This was largely a continuation of https://status.craftcms.com/incident/620811?mp=true.

A combination of aggressive bot traffic (AI and normal) managed to make its way through our firewall and rate limiting logic in the EU region, affecting some shared infrastructure resources.

We’re working with Cloudflare to find the root cause of the issue and discover why it’s not happening in other regions, and are doing this while trying not to affect legitimate bot traffic.

In the meantime, we’ve implemented more aggressive rate-limiting rules for this type of bot traffic globally on our firewall.

In the next week, we are globally rolling out our own rate-limiting logic on the Craft Cloud edge, which will give us more options to control this rate-limiting logic on a per-hostname basis.

We apologize for any disruptions that have occurred because of this.

We have isolated the issue have seen no further reports of 504s.

Intermittent outages still reported in the EU region.

Requests are now resolving as expected. Further investigation and a report will follow.

We've had multiple reports of sporadic 504 responses across the European region. We are actively investigating.