I don’t even use workers. In just 1 day this spike and warnings about upgrading to avoid service disruption.
What going on? How do I find what using these workers?
1 Like
You can find the Workers here: https://dash.cloudflare.com?to=/:account/workers-and-pages
It looks like you have one on your account from 2019 and it saw a big increase in requests since ~8:30am UTC
2 Likes
How do I delete this? What is it? I have made no changes and have not knowingly enabled or used workers.
Now my website is down also:
I was not even in office when these warnings started being emailed. From 75% to exceeded in 1 hour this morning. No changes overnight.
Go to the link → go to the Worker → Manage application → Delete
This was definitely a Worker you setup, it was just years ago and you have likely forgotten. We don’t automatically create Workers and especially not set them up like this.
2 Likes
So if setup in 2019 why is it suddenly being used?
I found this:
So I setup some sort of edge cache?
it’s always been used, you just never hit the daily limit until today. Your traffic has dramatically increased since this morning UTC.
Seems like it.
1 Like
Not valid traffic it seems, because not seeing any change in analytics. Support has removed the limit so the website is back online.
I am just curious of how the edge cache kv namespace was created so I can avoid this in the future.
CF support? The Worker was deleted, that’s why the traffic is going through again
Yourself or someone with access to your account created it. I can’t give anymore details but all I can say is this was not created by Cloudflare.
1 Like
No, I’m in live chat with support. They said to check the website, and it should be back online because they removed the limit. I checked it and it was back online.
Then, a few minutes later, I saw your response, which I also pasted into the live chat as well. I then deleted the worker from 2019 as per your advice. But the website was already online.
Ok, and thanks for your help. 2019 is a long time ago and audit logs don’t go back that far. In any case, I’ve deleted everything worker or KV related that I found.
2 Likes
When I deleted the edge cache worker, I now see this in the audit log:
Has deleting the worker and kv affected tiered caching?
No, if that zone isn’t your workers.dev then that’s something to discuss with your provider. If it is, you can ignore it.
Apologies, that went over my head. What is workers.dev and I didn’t know I had a “provider” how do I find out who is my provider?
The support team you chatted to, that doesn’t seem to be Cloudflare and they’re your provider. workers.dev is the default zone for Workers, if that zone_name isn’t <something>.workers.dev then you should chat to your provider.
Unless I’m missing something, it was Cloudflare support:
I accessed the chat by clicking the “chat” icon at the bottom-right while logged into dash.cloudflare.com.
Ok interesting, I didn’t see live chat on your account but cool.
I’d reply to the ticket asking about that then, I’m not sure what happened there.
Ok, I will ask in the Cloudflare chat generated support ticket.
I received another email about exceeding worker requests limit. I already deleted workers and have not logged in since:
Should these be ignored? Or will the website be blocked again?
Thanks.
I don’t see any requests since they got deleted so you’re good to ignore, not sure why it sent again.
1 Like
Thanks @Walshy
Regarding the cause of the original issue. I checked Cloudflare Analytics & logs and found that there were 150k+ requests to this path on the domain /wp-login.php.
I checked the server and found that the IP was already blocked via the fail2ban retry limit. But was not blocked via Cloudflare.
I tested by adding an IP to the blocklist and then visited //server_ip/wp-login.php. Where the IP was blocked correctly with:
However, when I visited the URL through Cloudflare (using domain_com/wp-login.php), it was not blocked.
I was able to resolve this by using Fail2ban with Cloudflare’s API so that now blocked IPs on the server are added to Cloudflare’s IP Access Rules so that they are blocked there also.
I’m still unsure how and why this triggered the usage of the worker or KV features. But those remain deleted in my CF account.
Thanks again for helping me! 
2 Likes
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.