Transform URLs in cloudflare images via a subdomain of a zone
I have a zone called
example.com in cloudflare, I want to transform images stored in my s3 bucket via something like images.example.com. What DNS records should I add and what settings should I enable to achieve this?
I have added vercel's IP address in the A record and vercel's CNAME record in the CF dashboard. example.com is a website deployed in vercel. These are the only 2 records added currently.
If I go to https://www.example.com/cdn-cgi/image/width=100/https://bucket.s3.ap-south-1.amazonaws.com/pic.jpg , I am getting a 404 page.3 Replies
www.example.com needs proxy on it. Then if you're still getting a 404, ensure you enable Transformations on your zone under Images -> Transformations. If you get Forbidden, you need to enable "Resize from any origin" under Images -> Transformations -> click on your zoneYeah got it. Thank you.
I am doing the transformation using URLs. I pass my S3 url to the /cdn-cgi route and get it transformed. But this works with any URL. Can I restrict it to transform URLs only from my specific S3 bucket?
Workers w/ Image Resizing are the most flexible way to restrict what urls are able to be resized: https://developers.cloudflare.com/images/transform-images/transform-via-workers/
Alternatively you can mess with WAF Rules which also run on /cdn-cgi.
For example something like
(starts_with(http.request.uri.path, "/cdn-cgi/image/") and not http.request.uri.path wildcard r"*/http*bucket.s3.ap-south-1.amazonaws.com/*")
Not 100% sure that escapes all other ways to get around it, but you can play around with a bit. You could also just whitelist exact resizes by URI Path in <list of allowed resizes>Cloudflare Docs
Transform via Workers · Cloudflare Images docs
Using Cloudflare Workers to transform with a custom URL scheme gives you powerful programmatic control over every image request.