Cloudflare worker should not count OPTIONS and unauthorized accesses

Workers limits count everything.
So, imagine I use a worker for a personal project,
there is no way to “firewall it” to unauthorized requests.
Obviously I implemented it in the worker logic but the counter counts everything.
Since browsers send an OPTIONS request before the actual GET/PUT/DELETE, the counter counts double every request.
Also, if I check the origin or originating ip address and issue a 403, the request is still counted.

do not count if the result of the worker is anything different than 200 and do not count if the request is OPTIONS.

While I don’t agree with counting only 200 responses - Cloudflare will have to execute your script regardless of what response you eventually return - perhaps this can be resolved with a combination of putting your Workers on a custom route, on your own domain, and then adding a Firewall rule against that hostname or path that blocks OPTIONS requests.

Is there a better way to do this? Does the suggested option make sense? I’m not an expert either and seeking validation for this solution.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.