about workers protection

hey I want to only allow traffic from certian hostnames for my domain that is using workers also pages. is there any limits on how many 'OR' expression I can use or unlimited or
No description
12 Replies
Erisa
Erisa11mo ago
Change the operator to "Is not in" and then you can add a big list
Alvee
AlveeOP11mo ago
I want to rate limit all my endpoints including sub domains also. /* not working ig. what is the wildcard to target all
No description
Chaika
Chaika11mo ago
Ruleset engine doesn't support wildcards like that Actually, what are you trying to do there? Verfied Bots are the good bots who are whitelisted and identify themselves like Google Bot and such https://radar.cloudflare.com/traffic/verified-bots
Alvee
AlveeOP11mo ago
I am just trying to protect my cloudfalre worker from DOS attack what rules should I use for that
Chaika
Chaika11mo ago
if you just wanted to ratelimit everything, you can click Edit Expression and type "true", and it would match every request to your website/zone
Alvee
AlveeOP11mo ago
sounds good. will this work. requests 200 period is 10 second. what if attacker gave more then 200 under 5 second like attacker doing DOS have 1000 clients ready and send 40k under 5 second will this only come into affect after 10 second.
No description
Alvee
AlveeOP11mo ago
and the period I can't change to something else other then 10 seems like
Chaika
Chaika11mo ago
it's 200 requests within the last 10 seconds -> blocked for 10 seconds (block would be instant the second they breached it)
Chaika
Chaika11mo ago
the free plan is pretty restrictive, pro and higher has some more options: https://developers.cloudflare.com/waf/rate-limiting-rules/
Cloudflare Docs
Rate limiting rules · Cloudflare Web Application Firewall (WAF) docs
Rate limiting rules allow you to define rate limits for requests matching an expression, and the action to perform when those rate limits are reached.
Alvee
AlveeOP11mo ago
@Chaika love you ❤️ . it's working blocked 62k req out of 64k. seems like it's working.
No description
Alvee
AlveeOP11mo ago
btw it's only per client IP right. so other users still can use.
Chaika
Chaika11mo ago
yep it's per IPv4 /32 (single ip) and IPv6 /64 iirc
Want results from more Discord servers?
Add your server