Rate Limit on Workers?

Hi,

we are currently developing a part of our api with the help of Cloudflare Workers (which I think are a great feature by the way). If we test this api with our unit tests, we get back errors after about 100 requests to our api.

Also strange is, that we get a 429 status from Cloudflare for some routes of the api (those routes which end in a fetch to one of our file backends), but a 404 status for some other routes which solely run in the Cloudflare worker.

If we wait a few minutes the tests which failed before run now without a problem, so this couldn’t be a bug in the api or tests.

We do not have activated the Rate Limiting feature under Firewall, so we wonder if there is some internal rate limiting for workers.

The documentation says:

Cloudflare does impose a number of abuse protection methods which are designed not to affect well-intentioned traffic. If you send many thousands of requests per second from a small number of client IP addresses, you can inadvertently trigger some of the protection methods. If you receive 1015 errors in response to traffic you believe should be allowed, please contact us to have the limits adjusted.

But we’re clearly don’t have thousands of requests per second with our tests (rather 100 per minute) and we also don’t get 1015 errors.

Does anyone know about such limitations or can help us with some information, because in production there will certainly be a little more then 100 request for one client (and therefore one ip) per minute?

Thank you in advance

Hi @Boogie97,

If you look at the body of the 429 error response, does it mention error code 1015? (Error 1015 is normally associated with a 429 HTTP status; you need to look at the message body to see the Cloudflare error code.)

If you are seeing 1015 errors, please file a support ticket to have us lift your limits.

Note that the anti-abuse measures mentioned in the docs apply to subrequests, so requests handled entirely in your workers would be unaffected. The 404 response you are seeing there must be unrelated.

1 Like

Hi @KentonVarda,

I’m sorry, I missed the error code. You’re right, we’re getting 1015 in the body of the 429 page. I’m certainly sure the 404 on the other route is somehow connected to this rate limiting (because it only shows when we also get the 429), but then it should be solved anyway if the 429 is gone.

Thank you very much for the fast reply and your help. We will file a support ticket and try it again then.

Hi @KentonVarda I’m also seeing lots of 1015 when sending parallel requests from single IP, will contact support of course. Could you please confirm that if that ‘anti abuse logic’ kicks in any ‘origin url’ is inaccessible? I was trying to figure out why I receive no logs (sending them via http to external logger) when there is 429/1015 error, could it be that in case of too many requests all origin requests are handled this way so there is no way to actually log such incident?

@tadeuszwojcik Yes, it’s likely that requests to the logger would be blocked at the same time… that does seem sub-optimal. :confused: Good news is we may be replacing this with a totally different approach soon. But you should still file the support ticket.

2 Likes

Thanks for confirmation and quick reply. It was getting me crazy as at first assumed that something with my logging code is wrong. I’ve filed the support ticket hope those limits will be lifted as otherwise will have to look for different hosting which would be less then ideal as really liking workers so far!

@Boogie97 did you overcome issue with rate limiting? I’ve contacted support (twice), noticed that issue is marked as ‘solved’ today, tried again and still receive the same 429/1015 worker error. It was enough to send around 2000 requests per minute to start seeing this issue occurring again.

EDIT:
@KentonVarda thanks for your help and resolving this issue quickly! really appreciate that! After limits being lifted all is working well now!