How to avoid surprise charges
Hi! I'm assuming this is a common question but after searching I can't really find any relevant info anywhere... If I want to do a static website with R2 image storage, how do I make sure that I don't get spammed with requests and end up paying a lot more than I was expecting? Cloudflare says that you can get notified to avoid surprise charges but a notification doesn't really help if I'm sleeping or away from my computer. Is there a safer way to store images? If anyone could point me to an existing answer that would be helpful as well
8 Replies
I'm on the free tier btw. If possible I would like it to disable requests after hitting 10m class b requests or 1m class a requests/etc. if this is not possible I'm wondering what the next best solution is.
thank you!!!
If using an R2 Custom Domain w/ cache, requests which hit cache don't cost you a class B, sort of built in protection against at least simple mass download attempts. That + waf/rate limit/built in ddos protection helps protect you
Is caching set up automatically? Or am I worrying too much abt this lol. 10 million requests sounds like a lot but with all the web scrapers these days I feel like you can’t be too cautious…
There's default rules for specific content types. Plus what cache-control headers you specify on the objects (if any). Or you can make a cache everything rule to just force everything to be cached https://developers.cloudflare.com/cache/how-to/cache-rules/examples/cache-everything/ and for a longer/custom duration. If you're treating each object as immutable (which usually works best), you can set the time to a year or something crazy. Worth noting Cache duration/ttl is just a maximum, if the asset is unpopular it'll be evicted
ooof i just keep running into new questions... I might have to take a few steps back
usually I would be fine experimenting on my own but when it comes to potentially being charged for a mistake its a lot more stressful 😅
100 million read requests uncached would cost you only $36
I think the biggest foot gun with r2 is just the infrequent access storage tier, very little use cases for it, just stick to standard
ok so last question I promise
I'm serving content from R2 at this subdomain bc I can't make it serve from a subdirectory. will the wildcard rate limit rule still apply to the content I'm serving from R2?
I'm using pages if that's relevant
I'm rly sorry that I'm asking total noob level questions