Setting bill (or image delivery) limit for Cloudflare Images

Hi there,

I’m concerned about the possibility of a bad actor initiating an excessive number of requests for images uploaded to Cloudflare Images, which could potentially lead to significant unexpected bills (i.e. think DDoS-style attack, where some bot is furiously trying to download my publicly accessible images).

I’m aware of the following options, none of which properly mitigate the above risk in my eyes:

  • Setting a image usage notification (i.e. get an email when more than X images are delivered). This is helpful but doesn’t prevent bill shock if a bad actor makes a ton of requests while I’m say asleep in bed (or so rapidly I can’t respond in time). I’m not sure how many image deliveries could potentially be made in this scenario, but seems safer to assume “more than I’m comfortable with”.
  • Making my images signed / only privately accessible. This is not desired for my use case, and even if I did do this, I’d want “all signed-in users to be able to access all uploaded images” for my use case. A signed-in user could potentially be the bad actor, so this doesn’t really help me.

I also know Cloudflare has some rate limiting features, but they don’t appear to be applicable for the “Cloudflare Images” end-to-end product if that makes sense.

Is anyone able to advise how the scenario I’m worried about could be avoided or effectively mitigated? Ideally, I’d just be able to set a billing or usage cap, but failing that I’d want some way to be confident someone can’t just incur practically unlimited costs.

Thanks in advance :slight_smile:

1 Like

This topic was automatically closed after 15 days. New replies are no longer allowed.