So hence why I have an API Key so the website can only be authorized/accessed with it.
So hence why I have an API Key so the website can only be authorized/accessed with it.
KBut it seems that Cloudflare Workers counts unauthorized accesses as requests, so someone can easily spam requests to my Workers site.
KAnd hit 100k with spams, and boom, I can't use it anymore.
KIs the API key static or do you look them up in a database somewhere else?
KAPI key is static
Kbut technically i change them manually
KUse the WAF to validate it, and blocked requests won’t reach your Worker
KIm trying to search up how to enable WAF um
Knot much things are being talked
KAre you using a custom domain on Cloudflare or the workers.dev URL? If you’re using workers.dev then there isn’t really anything you can do to protect it
KCustom domain yes
KOh shoot I have to buy it?
KI mean is there something on the Free plan
KThat at least can protect somewhat
WWAF is free
K
KSee here
CThat is account level WAF. You can do it per zone for free
W^
KHow would I do that?
CMagic Link: https://dash.cloudflare.com/?to=/:account/:zone/security/waf/custom-rules. Make a new rule that checks for the API key in the header and block requests that don't have it
Koh shoot so my API key has to be static
Kwait but is there a way to do this with only the subdomain....?
CI mean you can check that the header exists for it like
Authorizationwhat the heck
Kit said that
KI Was not allowed to capitalization Authorization
Kso it deleted my rule
CHere is an expression that I have
not any(lower(http.request.headers.names[*])[*] == "authorization") and http.host eq "example.com"example.comauthorizationwith the authroization, i want to check if
Bearer [ACCESS_TOKEN]Sure, just make sure the people who have access to your dashboard, you would be okay with sharing the token with
KSo, let's say some user got blocked
Kwould it count as a "request" of the 100k requests per day
CNo. The request got blocked by Cloudflare before it even reached the worker
KSo I added an API key and subdomain. Do you have any more suggestions for the best protection from any attacks?
KYou're more experienced than me so I would like to know lol
CAPI Key is the best way. Means all requests need to have it so you can easily filter requests
JHey guys, I facing the issues all my pages and workers throwing Error 1101 Worker threw exception all of a sudden, anyone facing this or know why this happen?
AIs ghet
BHi guys,
We are using Workers and Queues to upload large files (500+ MB) to R2. We stream files from the source, via the Queue consumer, to R2. According to the docs on Worker limits, Queue consumers should have 15 minutes of CPU time. However, we consistently get an
I created a small reproducible demo here: https://github.com/dealside/r2-upload-queue
We are using Workers and Queues to upload large files (500+ MB) to R2. We stream files from the source, via the Queue consumer, to R2. According to the docs on Worker limits, Queue consumers should have 15 minutes of CPU time. However, we consistently get an
exceededCpuI created a small reproducible demo here: https://github.com/dealside/r2-upload-queue
SHello everyone!
Is there any way possible in the worker script where I can generate thumbnail of a video which is uploaded to the R2 bucket?
Is there any way possible in the worker script where I can generate thumbnail of a video which is uploaded to the R2 bucket?
IWhen will pages support rate limit bindings?
RAnyone have an example of a self binding worker?
RI have my cron handler here:
RAnd in the same file/worker I have my function:
RI get "The RPC receiver does not implement the mthod "fetchRegionLeaderboardData"
RAnd how to access env (for D1 bindings) in the called RPC function.
Jwhat's the default fetch timeout in workers?
Cthere's a nice doc going over all the network limits now: https://developers.cloudflare.com/fundamentals/reference/connection-limits/
Cloudflare Docs
When HTTP/HTTPS traffic is proxied through Cloudflare, there are often two established TCP connections: the first is between the requesting client to …
AWould you reccomend d1 or kv for a discord bot?