How to rate-limit and only allow request from specific origin for my worker?
Is it possible for my worker to only accept requests from my domain while also limiting the amount of requests people can do from that domain? In my case people can go to my website/domain and press buttons that fire events to my worker, now I want to prevent people from just spamming my worker till my costs explode. Is there any easy way to do this?
2 Replies
Not really. Assuming that this is an issue, there isn’t a surefire way to detect where a request is coming from
Though this applies to any HTTP-based origin, not just Workers
Hello
Nice to meet you.
Here is my view.
It is possible to configure your worker to only accept requests from your domain and to limit the number of requests from users.
This can be achieved through a combination of techniques including referer checking, rate limiting, and API usage monitoring.
You can inspect the Referer or Origin header to ensure that the request is originating from your domain. Rate limiting can be implemented to ensure that each user or IP address can only make a certain number of requests within a given timeframe.
If you're using cloud services like AWS, Cloudflare, or Google Cloud, their API gateways often come with built-in functionalities for rate limiting and request validation.