Blocked cron
Okay, looks like I understand what's going on, when you trigger the workflow it seems to initiate the worker near your geographic location. When done through
cron it seems to do it from other geographic locations. I have a security rule to block all traffic to the worker that's not from the United States and it seems that, as of recently, my cron-scheduled workflows are being instantiated outside of the United States in Poland or Singapore which is causing them to be blocked by the security rules.
Is there a way to force location of execution of workflows or whitelist / exempt same account workers from security rules?2 Replies
Hey sorry about that. I am not sure regarding what you could do on security rules side of things.
The way I would do it is by having a Durable Object triggering your workflows and have that DO run on a specific jurisdiction.
Your DO would set an alarm to run every x minutes/hours/days and inside the alarm you do everything you would do on your cron.
You can find out how to use jurisdictions here. https://developers.cloudflare.com/durable-objects/reference/data-location/
Cloudflare Docs
Data location
Jurisdictions are used to create Durable Objects that only run and store data within a region to comply with local regulations such as the GDPR or FedRAMP.
Good to know and I'll look into this. Shame, since it makes it a lot more complex as opposed to just setting a scheduled
cron trigger on the worker.
What's odd... this was fine up until a week ago and then I started seeing issues with the workflow. It was a real pain to detect what was actually going on since, on the dashboard, these types of blocked requests don't manifest themselves in any noticeable way; you have to dig into the security rule itself and inspect each blocked request.
I appreciate the suggestion @avenceslau and I'll dig into that!
Not that this is a priority, but it would be nice to be able to see what datacenter workflows based on scheduled handlers are being executed from. I don't see anything in the observability logs related to the location of the worker/workflow's execution like you would in a normal incoming request handled by a fetch handler.