is it safe to access worker in client code ?
Hi I have an application that needs to access workers in client code and worker has the authentication code to authenticate the request using jwt. But I am wondering about the security about using workers in the client code.
say there is DDOS attach toward my worker. first, will i get charged ? second, how to mitigate the ddos attack ? do i need to add some code in my worker to prevent that such as IP rate limit ?
3 Replies
say there is DDOS attach toward my worker. first, will i get chargedYes, however you can open a case with Billing support if it was not a reasonable amount of traffic and you feel the charge was unfair
second, how to mitigate the ddos attackDisable the workers.dev route, put the Worker on a custom domain/route and configure strict Rate Limiting WAF rules (included free with Cloudflare on any zone plan) https://developers.cloudflare.com/waf/rate-limiting-rules/ you can also use the WAF to do various other things, like block requests without a certain header or not from a certain IP
do i need to add some code in my worker to prevent that such as IP rate limitNot really, once you start adding state (e.g. KV) to keep track of IPs your costs skyrocket. its best to stick to a custom domain with rate limiting WAF rules
hi @Erisa | Support Engineer , thanks for your answer. i will look at rate limiting. I have another question related to using r2 bucket in browser side as well. say client is authenticated using provided session on server side and needs to read the data belong to his on r2 bucket. if i'm using public r2 bucket associated with a custom domain, how to authenticate the client using the provided session ? does it have to go through a worker ?
You can restrict access to public buckets using WAF Token Authentication or Cloudflare Access: https://developers.cloudflare.com/r2/data-access/public-buckets/#access-control