Cloudflare R2: How to publicly expose a bucket, set limits for monthly requests

For Workers & Pages, what is the name of the domain?

N/A

What is the issue or error you’re encountering

How can I make access to a bucket public and set limits for the number of monthly requests to prevent cost overrun?

What steps have you taken to resolve the issue?

I am uploading hundreds of thousands of tiled image files to R2 for a hobbyist project and would like to make them publicly accessible for the demonstration page. The tiled images will be requested rapidly to display the tiled asset and because this is a hobbyist project I would like limit the amount of requests that are allowed to happen in a month to avoid racking up charges I’m not prepared to pay. I thought I’d be able to adjust these settings in the “bucket settings” page but it doesn’t seem to be clear how to do.

Here is what I would like to toggle specifically:

• Make access to the bucket public using the following API: https://<account_id>.r2.cloudflarestorage.com/<bucket_id>.
• Limit access to the above bucket to a specific set of domains.
• Set a maximum number of Class B operations (like get object) to a max number after which the bucket will shut down until the next billing cycle. I would like to set it to something like 10-20 million requests per month.

I have seen that enabling the R2.dev subdomain will make the data public but will also disable caching and rate limit the quests which I do not want.

Thank you!

There’s no option to limit requests directly. Someone may have better idea, off the top of my head I’d suggest using a custom domain (say cdn.example.com) to make the bucket public for your application (the S3 API doesn’t cache the files as far as I’m aware). You can use a script on your server, or a cron Worker, to periodically check the number of operations through the Cloudflare API and then automatically enable a WAF custom rule to block access to the custom domain when the limit is close/exceeded.

Assuming the images aren’t changing, you can put a longer cache time on them and this will reduce the number of requests to the origin bucket to lower your bucket requests and costs significantly as well as improving performance.

Thanks - sounds like R2 might not be for me which is a shame because I’d far rather use and recommend Cloudflare than some of the other larger players. It looks like Google Cloud Projects supports these kinds features (straight forward alerts, public access, CORS control).