Workers doesn't have prod/preview environments today

Ghassen Daoud•3/10/25, 10:39 AM

Hello,
My wordpress website went down multiple times during the last 2 days because of a DDOS attack.
So I started using Cloudflare, I configured dns and made sure that only Cloudflare IPs are whitelisted.
So all traffic goes through Cloudflare.
Even with that, my website keeps going down (DDOS attack) and it seems the only possible way to have my website working is "Under attack mode", which is inconvenient for me.
Is Cloudflare really protecting my website? Why is it vulnerable to DDOS attacks?

Ghassen Daoud•3/10/25, 10:39 AM

Is there something I can do?

SuperHelpflare•3/10/25, 10:40 AM

If you are under a DDoS attack then you can take a look at these threads for first steps and help with mitigation:

https://community.cloudflare.com/t/mitigating-an-http-ddos-attack-manually-with-cloudflare/302366 (Community link)
https://developers.cloudflare.com/ddos-protection/get-started/ (documentation link)

Original message was deleted

Ghassen Daoud•3/10/25, 10:42 AM

Is there a solution to get my website working and immune to ddos (without under attack mode)

SuperHelpflare•3/10/25, 10:42 AM

If you are under a DDoS attack then you can take a look at these threads for first steps and help with mitigation:

https://community.cloudflare.com/t/mitigating-an-http-ddos-attack-manually-with-cloudflare/302366 (Community link)
https://developers.cloudflare.com/ddos-protection/get-started/ (documentation link)

Ghassen Daoud•3/10/25, 10:43 AM

Okay

danielgangl•3/10/25, 10:54 AM

Hey guys, is this chat the right place to ask about Security Events, WAF and custom rules issues, or is there a channel for that?

SuperHelpflare•3/10/25, 10:56 AM

https://dontasktoask.com/

Don't ask to ask, just ask

(

(っ◔◡◔)っ terrible tone•3/10/25, 4:20 PM

hello hello! I am a data & impact management analyst. I decided to check out the server to hopefully better understand/learn some things regarding site admin duties for the non-profit I work for. Currently I am having trouble with our "community Impact dashboard" not displaying a couple metrics in the reported data correctly.

Kasumi•3/10/25, 5:21 PM

Who's Vero

KKasumi Who's Vero

Isaac McFadyen•3/10/25, 5:22 PM

Community Manager of this Discord

IIsaac McFadyen Community Manager of this Discord

Kasumi•3/10/25, 5:22 PM

More details :0047k3lly_think:

MattIPv4•3/10/25, 5:22 PM

What more details do you want?

MattIPv4•3/10/25, 5:23 PM

They're the person at Cloudflare that runs this server

KKasumi More details :0047k3lly_think:

Isaac McFadyen•3/10/25, 5:23 PM

Not sure what you're looking for? Vero handles all of the events that happen in this server, helps manage moderators, escalates things when we can't, etc.

IIsaac McFadyen Not sure what you're looking for? Vero handles all of the events that happen in ...

Kasumi•3/10/25, 5:41 PM

I mean more so "a day with Vero" like. Like what she's doing at cloudflare and so on

MattIPv4•3/10/25, 5:41 PM

She

MattIPv4•3/10/25, 5:41 PM

And she is under devrel afaik, so all that entails

KKasumi I mean more so "a day with Vero" like. Like what she's doing at cloudflare and s...

D5•3/10/25, 6:39 PM

She is Vero. Vero gets up, works, eats food, and sleeps

MMattIPv4 _She_

Kasumi•3/10/25, 6:39 PM

Oh sorry

D5•3/10/25, 6:44 PM

X is now using cloudflare

WTDawson9•3/10/25, 7:29 PM

Does HTTP Strict Transport Security (HSTS) mean that I have to have a certificate installed on my server?

DD5 X is now using cloudflare

WTDawson9•3/10/25, 7:30 PM

No they're not?

WWTDawson9 Does HTTP Strict Transport Security (HSTS) mean that I have to have a certificat...

Chaika•3/10/25, 7:31 PM

means you need https and http is disallowed

WWTDawson9 No they're not?

Chaika•3/10/25, 7:32 PM

they switched a bunch of regions today, maybe still a few without CF or not using the full cdn, but lots of Server: cloudflare

CChaika they switched a bunch of regions today, maybe still a few without CF or not usin...

WTDawson9•3/10/25, 7:35 PM

Alright fairs

CChaika means you need https and http is disallowed

WTDawson9•3/10/25, 7:35 PM

But I don't have to install the certificate on my server?

Chaika•3/10/25, 7:36 PM

"the certificate"?

CChaika "the certificate"?

WTDawson9•3/10/25, 7:36 PM

SSL/TLS that Cloudflare give me

Chaika•3/10/25, 7:37 PM

HSTS mandates https. Browsers have a list of trusted root CAs, you need to serve a certificate signed by one of those to visitors.
Without Cloudflare, this means one of them directly, like Let's Encrypt
With Cloudflare in the middle, you should either use a trusted CA directly like Let's Encrypt, or you can use a Cloudflare Origin Cert, either will work

WTDawson9•3/10/25, 7:37 PM

Hmm

jjjrmy•3/10/25, 10:35 PM

with a Cloudflare Worker, if I need to include my Firebase JSON Config - how do I handle that if it's not imported directly in my worker script?

does it have to be uploaded as an asset with a binding?

MattIPv4•3/10/25, 10:36 PM

How is the code in your worker expecting to access said config?

jjjrmy•3/10/25, 10:38 PM

I'm not really sure tbh - right now we are using Express just on a normal Node app and it's reading the filepath with

fs

fs

jjjrmy•3/10/25, 10:39 PM

but I don't really think I want to store the unencrypted file in R2?

jjjrmy•3/10/25, 10:42 PM

I guess that's the only option?

Jjjjrmy but I don't really think I want to store the unencrypted file in R2?

valkyrie_pilot•3/10/25, 10:44 PM

cloudflare workers support a way to have secrets

Vvalkyrie_pilot cloudflare workers support a way to have secrets

jjjrmy•3/10/25, 10:44 PM

so you think just save the JSON as a secret

valkyrie_pilot•3/10/25, 10:45 PM

i don't see why not

jjjrmy•3/10/25, 10:47 PM

okay will try that

Shawn•3/11/25, 3:09 AM

Can anyone help out with this? I’m trying to get my USDT wallet balance. I’m trying to see if there is a different web3 I can go to?

Peps•3/11/25, 3:25 AM

you'll have to reach out to the website's owner if their site is unable to load

MS•3/11/25, 4:43 AM

Hello I'm new to R2, I see egress is free in R2, but it was also mentioned it will be charged if the data is downloaded to a third-party can someone help me understand this ?

Hadgimoto•3/11/25, 7:22 AM

Hows everyone doing this evening? I'd appreciate some help if anyone has a few minutes to spare?

Hadgimoto•3/11/25, 7:22 AM

Cloudflare dashboard stuck on ‘Pending Nameservers’ even though the setup is correct. Domain is registered here, but verification won’t complete. Any ideas?