Scrape Shield 'Hotlink Protection' is blocking requests inside on the Worker

My domain on CloudFlare has Scrape Shield Hotlink Protection enabled, when a request inside the Worker is made using the Header ‘Referer’ to a AWS S3 bucket the request is blocked by CloudFlare with the message error code: 1011.

Example:

addEventListener('fetch', event => { 
  event.respondWith(handleRequest(event));
});

async function handleRequest(event) {
  const request = await fetch("http://MYBUCKET.s3-website-us-east-1.amazonaws.com/test.jpg",{
    method: "GET",
    cf: { scrapeShield: false },
    headers: {"Referer": "MY-HASH"}
  });
  return new Response(
    request.body,
    { status: request.status, statusText: request.statusText, headers: request.headers  }
  );
}

cloudflare-worker

This request returns the body error code: 1011, but if I remove the header ‘Referer’ it works. The curious thing is in the worker Quick edit works perfectly, but when I access using my domain it returns the error.

Can someone help me? Thanks

I would recommend joining the Workers discord server and I’m sure someone will be able to help :slight_smile:

1 Like