https://discord.cloudflare.com logo
Join Discord
Powered by
How do I disable ratelimits for a domain on a Clou...
# general-help
s
I have a Nextcloud instance that goes through Cloudflare Tunnel and I am consistently hitting the ratelimit. This has never happened before and I just want to get rid of it. I can't seem to figure it out, would appreciate any help, thanks!
f
Do you have any ratelimiting configured on your domain?
s
No
I never changed any of the ratelimiting rules, this appears to be new default behavior
f
search that ray in your events and see whats blocking it
s
e
The rate limit with rule ID of worker can be removed upon request to support if you are on a paid Workers plan. Please create a support ticket.
?support
h
To contact Cloudflare Support about an issue, please visit the [Support Portal](https://dash.cloudflare.com/?to=/:account/support) and fill in the form on the portal. After submission, you will receive confirmation over email. Some issues, such as Account or Billing related issues, cannot be solved by the community. Any plan level can open a ticket for these topics. For more information on the methods by which you can contact Support for your plan level, see [Contacting Cloudflare Support - Cloudflare Docs]()
e
The limit is documented here > Cloudflare’s abuse protection methods do not affect well-intentioned traffic. However, if you send many thousands of requests per second from a small number of client IP addresses, you can inadvertently trigger Cloudflare’s abuse protection.
i
wait, how did you access example.com?
it shouldn't be your domain.
e
They probably used inspect element to redact their domain
the same way it says ipv6-address
which is the high effort way to do it
s
Wait, so I cannot get rid of this if I'm on the free plan?
e
Are you on Workers Free?
s
Yeah
e
In fact, are you using Workers at all?
Can you explain more?
s
I never messed with that stuff
All I'm using are Cloudflare Tunnels to access nextcloud and other services
My guess is that Nextcloud is sending a bunch of individual requests when syncing, which causes it to constantly hit the ratelimit
e
That's odd then since the rate limit is specific for Workers. Do you have other "Optimization" features enabled on the zone like Early Hints or Automatic Signed Exchanges?
s
I was setting up a new computer, which meant downloading all the files I want to be synced. I've done this many times before without any issues on the Cloudflare-end of things, so it's odd to see it ratelimit now
Where can I check that?
e
Also the IPv6 address you redacted, is it 
2a06:98c0:3600::103
? That's the IP for requests coming from Workers
s
No
It's my actual IPv6 address (just looked it up)
e
Okay
Can you check the optimization settings then?
s
Yeah doing that rn
e
I'm wondering if one of the ones which is implemented with Workers in the backend might be interfering
s
e
Its cropped too early for me to see Early Hints
s
My bad
It's enabled
Should I disable it?
e
Yes can you try disabling it
I appreciate this isn't something that's made immediately clear and actually shouldn't be happening in the first place, but hopefully it helps
s
I'll have to wait until tonight when I'm back at the computer with the issue (the big nextcloud sync). I'll let you know if it fails or succeeds, thank you for your help
e
The logic I'm followiig here is that Early Hints is implemented using a Worker in the backend of the feature, so its possible the system is mistakenly attributing these Worker requests to your zone and rate limiting them with the Worker rate limit
No problem, ping me whenever and I'll respond if/when I'm around
s
One extra thing to note: The one thing I did change recently was adding a configurable "offline" page to show when a KVP is true, which is to be used when my server is under scheduled maintenance. I am using workers routes for these. I'm not too familiar with this, so perhaps that could have been the cause?
e
Is the route active all the time?
s
Actually I think so
It's only supposed to show a separate page when a KVP is set to true
But I think everything is always going through it, which could explain the ratelimit
The worker:
Copy code
js
export default {
  async fetch(request, env, ctx) {
    const url = new URL(request.url);
    if (url.pathname === "/status") {
      let currentState = await env.MAINTENANCE_KV.get("maintenance");
      return new Response(`Maintenance mode ${currentState}`, { status: 200 });
    }

    let maintenanceMode = await env.MAINTENANCE_KV.get("maintenance");

    if (maintenanceMode === "on" || url.toString().includes("maintenance.example.com")) {
      const html = <"html of the page as a string">;
      return new Response(html, { status: 503, headers: {
        "content-type": "text/html;charset=UTF-8",
      }, });
    }
    return fetch(request);
  },
}
Can I disable it without deleting it? I don't see a button anywhere
e
You can remove the route but keep the worker
Then to re-enable just add the route back
s
I have like 8 routes though
That's quite tedious
e
Well
There isn't a disable button, sorry
s
Unfortunate
e
And yeah if your requests are going via a Worker and you dont have Workers Paid then seeing limits is expected and the first step to prevent that is to subscribe to Workers Paid. Also if you check the settings for each route, there should be a "fail open"/"fail closed", make sure thats set to fail open
s
Alright
I don't use workers enough to justify paying for it, so I think I'll just remove it for now. This is probably resolved now, thanks again for your help
e
Sure no problem, let me know if it comes back
2 Views
PreviousNext
Powered by