Cloudflare Workers Ratelimiting
I'm finding rate limiting in workers is really strange and it almost never enforces a strict limit in any case. I have it set to 3 request per 10 seconds and my test script gets random results like 🎉 SUCCESS! Rate limiting triggered after 45 requests in 9 seconds! & 🎉 SUCCESS! Rate limiting triggered after 21 requests in 3 seconds! (this was after 2 lots of 60 requests completing without limiting). I should hit the same data center so don't think that's the cause.
2 Replies
https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/#performance
https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/#accuracy
The above also means that the Rate Limiting API is permissive, eventually consistent, and intentionally designed to not be used as an accurate accounting system. For example, if many requests come in to your Worker in a single Cloudflare location, all rate limited on the same key, the isolate that serves each request will check against its locally cached value of the rate limit. Very quickly, but not immediately, these requests will count towards the rate limit within that Cloudflare location.
i understand, but it's wildly inconsistent even in the same POP, so much so that you absolutely cannot guarantee it'll rate limit at any level you set.
i would have to apply some other ratelimit rules to reign it in because i can't have people going 10x over the ratelimit value before it decides to issue a 429.