Is Cloudflare rate-limiting outgoing requests from workers?

I have a worker that makes a single SQS request whenever it gets hit. I can trigger my worker 2,000 times in rapid succession without issue, but then I start to get Error 1101. After a short cooling-off period, requests continue to work as expected. Looking at my firewall events, I see the following:

Is cloudflare really blocking my requests to AWS’ sqs endpoint? Is there a way to turn this off? I’m on a paid Worker subscription.

Thanks

What workers plan and security settings do you have?

You could create a rule to disable some security features that trigger rate limiting.

I’m on the “Paid - pay-as-you-go” plan. The worker is unbound.

Which firewall rule would you recommend creating? It seems like firewall rules are only for inbound requests, not outbound.

What you are seeing is Cloudflare’s abuse protection for Workers kicking in, as you are sending thousand(s) of requests per second to a Cloudflare Worker.

https://developers.cloudflare.com/workers/platform/limits#request

Cloudflare’s abuse protection methods do not affect well-intentioned traffic. However, if you send many thousands of requests per second from a small number of client IP addresses, you can inadvertently trigger Cloudflare’s abuse protection. If you expect to receive 1015 errors in response to traffic or expect your application to incur these errors, contact Cloudflare to increase your limit.

So you will have to just create a support ticket and request Cloudflare support to increase that limit for you.

2 Likes

Give it a try and create a Rule where Security is Essentially off.

I gave the page rule a try and got the same result (Error 1101). I think the explanation by @arunesh90 is most likely the issue in that there may be some protection in place that one cannot turn off, but rather request higher limits.

I did run a test by triggering the rate limits from my local machine and then hitting the worker from a VM in a different location. That request returned a 202, so I suspect that the 500s will return only if a particular client sends way too much traffic.

I’ll keep an eye on my firewall events to monitor if this becomes an issue for my end users.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.