DDoS Protection for the Workers API, and Does the DDoS Billing Waiver Also Apply to D1/R2?
I’m using ChatGPT for this translation, so please excuse any awkward English.
I’m planning to build a game leaderboard API on the paid tier of Cloudflare Workers.
Since Workers already come with built-in DDoS protection, would you still recommend:
attaching a custom domain,
placing that domain behind Cloudflare (orange-cloud), and
adding WAF / rate-limiting rules?
Or would that be over-engineering?
(The API is called directly from the game client, so JavaScript-based protections like Turnstile aren’t an option.)
Cloudflare states that we won’t be billed for traffic generated by a DDoS attack.
Does that waiver also cover any D1 queries or R2 operations that are triggered by those malicious requests passing through a Worker?
If these points are clear, we’re ready to adopt Workers for the project.
Thanks in advance!
I’m planning to build a game leaderboard API on the paid tier of Cloudflare Workers.
Since Workers already come with built-in DDoS protection, would you still recommend:
attaching a custom domain,
placing that domain behind Cloudflare (orange-cloud), and
adding WAF / rate-limiting rules?
Or would that be over-engineering?
(The API is called directly from the game client, so JavaScript-based protections like Turnstile aren’t an option.)
Cloudflare states that we won’t be billed for traffic generated by a DDoS attack.
Does that waiver also cover any D1 queries or R2 operations that are triggered by those malicious requests passing through a Worker?
If these points are clear, we’re ready to adopt Workers for the project.
Thanks in advance!
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
86,942Members
Resources
Similar Threads
Was this page helpful?
