Heh, lucky you, at least you get a message. My ISP just drops traffic to the affected IPs. No ping, no traceroute, just a spinner in the browser until it says "page not found".
Every response and comment from LaLiga, the football organization responsible for this, has been so far that this is a minor issue that only affects a few bunch of nerds who talk about "docker images" or "github repositories" or "whatever that means".
Meanwhile, there are testimonies of smart home devices like anti-theft alarms or automatic doors, that stop working whenever there is a football match, because their backends rely on Cloudflare.
Last week, a woman asked for help on social media, as the GPS tracking app she uses to see where her father with dementia is, went offline during a match. It was getting late and he still wasn't back home, and she couldn't locate the tag he was wearing to find him: https://www.infobae.com/america/agencias/2026/04/05/laliga-d...
It's hard to say this, because no one should experience an event like this, but as stressful as these are, it's the only way to make the mainstream people care about this censorship. "I cannot pull a docker image" will never be on nightly news, but safety and personal security is a more powerful driver for discourses.
All people affected should file a complaint with your ISP and with Oficina de Atención al Usuario de Telecomunicaciones claiming financial loss for arbitrary service censorship.
This is a great example of why blanket IP blocking is such a terrible enforcement mechanism. Cloudflare hosts hundreds of thousands of services behind shared IP ranges — blocking one IP to stop a piracy stream
takes out everything else on that IP, including Docker registries, API endpoints, and CDNs that have nothing to do with football.
The real fix on your end until Spain sorts this out: set up a pull-through registry cache (e.g. registry:2 with proxy.remoteurl) on a VPS outside Spain, and point your Docker daemon's mirror config at it. Your
GitLab runner pulls from the cache, the cache pulls from Docker Hub via a non-blocked IP. Also insulates you from Docker Hub rate limits.
But yeah, the fact that a court order about football streaming can break docker pull for an entire country is genuinely absurd.
Yes, but that's not something many can do easily. Also already having to use a VPN is not the "right" solution. The right so solution is to beat some sense inside some politician's head, and force them to write and approve laws that don't let stupid (or conniving) judges pass orders like this one we are talking about.
The only viable way to even get most of them is to shut down internet access entirely. It's not a realistic solution, unlike blocking a few well known IP ranges belonging to a large corp like Cloudflare.
And even if you managed to get them all beforehand, some VPN providers will adapt and keep some servers in reserve, putting them online just as you managed to block the previous ones. Getting around internet censorship is a large chunk of their business, and some are really good at it.
It is not a DNS based block, but on the IP level. Once I knew what caused the issue, I figured I use one of my Hetzner vServers as an exit node in tailscale.
But come on, this can't be true. I wonder how many other people in IT wasted hours on issues and tickets to find out it is due to a football match taking place. Admittedly, chances are low, as football matches are usually outside of office hours.
What Spain does is basically censorship and it's very poorly executed. The docker image registry is only one out of the many collateral victims of this stupid law.
Well, Cloudflare does not launch anything. They acquire to build products. Look into all their recent product launches. They acquired a relatively small company and converted the founding team to a product team.
So, if you want them to build stuff, ask yourself, are there any "Docker Registry" startups out there. If jsdelivr/globalping is not keeping you busy enough... there is an idea
Spain is a failing country. Their economy is in shambles and the government has ceded internet control to a private corporation who runs football games.
CF could just sue LaLiga and the judge as interrupting and intercepting telecomms it's a really serious crime in Spain. Call the AEPD too because of consumers' right against both ISP and LaLiga's snooping. Another huge fine.
This is not an issue under the civil code (civilian issues), but something to be dealt under penal (criminal) code.
Heh, lucky you, at least you get a message. My ISP just drops traffic to the affected IPs. No ping, no traceroute, just a spinner in the browser until it says "page not found".
Every response and comment from LaLiga, the football organization responsible for this, has been so far that this is a minor issue that only affects a few bunch of nerds who talk about "docker images" or "github repositories" or "whatever that means".
Meanwhile, there are testimonies of smart home devices like anti-theft alarms or automatic doors, that stop working whenever there is a football match, because their backends rely on Cloudflare.
Last week, a woman asked for help on social media, as the GPS tracking app she uses to see where her father with dementia is, went offline during a match. It was getting late and he still wasn't back home, and she couldn't locate the tag he was wearing to find him: https://www.infobae.com/america/agencias/2026/04/05/laliga-d...
It's hard to say this, because no one should experience an event like this, but as stressful as these are, it's the only way to make the mainstream people care about this censorship. "I cannot pull a docker image" will never be on nightly news, but safety and personal security is a more powerful driver for discourses.
All people affected should file a complaint with your ISP and with Oficina de Atención al Usuario de Telecomunicaciones claiming financial loss for arbitrary service censorship.
This is a great example of why blanket IP blocking is such a terrible enforcement mechanism. Cloudflare hosts hundreds of thousands of services behind shared IP ranges — blocking one IP to stop a piracy stream takes out everything else on that IP, including Docker registries, API endpoints, and CDNs that have nothing to do with football.
They block the whole of Cloudflare R2, I believe the Docker hub is just (heh) a collateral.
When the La Liga match starts, everything that's proxied via CF (including zero access reverse tunnels) stops working.
There's even a website made for checking if the match is on: https://hayahora.futbol/
You can check if your host is affected: https://hayahora.futbol/#comprobador&domain=docker-images-pr...
Why do they do that? Sorry, I don't speak Spanish.
Here's a good English-language article about it, with a timeline: https://daniel.es/blog/cloudflare-vs-la-liga/
Looks like same old regulatory capture.
Because LaLiga and football in general is what is governing Spain really.
The website has a language selector on the right just below the initial screen, just FYI.
to """"""""""prevent piracy""""""""""
This is why technology businesses and professionals need to take a little bit of an active role in local politics. Otherwise you get nonsense.
Time to use a VPN in your docker pipelines ;) Or run your systems outside of Spain.
Or can this be avoided by using an alternate DNS?
They are planning to also block VPN providers during football matches, see https://www.techradar.com/vpn/vpn-privacy-security/la-liga-w...
When talking about VPNs, it doesn't have to mean "third party VPN". You can host your own on any VPN service outside of Spain.
Yes, but that's not something many can do easily. Also already having to use a VPN is not the "right" solution. The right so solution is to beat some sense inside some politician's head, and force them to write and approve laws that don't let stupid (or conniving) judges pass orders like this one we are talking about.
They are not "planning" to block VPNs. A technologically illiterate judge has ordered it, but there are no plans nor mechanisms to enforce it.
The exact same stupid mechanism they are already using. Forcing ISPs to blackhole whole subnets if they belong to the VPN provider ASN(s).
If they can block IPs of cloudflare what extra mechanisms would be needed to block VPN IPs?
The only viable way to even get most of them is to shut down internet access entirely. It's not a realistic solution, unlike blocking a few well known IP ranges belonging to a large corp like Cloudflare.
And even if you managed to get them all beforehand, some VPN providers will adapt and keep some servers in reserve, putting them online just as you managed to block the previous ones. Getting around internet censorship is a large chunk of their business, and some are really good at it.
"A _Sanish_ Court has ordered NordVPN and Proton VPN to block IPs transmitting illegal football streams" [emphasis added], that is inspain.
It is not a DNS based block, but on the IP level. Once I knew what caused the issue, I figured I use one of my Hetzner vServers as an exit node in tailscale.
But come on, this can't be true. I wonder how many other people in IT wasted hours on issues and tickets to find out it is due to a football match taking place. Admittedly, chances are low, as football matches are usually outside of office hours.
Alternate DNS doesn't help, they block at IP level.
Yes, they block IPs belonging to CDNs (CF including R2, BunnyCDN, CDN77, Fastly, Alibaba, Akamai even)...
This is a know issue and it is completely fucked up: https://www.techradar.com/vpn/vpn-privacy-security/cloudflar...
What Spain does is basically censorship and it's very poorly executed. The docker image registry is only one out of the many collateral victims of this stupid law.
Off topic but I wonder when Cloudflare is going to launch their own Docker registry as a product.
Well, Cloudflare does not launch anything. They acquire to build products. Look into all their recent product launches. They acquired a relatively small company and converted the founding team to a product team.
So, if you want them to build stuff, ask yourself, are there any "Docker Registry" startups out there. If jsdelivr/globalping is not keeping you busy enough... there is an idea
Honestly I would build it if I knew how to properly market it to quickly get users.
Globalping and jsDelivr took years to gain a meaningful user base
It's pretty easy to write your own. I made this one a while ago: https://github.com/chainguard-dev/crow-registry
What would the business case be?
Capture developers and funnel them to the Workers platform
Spain is a failing country. Their economy is in shambles and the government has ceded internet control to a private corporation who runs football games.
CF could just sue LaLiga and the judge as interrupting and intercepting telecomms it's a really serious crime in Spain. Call the AEPD too because of consumers' right against both ISP and LaLiga's snooping. Another huge fine.
This is not an issue under the civil code (civilian issues), but something to be dealt under penal (criminal) code.
In Spanish
https://www.fiscal.es/memorias/memoria2020/FISCALIA_SITE/rec...
Oh, and BTW, LaLiga has just partnered with a CF rival.
Now CF can just sue both like hell because of unfair competition:
https://nitter.tiekoetter.com/xataka/status/2042658662850724...
Looks like they already tried to appeal the block, and lost:
https://x.com/jaumepons/status/1904906677335245294
I think they are doing it already.
Yea, La Liga it's crapping out as always. Docker needs either some I2P gateway, or a Tor service.
Yeah, I know. Welcome to the club :(
https://x.com/ahachete/status/2035783292549755228
Cloudflare is cancer. And the tumor is now too big.
You've got it backwards. Spain's ISPs are blocking Cloudflare and other CDNs because of LaLiga/football piracy. CloudFlare isn't doing anything here.
You are correct, but Cloudflare is still a cancer on the Internet.
Rampant bot traffic and scrapers are the real cancer. Until that goes away everyone is going to need cloudflare or some other bot firewall service.
I can agree on how much power on the global traffic they have, but this blocks affect many other CDNs like Fastly, Akamai, CDN77, BunnyCDN, Alibaba...
You made a few typos in "LaLiga"
Spain is mandating their ISPs block cloudflare to stop people from illegally streaming soccer games. Cloudflare isn't the one doing the blocking.
How so?