What’s defined a good request?
A request that passes rate limiting.
I will have to keep my eyes peeled for an update introducing caching in front of workers.
Maybe this works?
Nope, the Worker is still called.
You could use the global variable, to see if users are abusing your worker.
If so call the cloudflare api
Then they should be block from using your worker.
I had the same idea this morning and it should work.
Like, adding a rate-check inside the worker and then add the IP to a KV block-list, after 10 consecutive abuses the IP is blocked via the API.
Plus, we could monitor blocked requests via the Firewall event log and whitelist any IP that we know are not abusers.
Good thinking guys. A neat solution.
The value proposition of just being able to say this response should be served from cache rather than invoking a worker is overwhelming though. For example, a high traffic version of the coinbase api example; one would expect the cost benefit to go something like, let’s update the bitcoin/alt price every minute, not on every request. That appears to be missing and ironically is from what I can tell, the original value add from cloudflare.
Also consider the benefits in decreased costs elsewhere that would make up for the increase in cost…even the potential abuse. Also factor in the increased revenue from the site (depending on how it is monetizing).
Also if you are under attack you could shut workers off and or request a refund from Cloudflare
I doubt that.