How to Restrict Access to Cloudflare Workers Firewall?

What is the name of the domain?

mydomain.com

What is the issue you’re encountering

Restrict Access to Cloudflare Workers Firewall?

What steps have you taken to resolve the issue?

Hi all, I’m new to Cloudflare and looking for advice on securing my deployed workers. I have two workers with the following endpoints: test-worker1.devops.workers.dev,test-worker2.devops.workers.dev
When I send POST requests to these endpoints, my code runs as expected, and I receive the correct responses. However, I now want to restrict access to these workers. Here’s my approach:

  1. Purchase a custom domain.
  2. Set up Cloudflare Zone-level Web Application Firewall (WAF) with custom rules (IP allowlist and URI path restrictions) for the domain.
  3. Disable the .workers.dev trigger and configure new routes for the workers under my domain:
    Worker 1: mydomain.com/worker1*
    My questions are:
    If I access the route (hit browser mydomain.com/worker1), does the WAF evaluate the request first (blocking or allowing based on the IP list) before passing it to the worker?
    Do I need to make any additional DNS or SSL configurations for the newly created routes (mydomain.com/worker1*) if yes please guide to configure, or is the current setup sufficient?
    I’d appreciate any suggestions or alternative approaches for securely restricting access to my workers.

Yes.

Make sure the hostname you are using for the Worker has a proxied DNS record. If it is just for Workers routes and doesn’t have an origin server for other paths, use AAAA 100:: in the DNS.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.