Spanish developers spent hours debugging Docker pull failures on April 12, 2026, only to discover the culprit wasn’t their configuration—it was football. La Liga’s court-authorized IP blocking campaign, active since December 2024, targets Cloudflare infrastructure to prevent piracy streams. The result: Docker Hub (hosted on Cloudflare R2) becomes inaccessible across Spain during matches, breaking CI/CD pipelines and legitimate services. A Hacker News discussion captured the frustration—534 points, 217 comments, and a recurring theme: “I spent an hour debugging before realizing La Liga broke my Docker.”
This is censorship-by-proxy at scale. Telefónica owns both the ISPs implementing blocks and the Movistar Plus streaming service that benefits from eliminating piracy competition. The blocking happens every weekend during La Liga matches—prime development time for side projects and critical deployments. Pirates still stream matches without issues. Developers can’t pull Docker images.
How Football Blocking Breaks Docker
La Liga identifies piracy sites using Cloudflare CDN, then orders Spanish ISPs to block entire Cloudflare IP ranges. Because Cloudflare uses shared infrastructure, blocking one piracy site’s IP simultaneously blocks millions of legitimate services. Docker Hub’s R2 storage sits on those same shared IPs. When blocks activate, developers see this:
$ docker pull nginx:latest
Error response from daemon: Get "https://registry-1.docker.io/v2/":
TLS certificate verification failed
...
blocked in compliance with the judgment of the Commercial Court No. 6 of Barcelona
The scale is staggering: ~3,000 IP addresses blocked every weekend, 13,500+ legitimate websites collaterally damaged. Blocks happen during La Liga match times—weekends and evenings—which are prime hours for developers working on side projects or deploying critical fixes. Consequently, CI/CD pipelines fail mid-deployment. Local development grinds to a halt. Hours get wasted debugging what appears to be a local TLS configuration issue before someone checks the error message carefully enough to see the court order buried in the output.
Regulatory Capture: Who Benefits?
The December 2024 court order wasn’t just La Liga’s doing—it was jointly obtained with Telefónica Audiovisual Digital, which operates Movistar Plus streaming service. Here’s the conflict: Telefónica owns Spain’s largest telecommunications network implementing the blocks AND the streaming service that benefits from eliminating piracy competition. In effect, Telefónica sued itself and other ISPs, granting itself the power to decide what content gets blocked on the internet without judicial oversight on individual blocking decisions.
The process is simple and unaccountable: Telefónica updates block lists weekly, other ISPs must comply within three hours, no review mechanism exists. Moreover, La Liga president Javier Tebas dismissed developer complaints as coming from “only 4 nerds”—this despite thousands of affected developers and millions of disrupted users. Technical analysis from Daniel Moreno details the timeline and legal background of this ongoing crisis.
Developers on Hacker News aren’t mincing words: “This is the Great Firewall of Spain, except for football profits.” That’s not hyperbole. It’s regulatory capture in textbook form—a private company using courts to control internet infrastructure for commercial benefit, with the party implementing blocks also profiting from blocking competitors.
Docker and Infrastructure Collateral Damage
Docker is just one casualty. Furthermore, GitHub access becomes intermittent. LinkedIn, Twitch, Steam, X (Twitter), and Microsoft services all experience disruptions. Spanish government websites go offline. The US State Department’s Freedom.gov portal gets blocked—the irony isn’t lost on anyone.
However, the worst impact goes beyond developer tools. Smart home security systems stop working during matches. Automatic doors fail. GPS tracking apps for elderly care shut down. One Hacker News commenter reported they couldn’t locate their father with dementia during a blocked match—his GPS tracker was offline because the service used Cloudflare infrastructure.
Business impact is severe and uncompensated. E-commerce sites hosted on Vercel or Cloudflare become inaccessible with zero advance notice. API-driven services fail. Customer-facing applications break. The court granted blocking authority with one condition: it “must not affect third parties.” That provision proved completely unenforceable. In March 2025, the court rejected Cloudflare’s appeal, ruling “no third-party evidence of harm exists”—despite 13,500+ sites blocked and documented reports from thousands of users.
Pirates Win, Developers Lose
The kicker: La Liga’s blocking doesn’t stop piracy. Multiple developers report the same observation: “Pirates never had issues with blocked streams.” They use VPNs, alternative CDNs, and decentralized streaming methods that bypass IP blocks entirely. The blocking is security theater—performance art that serves Telefónica’s commercial interests rather than genuine anti-piracy enforcement.
Nevertheless, the ineffectiveness hasn’t slowed La Liga down. In February 2026, Spanish courts escalated by ordering VPN providers to implement the same IP blocks. The orders are “dynamic” with no appeal process—VPN providers must comply immediately whenever La Liga updates its block lists. TorrentFreak’s legal coverage documents the ongoing battle and court orders. This closes the primary developer workaround while doing nothing to address the underlying issue: sophisticated pirates already have alternatives, legitimate users don’t.
Docker Workarounds Under Attack
Spanish developers have adopted two main strategies. The first is VPN services—route traffic through non-Spanish infrastructure, bypass ISP-level blocks, access Docker and Cloudflare normally. ProtonVPN reports a significant surge in Spanish subscriptions. However, February 2026’s court orders to VPN providers are systematically dismantling this approach.
The more reliable workaround is Docker registry pull-through caches. Set up a local Docker registry proxy, configure it to mirror Docker Hub, and the first pull fetches from upstream while caching locally. Subsequent pulls get served from cache, eliminating dependency on Cloudflare-hosted infrastructure. The approach works until cache misses occur, but it’s more resilient than VPNs currently under attack.
Some companies are taking more drastic steps: relocating entire CI/CD infrastructure outside Spain. When your deployment pipeline breaks every weekend because of football matches, geographic relocation starts looking reasonable. That’s the current state of Spanish developer infrastructure—constant workarounds, arms races with La Liga, and increasingly complex setups just to access basic tools like Docker.
Key Takeaways
- La Liga’s IP blocking breaks Docker across Spain every weekend during matches—~3,000 Cloudflare IPs blocked, affecting Docker Hub’s R2 storage and 13,500+ legitimate sites
- Telefónica’s dual role as ISP and streaming service owner (Movistar Plus) is textbook regulatory capture—the company implementing blocks also profits from eliminating piracy competition
- Collateral damage extends beyond developer tools to critical infrastructure: smart home security systems, GPS tracking for vulnerable individuals, government websites, and business services all fail during blocks
- The blocking doesn’t stop piracy—pirates stream matches without issues while developers can’t pull Docker images, revealing this as performance theater serving commercial interests
- Workarounds exist but are under attack: VPNs now face court-ordered blocking (February 2026), making Docker registry caches the most reliable solution for affected developers
The European Commission has enforcement authority over potential EU net neutrality violations. Cloudflare suggested La Liga’s deliberate blocking “could make this a matter for the European Commission.” RootedCON is providing legal templates for Spanish citizens to sue telecommunications companies. Until then, Spanish developers are left maintaining increasingly complex infrastructure workarounds just to access Docker—all because of football.
