Force workers to only use IPv4 addressess?

Original message was deleted

Chaika•1/3/24, 10:06 PM

Are you having issues? If they only have A records, it should just send the request over IPv4. If they have AAAA records but don't support IPv6 whitelisting that would be really silly on their part, but Cloudflare's normal CDN always prefers IPv4 over IPv6 so it may still work -- would have to test that though

Chaika•1/3/24, 10:08 PM

On my quick test it looks like if there is both A/AAAA records for a domain it'll prefer A/IPv4 just like the normal Cdn

Chaika•1/3/24, 10:09 PM

keep in mind though if they are using Cloudflare the IP won't be on /ips/, it'l be always 2a06:98c0:3600::103 2a06:98c0:3600::103 for subrequests/fetch from Workers

CChaika Are you having issues? If they only have A records, it should just send the requ...

Chief•1/3/24, 10:19 PM

Haven't done long term testing (since we don't rely on it if itll be flaky). We're investigating if we need to deploy code somewhere else or if we can keep it at cloudflare.

They do not have AAAA records. It sounds like we shouldn't need to worry about randomly using IPv6 then?

Chaika•1/3/24, 10:20 PM

Unless they're using Cloudflare yea, not possible for it to connect over IPv6 without AAAA records

Chief•1/3/24, 10:24 PM

Actually, calling nslookup returns api.namecheap.com.cdn.cloudflare.net api.namecheap.com.cdn.cloudflare.net which sounds like namecheap uses cloudflare.

So would it always be 2a06:98c0:3600::1032a06:98c0:3600::103 in that case?

Erisa•1/4/24, 10:05 AM

Yeah since api.namecheap.com resolves to Cloudflare, 2a06:98c0:3600::1032a06:98c0:3600::103 would always be used regardless of who is behind the Worker subrequest. If youre allowlisting that address for your account, just keep in mind that anyone can sign up for Workers and start sending requests from that same IP. If there are also other strong authentication methods in place then it should be fine.

Force workers to only use IPv4 addressess?

Similar Threads

Similar Threads

Similar Threads