We just opened a Cloudflare Images account. Users on our websites (f.e. wordclouds dot com, photoeditor dot com) can create images and upload them to Cloudflare images, then share the URL.
Since yesterday, 119 images were uploaded on these sites. That’s not that many. We now see that we have 473.536 requests on these images. That’s insane!
Somebody is abusing our images and mass downloading them. The problem is… we have no idea who/where/why.
It would be so helpful if there were any dashboard or logfile that helps us finding this guy/girl so we can block him (or her).
What can we do to prevent scriptkiddies from mass-downloading our images stored on Cloudflare images?
If you are on a free account, there’s no logging to give you the details you need.
There’s several options to protect the site. Short term, rate limiting is the quickest and easiest to get running (just 1 rule for free accounts).
Longer term, if you want more detailed logging and limiting, you could look at building a worker to handle, log and filter incoming requests, or look at a paid account that offers the features you need.
You can set a private key, then use a Worker to serve these images through your own domain:
3 Likes
We’re on a paid plan, Basic for now. Willing to upgrade if the issues are mentioned are handled.
If you are on a free account, there’s no logging to give you the details you need.
There’s several options to protect the site. Short term, rate limiting is the quickest and easiest to get running (just 1 rule for free accounts).
Does this apply to Cloudflare Images too? We do also have a “regular” Cloudflare account for caching static assets, that all works fine. I am looking specifically for a solution for Cloudflare Images.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.