mTLS rule does not apply to workers.dev subdomain

Greetings,

I have a worker deployed with a custom subdomain and have enforced a mTLS rule for authenticating requests. While the mechanism works without any problem on custom subdomain, on the workers.dev subdomain does not work. The rule is explicitly configured for both domains.

Does anyone have any clue on how to resolve this?

Is this a WAF rule? If so, then rules in your domain zone aren’t going to apply to a workers.dev hostname.

Yes, it’s a WAF rule. Is there anything else I could be able to do in order to enforce it or not?

No, you can’t use rules on a workers.dev, your easiest option is to run the Workers exclusively on custom domains and disable the workers.dev route.

There may also be some mTLS properties exposed within the Worker which you can try checking:

2 Likes

You have a point. I completely forgot that the runtime provides those properties.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.