How to avoid surprise charges

Hi! I'm assuming this is a common question but after searching I can't really find any relevant info anywhere... If I want to do a static website with R2 image storage, how do I make sure that I don't get spammed with requests and end up paying a lot more than I was expecting? Cloudflare says that you can get notified to avoid surprise charges but a notification doesn't really help if I'm sleeping or away from my computer. Is there a safer way to store images? If anyone could point me to an existing answer that would be helpful as well

moleOP•7/25/25, 4:01 AM

I'm on the free tier btw. If possible I would like it to disable requests after hitting 10m class b requests or 1m class a requests/etc. if this is not possible I'm wondering what the next best solution is.

moleOP•7/25/25, 4:05 AM

thank you!!!

Chaika•7/25/25, 4:07 AM

If using an R2 Custom Domain w/ cache, requests which hit cache don't cost you a class B, sort of built in protection against at least simple mass download attempts. That + waf/rate limit/built in ddos protection helps protect you

moleOP•7/25/25, 4:16 AM

Is caching set up automatically? Or am I worrying too much abt this lol. 10 million requests sounds like a lot but with all the web scrapers these days I feel like you can’t be too cautious…

Mmole Is caching set up automatically? Or am I worrying too much abt this lol. 10 mill...

Chaika•7/25/25, 4:46 AM

There's default rules for specific content types. Plus what cache-control headers you specify on the objects (if any). Or you can make a cache everything rule to just force everything to be cached https://developers.cloudflare.com/cache/how-to/cache-rules/examples/cache-everything/ and for a longer/custom duration. If you're treating each object as immutable (which usually works best), you can set the time to a year or something crazy. Worth noting Cache duration/ttl is just a maximum, if the asset is unpopular it'll be evicted

moleOP•7/25/25, 4:47 AM

ooof i just keep running into new questions... I might have to take a few steps back

moleOP•7/25/25, 4:48 AM

usually I would be fine experimenting on my own but when it comes to potentially being charged for a mistake its a lot more stressful

Chaika•7/25/25, 5:17 AM

100 million read requests uncached would cost you only $36

Chaika•7/25/25, 5:17 AM

I think the biggest foot gun with r2 is just the infrequent access storage tier, very little use cases for it, just stick to standard

moleOP•7/25/25, 5:55 AM

ok so last question I promise
I'm serving content from R2 at this subdomain bc I can't make it serve from a subdirectory. will the wildcard rate limit rule still apply to the content I'm serving from R2?

moleOP•7/25/25, 5:57 AM

I'm using pages if that's relevant

moleOP•7/25/25, 5:58 AM

I'm rly sorry that I'm asking total noob level questions

How to avoid surprise charges

Similar Threads

Similar Threads

Similar Threads