0xAsimetriq
0xAsimetriq
PostsComments
CDCloudflare Developers
Created by 0xAsimetriq on 4/30/2024 in #general-help
Set up WAF rate limiter for all paths
Hi everyone, I'm on workers free plan and am wondering if a WAF rate limiting rule can be set and applied to all paths of the domain? My use case is as follows 1. I created an R2 bucket and assigned example.video domain to it 2. I went into WAF settings of mentioned domain and under rate limiter set it to block per ip after 1 request, I left path empty which gave (http.request.uri.path eq "") as expression I was hoping that after making 2-3 requests I'd be blocked, but it seems this rule is not applying. Is there a different expression I can use to rate limit all requests for this domain, or this requires a paid plan?
4 replies
CDCloudflare Developers
Created by 0xAsimetriq on 6/23/2023 in #pages-help
Serving ./well-known/apple-app-site-association file from pages
I'm using next js's static file export feature and uploading my website to pages (so not using functions). I added apple's universal linking verification file today at next js's public/.well-known/apple-app-site-association path. And it does get picked up when I visit the site, however instead of showing contents it gets downloaded. Apple requires devs to serve this file as json. I added _headers file to public/_headers location with following contents 
/.well-known/apple-app-site-association
  Content-Type: application/json
/.well-known/apple-app-site-association
  Content-Type: application/json
And deployed, however it seems to have no effect and file still gets downloaded. Would appreciate any advice on how to resolve this without using functions if possible.
3 replies
CDCloudflare Developers
Created by 0xAsimetriq on 5/21/2023 in #workers-help
Can cloudflare's api gateway be used to rate-limit workers api?
I'm wrapping up development of my api on top of Cloudflare's workers and am about to start setting up rate-limitting. Initially wanted to do this via serverles redis, but it looks like WAF https://developers.cloudflare.com/waf/ achieves the same. But I cant manage to find this setting under my workers page. I believe it is only available for domains? Am I correct in assuming that in order to limit my workers routes, I can only do so when custom domain is set up for it?
2 replies
CDCloudflare Developers
Created by 0xAsimetriq on 4/26/2023 in #workers-help
Is it possible to access env variables outside "fetch handler"
Hey everyone. I'm trying to set up few libraries that rely on on environment secrets, but it seems as if these secrets are only available on env object inside fetch handler? I am using https://hono.dev as a routing library and believe the only way to set up something like supabase client at the moment is via middleware 
app.use('*', async (ctx, next) => {
  const supabase = createClient(ctx.env.SUPABASE_URL, ctx.env.SUPABASE_SERVICE_ROLE_KEY, {
    auth: { autoRefreshToken: false, persistSession: false }
  })
  ctx.set('supabase', supabase)
  await next()
})
app.use('*', async (ctx, next) => {
  const supabase = createClient(ctx.env.SUPABASE_URL, ctx.env.SUPABASE_SERVICE_ROLE_KEY, {
    auth: { autoRefreshToken: false, persistSession: false }
  })
  ctx.set('supabase', supabase)
  await next()
})
Is it correct to assume that this is the only way or am I missing something obvious here that allows me to get env variables in global scope as well? Thank you
3 replies