If there are gaps preventing you from using Workers today (and instead choosing Pages), we’d love to

T

Tobias•3/26/25, 2:49 PM

Is it possible to setup a subdomain for cloudflare workers without either

Setup the apex domain within cloudflare
Pay 250 dollar a month to setup a subdomain zone

Currently this is possible for cloudflare pages (i.e. just point the subdomain to cloudflare pages).

If not, is it planned in order to have feature parity between cloudflare workers & pages?

TTobias Is it possible to setup a subdomain for cloudflare workers without either - Setu...

H

Hello, I’m Allie!•3/26/25, 2:51 PM

Use SSL for SaaS yourself, like Pages does?

HHello, I’m Allie!Use SSL for SaaS yourself, like Pages does?

T

Tobias•3/26/25, 2:52 PM

But then I would need to create a zone within cloudflare with a domain, or I might have missed something?

TTobias But then I would need to create a zone within cloudflare with a domain, or I mig...

H

Hello, I’m Allie!•3/26/25, 2:52 PM

Yeah, you would need one zone at minimum on Cloudflare

J

jsonperl•3/26/25, 2:54 PM

Hi there! I'm trying to build a worker that does realtime audio "splicing" from component mp3s. Essentially based on an audio file layout, grab the files from r2, remove header info and splice the mp3 audio data together and stream.

I've succeeded in building this. But now I'm running into a problem that seems maybe unsolvable: clients expect to be able to issue range requests in a header asking for specific bytes in the audio (I'd like to listen starting at 10:00 in...).

What I'd ideally like is that an initial request will be cached entirely, and then the cdn would take over to respond to the range request with a proper 206 response and the bits. There doesn't seem to be a way to do this.

If I respond with a 206 from the worker, it can't be cached
If I respond with a 200 with the whole file, the client doesn't get what it asked for

Any ideas?

Jjsonperl Hi there! I'm trying to build a worker that does realtime audio "splicing" from ...

H

Hello, I’m Allie!•3/26/25, 2:56 PM

You would need to implement this cache slicing logic in your Worker. Worker responses can’t be cached, so requests will always be billed. Note however that they can interact with the Cache API as part of their handling of a request

HHello, I’m Allie!You would need to implement this cache slicing logic in your Worker. Worker resp...

J

jsonperl•3/26/25, 3:00 PM

Is there no way to rely on range request handling from standard cloudflare cdn? Like front a worker with the standard cdn?

HHello, I’m Allie!You would need to implement this cache slicing logic in your Worker. Worker resp...

J

jsonperl•3/26/25, 3:01 PM

The other huge gotcha here is that anything besides directly streaming from r2 out to the client will quickly surpass the memory limits of a worker. Audio is large, but the streaming solution built works well as it just streams it through without holding much in memory.

Any caching of the whole thing (or writing out to r2 for a "tempfile") is going to need it loaded in memory, which cannot work.

Jjsonperl Is there no way to rely on range request handling from standard cloudflare cdn? ...

H

Hello, I’m Allie!•3/26/25, 4:43 PM

Workers are a layer of the CDN on top of the cache. They can interact with it, but responses from a Worker will not be cached themselves

Jjsonperl The other huge gotcha here is that anything besides directly streaming from r2 o...

H

Hello, I’m Allie!•3/26/25, 4:44 PM

You don’t need to buffer the whole thing in memory, you can stream directly from R2 into the Cache

VVero Hey. Pages is still supported but longer term we want to get to a point where ev...

D

divby0•3/26/25, 8:02 PM

thanks a lot

No shortcomings, just curiosity because this recommendations are not really easily findable

M

Mia•3/26/25, 10:41 PM

RIP i just wasted an entire day going down the websockets rabbit hole only to realise discord has a cloudflare ban so i can't use workers with DO for their gateway api :(:(

M

Mia•3/26/25, 10:42 PM

they just 401 when a new connection attempt originates from a worker ip

M

Mia•3/26/25, 10:42 PM

and from what ive read the only way around this is with Aegis but that's enterprise only

M

Mia•3/26/25, 10:43 PM

proxy policies would be cool on a per-worker basis

M

Mia•3/26/25, 10:43 PM

im fine hosting a proxy on my own server just to get around the discord cloudflare ban :\

M

Mia•3/26/25, 10:44 PM

although that will add even more layers of complexity and latency for the traffic so not optimal

M

Mia•3/26/25, 10:44 PM

i just dont wanna host the entire bot on my own machine xd

M

Mia•3/26/25, 10:52 PM

I guess it’s not a huge waste of time cause I did learn a ton about workers, hono, durable objects and websockets… it just sucks i can’t do the thing i set out to do after all that time

R

roma•3/27/25, 1:53 AM

https://developers.cloudflare.com/workers/platform/limits/#simultaneous-open-connections

Simultaneous open connections

You can open up to six connections simultaneously, for each invocation of your Worker. The connections opened by the following API calls all count toward this limit:

- the fetch() method of the Fetch API.

Simultaneous open connections

You can open up to six connections simultaneously, for each invocation of your Worker. The connections opened by the following API calls all count toward this limit:

- the fetch() method of the Fetch API.

Simultaneous open connections

You can open up to six connections simultaneously, for each invocation of your Worker. The connections opened by the following API calls all count toward this limit:

- the fetch() method of the Fetch API.

Simultaneous open connections

You can open up to six connections simultaneously, for each invocation of your Worker. The connections opened by the following API calls all count toward this limit:

- the fetch() method of the Fetch API.

I do not quite understand this part, it said that fetch() calls all count toward the concurrent request limit.

So, if I have a code below

const results = await Promise.all([
  fetch(url1),
  fetch(url2),
  fetch(url3),
  fetch(url4),
  fetch(url5),
  fetch(url6),
  fetch(url7), // Exceeds the limit of 6
]);

const results = await Promise.all([
  fetch(url1),
  fetch(url2),
  fetch(url3),
  fetch(url4),
  fetch(url5),
  fetch(url6),
  fetch(url7), // Exceeds the limit of 6
]);

const results = await Promise.all([
  fetch(url1),
  fetch(url2),
  fetch(url3),
  fetch(url4),
  fetch(url5),
  fetch(url6),
  fetch(url7), // Exceeds the limit of 6
]);

const results = await Promise.all([
  fetch(url1),
  fetch(url2),
  fetch(url3),
  fetch(url4),
  fetch(url5),
  fetch(url6),
  fetch(url7), // Exceeds the limit of 6
]);

Is the seventh call is going to be delayed (?) or something? I'm not a native english speaker so 99% I have misunderstood the docs here. Just want to confirm here

P

Peps•3/27/25, 1:53 AM

correct, the seventh call will be slightly delayed until one of those other 6 fetches are done

R

roma•3/27/25, 1:54 AM

Ahh wow interesting, Thank you! I think I'm going to make batch (of six) call then just to make sure everything okay. Thanks!

S

s•3/27/25, 8:10 AM

Just going to put this out there: Adding Gemma 27B w/ LORA support would probably put Worker AI at the front of a lot of people's minds

Gemma is shaping up to be one of the best finetune targets in a while, and people are noticing :Eyes:

V

Velipaw•3/27/25, 9:09 AM

Hi, I am getting an issue when deploying my next project. Who can help me?

2025-03-27_10-59-42.snagx159.17KB

C

cj•3/27/25, 10:40 AM

I would like to run

@vercel/og

@vercel/og

@vercel/og

@vercel/og inside a worker. But

@cloudflare/pages-plugin-vercel-og

@cloudflare/pages-plugin-vercel-og

@cloudflare/pages-plugin-vercel-og

@cloudflare/pages-plugin-vercel-og uses an older version.

Anyone here who can merge pull requests and update the plugins?

https://github.com/cloudflare/pages-plugins/pull/57

GitHub

Update @vercel/og to 0.6.2 by mastermakrela · Pull Request #57 · ...

I was playing around with @vercel/og to understand why I can't use it directly in a worker.
During this, I've noticed that after updating @vercel/og to current version, the patch ca...

R

ruan•3/27/25, 1:54 PM

export default {
    async fetch(req, env): Promise<Response>
    {
        // https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/

        const ipAddress = req.headers.get("cf-connecting-ip") || "";
        const { success } = await env.MY_RATE_LIMITER.limit({ key: ipAddress })
        if (!success)
            return new Response(`429 Failure – rate limit exceeded for ${ipAddress}`, { status: 429 });

export default {
    async fetch(req, env): Promise<Response>
    {
        // https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/

        const ipAddress = req.headers.get("cf-connecting-ip") || "";
        const { success } = await env.MY_RATE_LIMITER.limit({ key: ipAddress })
        if (!success)
            return new Response(`429 Failure – rate limit exceeded for ${ipAddress}`, { status: 429 });

export default {
    async fetch(req, env): Promise<Response>
    {
        // https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/

        const ipAddress = req.headers.get("cf-connecting-ip") || "";
        const { success } = await env.MY_RATE_LIMITER.limit({ key: ipAddress })
        if (!success)
            return new Response(`429 Failure – rate limit exceeded for ${ipAddress}`, { status: 429 });

export default {
    async fetch(req, env): Promise<Response>
    {
        // https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/

        const ipAddress = req.headers.get("cf-connecting-ip") || "";
        const { success } = await env.MY_RATE_LIMITER.limit({ key: ipAddress })
        if (!success)
            return new Response(`429 Failure – rate limit exceeded for ${ipAddress}`, { status: 429 });

if i return "false" like this EXAMPLE, it would still count this request on my worker limits?

Rruan ```js export default { async fetch(req, env): Promise<Response> { ...

C

Chaika•3/27/25, 1:56 PM

yes, worker still ran/executed

CChaika yes, worker still ran/executed

R

ruan•3/27/25, 1:57 PM

do you know if on the workers paid plan is possible to you set any kind of expending limit in any way?
like if it get > than a $ cap stop working

C

Chaika•3/27/25, 1:57 PM

most you can do is set usage alerts for specific amount of requests/cpu time

C

Chaika•3/27/25, 1:58 PM

also if you just want a specific ip-based rate limiter, even free plan gets one rate limiting rule, although restricted in time span/etc.

C

Chaika•3/27/25, 1:59 PM

WAF/Rate Limiting rules/etc block the request before the worker runs, saving you an request

R

ruan•3/27/25, 1:59 PM

im aware, i have set some

R

ruan•3/27/25, 2:00 PM

im testing the worker locally do you know why any fetch request i made from it get blocked by WAF rules?

R

ruan•3/27/25, 2:00 PM

it should be running on cloudflare contenxt

R

ruan•3/27/25, 2:00 PM

im starting it as

npx wrangler dev --remote

npx wrangler dev --remote

C

Chaika•3/27/25, 2:02 PM

Workers requests don't bypass waf, would have to look at Security -> Events to see why

R

ruan•3/27/25, 2:02 PM

it does when i run it directly on cloudflare

R

ruan•3/27/25, 2:03 PM

interface Env
{
    MY_RATE_LIMITER: any;
}

export default {
    async fetch(req, env): Promise<Response>
    {
        // https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/

        const ipAddress = req.headers.get("cf-connecting-ip") || "";
        const { success } = await env.MY_RATE_LIMITER.limit({ key: ipAddress })
        if (!success)
            return new Response(`429 Failure – rate limit exceeded for ${ipAddress}`, { status: 429 });

        const login = req.headers.get("x-login");
        const password = req.headers.get("x-password");

        if (!login || !password)
            return new Response("", { status: 403 });
        
        const isValidUser = await validateUser(login, password);
        if (!isValidUser)
            return new Response("", { status: 403 });

        //const origin = new Request(req.url, req);
        //origin.headers.delete("x-login");
        //origin.headers.delete('cf-workers-preview-token');
        //return fetch(origin);
        return fetch(req)
    },
} satisfies ExportedHandler;

async function validateUser(login: string, password: string): Promise<boolean>
{
    const response = await fetch("https://tunnel.xxx.com/authentication",
        {
            method: "POST",
            headers: {
                "Content-Type": "application/json",
            },
            body: JSON.stringify({ login, password })
        });

    // The server returns 200 for valid authentication, 403 for invalid
    return response.status === 200;
}

interface Env
{
    MY_RATE_LIMITER: any;
}

export default {
    async fetch(req, env): Promise<Response>
    {
        // https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/

        const ipAddress = req.headers.get("cf-connecting-ip") || "";
        const { success } = await env.MY_RATE_LIMITER.limit({ key: ipAddress })
        if (!success)
            return new Response(`429 Failure – rate limit exceeded for ${ipAddress}`, { status: 429 });

        const login = req.headers.get("x-login");
        const password = req.headers.get("x-password");

        if (!login || !password)
            return new Response("", { status: 403 });
        
        const isValidUser = await validateUser(login, password);
        if (!isValidUser)
            return new Response("", { status: 403 });

        //const origin = new Request(req.url, req);
        //origin.headers.delete("x-login");
        //origin.headers.delete('cf-workers-preview-token');
        //return fetch(origin);
        return fetch(req)
    },
} satisfies ExportedHandler;

async function validateUser(login: string, password: string): Promise<boolean>
{
    const response = await fetch("https://tunnel.xxx.com/authentication",
        {
            method: "POST",
            headers: {
                "Content-Type": "application/json",
            },
            body: JSON.stringify({ login, password })
        });

    // The server returns 200 for valid authentication, 403 for invalid
    return response.status === 200;
}

interface Env
{
    MY_RATE_LIMITER: any;
}

export default {
    async fetch(req, env): Promise<Response>
    {
        // https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/

        const ipAddress = req.headers.get("cf-connecting-ip") || "";
        const { success } = await env.MY_RATE_LIMITER.limit({ key: ipAddress })
        if (!success)
            return new Response(`429 Failure – rate limit exceeded for ${ipAddress}`, { status: 429 });

        const login = req.headers.get("x-login");
        const password = req.headers.get("x-password");

        if (!login || !password)
            return new Response("", { status: 403 });
        
        const isValidUser = await validateUser(login, password);
        if (!isValidUser)
            return new Response("", { status: 403 });

        //const origin = new Request(req.url, req);
        //origin.headers.delete("x-login");
        //origin.headers.delete('cf-workers-preview-token');
        //return fetch(origin);
        return fetch(req)
    },
} satisfies ExportedHandler;

async function validateUser(login: string, password: string): Promise<boolean>
{
    const response = await fetch("https://tunnel.xxx.com/authentication",
        {
            method: "POST",
            headers: {
                "Content-Type": "application/json",
            },
            body: JSON.stringify({ login, password })
        });

    // The server returns 200 for valid authentication, 403 for invalid
    return response.status === 200;
}

interface Env
{
    MY_RATE_LIMITER: any;
}

export default {
    async fetch(req, env): Promise<Response>
    {
        // https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/

        const ipAddress = req.headers.get("cf-connecting-ip") || "";
        const { success } = await env.MY_RATE_LIMITER.limit({ key: ipAddress })
        if (!success)
            return new Response(`429 Failure – rate limit exceeded for ${ipAddress}`, { status: 429 });

        const login = req.headers.get("x-login");
        const password = req.headers.get("x-password");

        if (!login || !password)
            return new Response("", { status: 403 });
        
        const isValidUser = await validateUser(login, password);
        if (!isValidUser)
            return new Response("", { status: 403 });

        //const origin = new Request(req.url, req);
        //origin.headers.delete("x-login");
        //origin.headers.delete('cf-workers-preview-token');
        //return fetch(origin);
        return fetch(req)
    },
} satisfies ExportedHandler;

async function validateUser(login: string, password: string): Promise<boolean>
{
    const response = await fetch("https://tunnel.xxx.com/authentication",
        {
            method: "POST",
            headers: {
                "Content-Type": "application/json",
            },
            body: JSON.stringify({ login, password })
        });

    // The server returns 200 for valid authentication, 403 for invalid
    return response.status === 200;
}

i have a WAF rule to

block

block

block

block

POST

POST

POST

POST requests,

await fetch("https://tunnel.xxx.com/authentication",

await fetch("https://tunnel.xxx.com/authentication",

await fetch("https://tunnel.xxx.com/authentication",

await fetch("https://tunnel.xxx.com/authentication", works on cloudflare
debugging locally with

npx wrangler dev --remote

npx wrangler dev --remote

on this same request i get

(403) Forbidden

(403) Forbidden

(403) Forbidden

(403) Forbidden as response

Cconfused mf Cloudflare with supabase integration is broken, I get a 400 error when I try oau...

V

VeroOP•3/27/25, 2:06 PM

there's an ongoing incident https://www.cloudflarestatus.com/incidents/gmpbtb71lkpl

Cloudflare Workers: Supabase integration issues

Rruan ```js interface Env { MY_RATE_LIMITER: any; } export default { async fe...

C

Chaika•3/27/25, 2:08 PM

if it's same zone subrequests/fetching there's tons of special handling, not a blanket bypass through the waf though if fetching from a different zone/context of course though

R

ruan•3/27/25, 2:09 PM

what?

C

Chaika•3/27/25, 2:09 PM

zone/website is

test.com

test.com

test.com

test.com, worker

worker.test.com

worker.test.com

worker.test.com

worker.test.com fetching

origin.test.com

origin.test.com

origin.test.com

origin.test.com is a "same zone subrequest"

C

Chaika•3/27/25, 2:10 PM

if you're doing that there's tons of special handling on it, like bypassing other workers, etc. --remote dev is going to come from an entirely different context
maybe it helps more to reframe it: The "context", in this context, is the zone/website the worker is running on, not per account or anything like that

R

ruan•3/27/25, 2:30 PM

i dont understand

M

Mia•3/27/25, 7:20 PM

is there an (allbeit hacky) alternative to aegis so i can change the egress IP of my cf workers?

Original message was deleted

M

Mia•3/27/25, 7:49 PM

ah pity

If there are gaps preventing you from using Workers today (and instead choosing Pages), we’d love to

Similar Threads

Similar Threads

Similar Threads