i want to survey about 1 month of usage, does the metrics always reach the limit if we use R2 as an

i want to survey about 1 month of usage, does the metrics always reach the limit if we use R2 as an image cdn?

Ttrk i want to survey about 1 month of usage, does the metrics always reach the limit...

Chaika•3/20/24, 4:16 AM

Which metrics?
R2 has a free quota/allocation each month: https://developers.cloudflare.com/r2/pricing/
For example, 10 million Class Bs, which would translate into 10 million uncached Images being fetched on a Custom Domain, assuming you are doing just normal requests/1 request per image. On R2 Custom Domains as well, any cache hits don't cost you anything

Cloudflare Docs

Pricing · Cloudflare R2 docs

R2 charges based on the total volume of data stored, along with two classes of operations on that data:

CChaika hard to say much from that little info, but I would check what it is redirecting...

mnoaman•3/20/24, 4:16 AM

Thanks for you reply
The app is forcing https and for configuration let's say the tunnel is linked with x.x.x.x which is my vm internal ip then the url locally is https://xxx.xxdomain.com/ which is added in wif.services.config and verified through app registration in azure
Then in my tunnel, I'm linking my xxx.xxdomain.com with any of the mentioned values in my first message with no tls verify and even tried with creating cloudflare origin certificate and also mode to full restrict

Chaika•3/20/24, 4:18 AM

does it work if you take the tunnel out of the equation and connect directly to that service, over https (ignoring cert warnings)?

mnoaman•3/20/24, 4:19 AM

it works when I'm inside the vm only

mnoaman•3/20/24, 4:20 AM

As it points locally , but if I tried to stop the tunnel and use it outside it doesn't work

mnoaman•3/20/24, 4:22 AM

With tunnel it gives me 302 which is redirect issue as I know and it seems it's forwarding a url that is not the same as the one that should be passed from azure app registration and unfortunately I can't change it to http as that will make the app not secured

Mmnoaman With tunnel it gives me 302 which is redirect issue as I know and it seems it's ...

Chaika•3/20/24, 4:24 AM

what url is it forwarding to, exactly?

Chaika•3/20/24, 4:24 AM

"not the same as the one that should be passed from app registration"?

mnoaman•3/20/24, 4:25 AM

As I said Let's say I have local url as https://11.local.com/
I use this in app registration in azure

mnoaman•3/20/24, 4:26 AM

And in public host it's 11.mydomain.com linked to https://11.local.com

Ducky•3/20/24, 4:26 AM

~~I love networking~~

mnoaman•3/20/24, 4:29 AM

So when redirecting from https://11.mydomain.com/ it reads my origin (https://11.local.com) correctly but at same time give me in cookies that when gives me 302 a warning that my origin is not the same even if I added it in cookiehandler with allow_from

Chaika•3/20/24, 4:30 AM

right because the auth setup is expecting local and not mydomain. I think I understand.
It's not something CF Tunnels itself can exactly help with eitherway though, at least not directly, need to configure your application to understand its running on a different url/add it to the allowed redirect urls in the azure side. Usually apps have configurations to override that and such

mnoaman•3/20/24, 4:31 AM

Here's the issue that I made both my local url and cloudflare the same url

mnoaman•3/20/24, 4:32 AM

Both have https://11.mydomain.com/ and still getting the same 302

Chaika•3/20/24, 4:34 AM

probably because somewhere else in the auth side of things, or in one of the configs somewhere, it still doesn't understand it's running somewhere else. I don't know the applications in your setup/never used ws-federation before, so I don't know exactly what.
You'd hit these issues when putting the app behind any sort of proxy though, tunnels aren't special in that regard
Auth like that is messy with redirects and allowed origins, configs on both azure and local in various spots I'd imagine

If I had to guess, it sounds like to me it's not understanding you authenticated and is redirecting for auth each time. Could be because it doesn't think the auth is for that domain/not scoped to it, on either side

mnoaman•3/20/24, 4:46 AM

I'm not sure which scope should it get as when I check the sent in cookies it is the same value of domain in all configuration, but I'm not sure what happens between the azure app registration and the cloudflare when trying to connect at first

Kimitri•3/20/24, 7:13 AM

Good morning. I'm new about Cloudflare so I have a question. I'm working in a Nextjs project deployed to aws with SST framework, SST set a Cloudfront distribution automatically, and it can't be changed, so I wanna to protect my application against DDOS and other dangers attacks so I heard about Cloudflare. The problem is, there a way to use Cloudflare protection without use it CDN? Because I can't change CDN from Cloudfront to Cloudflare, and use two CDNs one above other, can result in hight costs with bandwith.

KKimitri Good morning. I'm new about Cloudflare so I have a question. I'm working in a Ne...

Karew•3/20/24, 7:28 AM

Cloudflare protection requires that you manage your DNS with Cloudflare and also use Cloudflare’s proxy/CDN.

RyanKnack•3/20/24, 7:30 AM

Idea is to put Cloudflare in front of CloudFront, but add a cache rule/page rule that bypasses all caching capabilities in CloudFlare (while remaining proxied orange cloud, for security) and let CloudFront handle the caching/CDN for you

As for security point, you would have to somehow limit access to your CloudFront distribution to only accept CloudFlare IPS or smth idk. Someone probably have a better implementation or smth

RRyanKnack Idea is to put Cloudflare in front of CloudFront, but add a cache rule/page rule...

Kimitri•3/20/24, 8:48 AM

So if I set cache bypasses, cloudflare will work basically as I reverse proxy to protect my application on cloudfront and don't will be two layers of bandwidth cost?

RyanKnack•3/20/24, 8:49 AM

I guess so it does seem logical. But I wonder why wouldn't you use AWS in house security features

RRyanKnack I guess so it does seem logical. But I wonder why wouldn't you use AWS in house ...

Kimitri•3/20/24, 8:59 AM

Aws shield cost $3000 month

Rapid•3/20/24, 11:52 AM

Hiya, is there an option to get data for more than a week using the GraphQL API in order to get Analytics & Logs?

Kasumi•3/20/24, 12:08 PM

Ik cloudflare but I'm not in Germany :0084anime_cry:

Original message was deleted

Rapid•3/20/24, 12:50 PM

Thanks

Pprender when talking about cloudflare for saas, I have a question. If i create a few hun...

Chaika•3/20/24, 1:14 PM

With Workers and SaaS, you should just create a wildcard instead: https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/start/advanced-settings/worker-as-origin/

Cloudflare Docs

Workers as your fallback origin · Cloudflare for Platforms docs

Learn how to use a Worker as the fallback origin for your SaaS zone.

Pprender The issue is, the target cname wouldn't be 1 saas application fixed address, but...

Chaika•3/20/24, 3:13 PM

you're proxying their origins?

Isak•3/20/24, 3:16 PM

When will Log Explorer support Workers Trace Events?

Pprender yeah

Chaika•3/20/24, 4:10 PM

CF for SaaS, as kind of in the name (Software-as-service), is meant for hooking up your customers custom/vanity domains with your software/pointing at your origins/workers/servers.

Chaika•3/20/24, 4:11 PM

If you wanted to let them proxy stuff through Cloudflare/use the CDN, you'd probably want the partner program/tenant setup, where they have full zones/websites and accounts: https://developers.cloudflare.com/tenant/structure/

Cloudflare Docs

Tenant structure · Cloudflare Tenant docs

Cloudflare helps Channel and Alliance partners manage their and their customers’ accounts through a Tenant structure.

Chaika•3/20/24, 5:29 PM

the partner program lets you create them accounts via the api and administrate them through yours

Jesse Lu•3/20/24, 5:38 PM

Hi everyone! Super excited about cloud flare workers ai. I have a custom cuda kernel I want to scale up, is this supported?

Pprender aha ok but why creating their accounts? just add a zone in my account without th...

Hello, I’m Allie!•3/20/24, 5:56 PM

Some customers may want full control over their zones. Also, it allows you to bill for resources they incurr a lot easier, since it is separate

Pprender whats the pricing for being a partner, can't read it nowhere

Hello, I’m Allie!•3/20/24, 6:14 PM

It's a "Contact us" thing, like Enterprise.

OptiNation Review•3/20/24, 7:22 PM

Require gateway rule is not working on some of my apps. This is really frustrating. Why is this not working?

i want to survey about 1 month of usage, does the metrics always reach the limit if we use R2 as an

Similar Threads

Similar Threads

Similar Threads