Rate Limit System with Workers

The Rate Limit system of any website on Cloudflare should see the X-Forwarding IP instead of Cloudflare IP.

as if many users are trying to access a website using workers.
and its rate limit per ip is enabled. then users will face false rate limits.


here is an example.
it shows x-real-ip and cf-connecting-ip from Cloudflare Workers.
x-forwarded-for should be used while checking the rate limits.

This header can be spoofed though.

If you really want to rate limit based on a spoofable header that feature is available on Enterprise plans that include Advanced Rate Limiting:

If not, you can also do custom rate limiting logic within a Worker itself based on any custom criteria: