Error Code 1003 (HTTP status 403) with HTTP Service Bindings API calls including db connection
We're experiencing frequent
- Error code 1003 is documented by Cloudflare as "Direct IP Access Not Allowed" https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1003/ - Errors occur primarily during OpenNext cache revalidation processes - Same error occurs whether using Cloudflare RPC or HTTP Service Bindings for API communication Technical architecture: - Frontend: Next.js app deployed via OpenNext on Cloudflare Workers - Backend: Hono API running on Cloudflare Workers - Database: Neon serverless driver (drizzle-orm/neon-http) - Communication: Frontend → Backend API calls use HTTP Service Bindings - Note: We are NOT using Hyperdrive Based on the 1003 error, could it be that when Cloudflare Workers communicate with Neon, the fetch requests get optimized by Cloudflare and end up using direct IP addresses instead of domain names? Or are there other potential causes? Any troubleshooting tips would be greatly appreciated.
NeonDbError: Server error (HTTP status 403): error code: 1003 errors.
- Error message shows "NeonDbError" but we suspect this is actually Cloudflare's error code 1003, not a Neon-originated error
- Neon Support confirmed: Database was operating normally during error timestamps, no 403 errors logged at database layer- Error code 1003 is documented by Cloudflare as "Direct IP Access Not Allowed" https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1003/ - Errors occur primarily during OpenNext cache revalidation processes - Same error occurs whether using Cloudflare RPC or HTTP Service Bindings for API communication Technical architecture: - Frontend: Next.js app deployed via OpenNext on Cloudflare Workers - Backend: Hono API running on Cloudflare Workers - Database: Neon serverless driver (drizzle-orm/neon-http) - Communication: Frontend → Backend API calls use HTTP Service Bindings - Note: We are NOT using Hyperdrive Based on the 1003 error, could it be that when Cloudflare Workers communicate with Neon, the fetch requests get optimized by Cloudflare and end up using direct IP addresses instead of domain names? Or are there other potential causes? Any troubleshooting tips would be greatly appreciated.
2 Replies
Let me share some additional information.
I wrapped the fetch function in drizzle-orm/neon-http with try-catch for logging and obtained the following error log. This is the result of HTTP communication with Neon using their serverless driver.
Connection method reference: https://neon.com/docs/serverless/serverless-driver#use-the-driver-over-http
Attaching the full log file due to character limits. Here's a shortened excerpt with key information:
(Some information has been masked/omitted. If Cloudflare support needs the full details for investigation, I'm happy to share them privately.)
Summary:
- Made a fetch request to host:
api.ap-southeast-1.aws.neon.tech
- Received a 403 response from server: cloudflare with cf-ray header
- Response body contains: "error code: 1003"
It appears we're getting error code 1003 despite not performing any Direct IP Access as described in the documentation:
https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1003/
Does anyone have any clues that might help resolve this issue?
Thank you for looking into this.Did you ever find a resolution?
We see this exact same issue with upstash. Only happened after we called the worker with a http service binding. Works fine via rpc