorship Through Systematic Throttling on Cloudflare (and More)

Since June 2025, the Russian Federation has been deliberately throttling Cloudflare and other widely used Western providers such as Hetzner, OVH and DigitalOcean.

Russia block CloudFlare Hetzner OVH DigitalOcean

As vendor-independent consultants, we feel it is our duty to bring to the attention of the technical community and IT professionals a new case of structured and systematic censorship against free access to the Internet.

Introduction

From June 9, 2025, Internet users in Russia who attempt to access sites and services protected by Cloudflare I am the victim of a systematic action of Selective Throttling implemented by local Internet Service Providers. The technique – sophisticated and targeted – involves the forced closure of connections after the transmission of only 16 kilobyte of data, making it in fact the vast majority of modern websites are unusable.

However, the scope of the block goes far beyond Cloudflare services. Even cloud providers European and global in widespread use - including hetzner, OVH, Digital ocean – are affected by this form of interference, with visible impacts not only on the user experience but also on application delivery, content loading and communication with third-party APIs. The targeted targeting of these providers is not accidental, but rather consistent with a broader political strategy aimed atRussia's digital isolation.

What is the “16 KB Wall” and How Does It Work?

As reported by Cloudflare In a technical analysis published on June 27, 2025, throttling manifests itself in the form of Silent connection reset immediately after the first 10–14 TCP packets, corresponding to approximately 16 KB of data, have been transmitted. From that point on, the connection is deliberately interrupted, without any obvious errors for the user, but effectively preventing the loading of the main resources.

The tactic is applied regardless of the main protocols and transmission methods, Including:

  • HTTP/1.1 over TCP
  • HTTP/2 over TLS
  • HTTP/3 on QUIC
  • Traditional and encrypted connections (TLS 1.3 included)

The result is that, despite a connection that “apparently” works, the browser is unable to load content beyond the first portions of the document. Images, scripts, videos and interactive forms are unreachable. The observed behavior is similar to a “broken” or “timed out” site, but the problem is artificial and deliberate.

Documented interference on Hetzner, OVH and DigitalOcean

Although media attention initially focused on Cloudflare – as one of the most popular security platforms for institutional sites, CDNs, editorial portals and independent blogs – the same interference patterns were also detected towards services hosted on Top European Cloud Providers, particularly strategic for the modern international IT infrastructure. Among these:

  • Hetzner Online GmbH (Germany)
    Used extensively by European developers, startups and companies for its highly competitive VPS offer, Hetzner is one of the leading IaaS providers in the DACH region. It is often used for self-managed hosting, staging environments, decentralized nodes, REST APIs and open source projects. Russian throttling measures have compromised the reliability of connections to Hetzner instances, with sudden session resets e abnormal latencies, making even simple control panels and backend interfaces inaccessible.
  • OVHcloud (France)
    Historically one of the largest European cloud providers in terms of volume and capillarity of presence, OVH hosts a significant part of European Enterprise Infrastructure: virtual servers, Docker containers in production, Kubernetes cluster and SaaS solutions. Throttling towards OVH has had repercussions on a very wide range of applications, including e-commerce platforms and management software. The reports indicate selective degradation even on non-standard doors, which confirms the presence of deep traffic inspection (DPI) from Russian ISPs.
  • DigitalOcean (USA/Europe)
    Widely adopted by independent developers, small businesses and DevOps practitioners for cloud projects, DigitalOcean is known for its ease of use, direct APIs and scalable services. In Russia, many PaaS applications based on DigitalOcean droplets are either broken or only partially accessible. Again, the 16 KB threshold prevents administrative portals, graphical dashboards, and dynamic scripts from fully loading, causing a “page breakage” effect.

These providers are a fundamental part of the European and international infrastructure fabric. The fact that they are targeted confirms that the goal is not simply to censor specific content (like dissident blogs or Western media), but rather:

  • Hindering the very infrastructure of the modern web, hitting the key points on which digital delivery is based;
  • Compromising communication with backend and frontend services hosted in Western clouds, often used by Russian companies or private users for technical and professional purposes;
  • Limit technological dependence on non-governable platforms at the national level, implicitly pushing towards the adoption of local alternatives (and therefore more easily controlled by the State).

In short, it is one Infrastructure censorship, not content-based. A technically sophisticated and silent strategy, but with systemic consequences, which affects accessibility, interoperability and net neutrality.

Technical confirmations from Cloudflare Radar and NEL

According to data collected by Cloudflare Radar and from the reports NEL (Network Error Logging), connections from Russian ISPs show:

  • Session breakup immediately after TCP handshake phase + first packets
  • Sudden TCP Resets
  • Timeout on modern protocols even encrypted ones
  • Inbound traffic reduced by more than 30% from Russian territory
Internet Block Russia Throttling
Internet Blocking in Russia: Systematic Throttling of ISPs on Cloudflare Services

These indicators cannot be explained by routing or congestion problems: on the contrary, they are compatible only with an active interference strategy operated by the access providers. Cloudflare named some of the major Russian ISPs involved, including:

  • Rostelecom
  • Megafon
  • Vimpelcom
  • MTS
  • MGTS

Reason: Censorship and digital isolation

Despite the absence of official statements from the Kremlin, technical evidence and historical precedents clearly indicate that this is a measure deliberate censorship, an integral part of the strategy of “sovereign internet” prosecuted by the Russian Federation.

The goal is twofold:

  1. Reduce technological dependence on Western suppliers, forcing citizens and businesses to use local alternatives (Yandex Cloud, VK Tech, etc.)
  2. Gradually isolate the population from access to foreign content and news, preventing the circulation of free information, criticism of the regime or protest initiatives.

This direction is consistent with laws already in force such as the Sovereign Internet Law (2019) and continued investments in the construction of a parallel, monitored and controlled national infrastructure (RuNet project).

Real impact on users and businesses

The consequences of throttling are tangible and serious:

  • Inaccessible sites: even trivial portals do not load, due to the 16 KB threshold
  • Interruption of essential services: online payments, OAuth authentications, support portals
  • Unusability of external APIs: From maps to expeditions, every interaction fails
  • Loss of productivity and information isolation

Companies with offices or customers in Russia can no longer guarantee stable access to their services, and the situation is getting worse for open source projects, international media, technical support services and SaaS tools used in the developer environment.

 

No Solution (For Now): Cloudflare Confirms Technical Impotence

In its official report, Cloudflare stated:

“Since the throttling is applied at the local ISP level, the action is beyond our control. At this time, we are unable to lawfully restore reliable and high-performance access to our products and protected sites for Russian users.”

And yet:

“Access to a free and open Internet is fundamental to individual rights and economic development. We condemn any attempt to deny access to Russian citizens.”

 

The Reverse Proxy and Port Forwarding Workaround

While waiting for structural and coordinated solutions at an international level, we at Managed server we have already helped successfully two customers to restore the visibility of their websites in Russia, without having to migrate or disrupt their existing infrastructureThe solution was based on the implementation of a reverse proxy with port forwarding targeted on ports 80 (HTTP) and 443 (HTTPS), hosted on an Italian network not subject to throttling, like that of Aruba Cloud.

In concrete terms, it was sufficient to purchase a Basic VPS Cloud OpenStack instance da 2,50 per month through the portal Cloud.it by Aruba and configure the rules appropriately iptables for port forwarding of traffic to origin servers located in datacenters OVH e hetzner, both among the providers currently affected by the restrictive measures of Russian ISPs.

Reverse Proxy Aruba Cloud

This configuration acts as intermediate entry point, invisible to selective censorship, allowing Russian users to correctly access content through an Italian transit node. The reverse proxy does not alter the content or logic of the application, and allows for effective mitigation to minimum cost, without modifying global DNS or compromising TLS security.

In specific cases, we have also combined port forwarding with DNAT and SNAT rules to maintain full compatibility with access logs and ensure persistent sessions even in eCommerce and WordPress environments.

Final considerations: a dangerous precedent

As vendor-independent consultants operating in the web infrastructure and systems sector, we cannot avoid publicly reporting this technical and geopolitical drift. This is not simply a technical problem or a routing unknown: we are faced with a real architecture of censorship, planned and replicable.

European companies must be ready to face:

  • Sudden blocks of services to geopolitically unstable areas
  • International redundancies to mitigate state attacks or interference
  • Active traffic and metadata analysis to detect throttling signals
  • Legal and diplomatic strategies, especially in the B2B or IT export sector

Conclusion

The systematic throttling underway in Russia represents a critical case study for global internet security. The fact that it can be selectively applied to individual providers – Cloudflare, Hetzner, OVH – demonstrates how fragile the balance between connectivity and freedom is.

We are facing a new generation of censorship: silent, technical, distributed. As a technical community, we must analyze it, document it, and denounce it, to prevent it from becoming the norm in other regimes or contexts.

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.

0256569681

Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.

INFORMATION

Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds holds the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV Hetzner Online GmbH owns the rights to Hetzner®; OVHcloud is a registered trademark of OVH Groupe SAS; cPanel®, LLC owns the rights to cPanel®; Plesk® is a registered trademark of Plesk International GmbH; Facebook, Inc. owns the rights to Facebook®. This site is not affiliated, sponsored or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a trademark registered at European level by MANAGED SERVER SRL, Via Enzo Ferrari, 9, 62012 Civitanova Marche (MC), Italy.

Back to top