Prevent direct subdomain access and require redirect

Ch0nG · January 11, 2023, 2:50am

I have a website where the photos are using a Backblaze bucket accessed via CNAME:

i.example.com/myphoto.jpg

Because Workers aren’t allowed on CNAMEs (outside Business/Enterprise accounts), I am currently redirecting incoming links like this to run a Worker:
img.example.com/myphoto.jpg → Page Rule redirect → i.example.com/myphoto.jpg

However, if a user accesses i.example.com/myphoto.jpg directly they bypass the Worker. I’d like my users to hit the Worker domain before seeing the photo(s). Is there a way to block direct access to i.example.com/* unless they hit the Worker domain first?

I tried a Firewall rule blocking i.example.com unless img.example.com was the referrer. But this didn’t work and just blocked i.example.com access even after the redirect.

cbrandt · January 28, 2023, 5:22pm

Hi,

If adding a query string is ok in your case, you could add a QS with the Worker, then have a Redirect Rule (Dynamic Redirect) for i.example.com conditional on not having the QS.

Ch0nG · February 5, 2023, 3:59am

Hi!

Thanks for the reply. I ended up doing something a bit different. Since I’m using Backblaze B2, I ended up following this guide. Now the content is only available via Workers Custom Domains, so the Workers cannot be (easily) bypassed.

As a bonus, the content returns an error if it is somehow accessed directly/outside Cloudflare.

Topic		Replies	Views
How to redirect if user direct access to image file by browser? Rules	13	4380	March 1, 2022
Use Cloudflare Worker as DNS proxy Workers	1	2893	May 19, 2020
Allow user to access site behind workers Workers	2	2017	August 6, 2021
Cname to a subdomain on an (origin-less) Workers route Workers	2	3114	May 3, 2020
Make subdomain appear as subdirectory with workers AND BLOCK ACCESS TO SUBDOMAIN DIRECTLY Workers	2	2531	January 29, 2021

Prevent direct subdomain access and require redirect

Related topics