Cloudflare Worker Unexpected High Usage of API Requests – How to Avoid Surprising Billing?

I was a bit surprised to see the billing spikes this month for CloudFlare Worker. As one of the “Free” API has a huge number of requests.

Surprising CloudFlare Worker Billing

Everything comes at a price. The CloudFlare worker has the following pricing plans:

CloudFlare Worker Pricing Plan

I contacted the CloudFlare’s Technical/Billing Team, and they provide me the details of Usage:

CloudFlare Worker Usage Details

And they added:

Workers Usage Review

We have reviewed your account records as well as the respective Workers charges linked to the usage period of 07/25/2022 – 08/24/2022.

When doing so, we are pulling the data for the usage period in a different system from the one that was used to collect data for invoice CFUSA5139857, which was issued on August 25th, 2022. We then pull the data and compare against the one on your invoice.

We consider what you have been invoiced correctly if:

The second data set shows the same usage amount as the data set you were invoiced for,
The second data set shows a usage amount that is slightly above the usage amount in the data set you were invoiced for,
The second data set shows a usage amount that is slightly below the usage amount in the data set you were invoiced for.
We consider that you have been invoiced incorrectly if:

The second data set shows a usage amount that is a lot or more than just slightly above the usage amount in the data set you were invoiced for;
The second data set shows a usage amount that is a lot or more than just slightly below the usage amount in the data set you were invoiced for.
Result:

The second data set shows the exact usage amount as the data set your invoice is based on.

Invoiced Usage Amount:106,342,195
Invoiced Usage Charge:$48.00

Second Data Set Usage Amount:106,342,195
Second Date Set Usage Charge:$48.00

Then after an investigation – we can find out the number of requests and subsequent requests for the last 30 days for each worker, I have to disable the “Free-tier” of one of my API.

I even renamed the API so that no more surprise.

Avoid Billing Surprise of CloudFlare Worker

Unfortunately, CloudFlare does not provide a Usage Cap on Paid Worker Plan, but here are things we can do to avoid a billing surprise:

• Require Authentication e.g. Bearer Token, for your CloudFlare Worker
• Rate Limit Your CloudFlare Worker
• Disallow the Bots Access
• set up billing usage notification email to report when the number of requests exceeds a threshold.
• downgrade to Free Tier for free APIs. Free Tiers have a daily 100K requests and won’t charge you if there is a spike. The APIs will get status code 1000+ to reflect the rate limited.
• avoid exposing the API endpoint unless you have to (providing public APIs)

On the free tier, if the limit is exceeded, we can let the requests fall through to an origin, if one, or block the requests, and not get billed.

Here are the spikes in those two days:

The Cloudflare Worker is not rate limited except as DDos Protection. And No matter what returns (even non success status code 404, 401) from the Worker, it is still counted as a request. However, we can Add Route in the Trigger tab of a Worker, and Bind it to a Domain, and then Configure Firewall Rules or Enable Bot Flight Mode to avoid Bots Crawling the Cloudflare Worker(s).

Also, we can configure the Bots in Google’s Webmaster or Bings’ Webmaster to slow down the access rate of their crawler.

CloudFlare Technology

• CloudFlare: Change Security Level Value Programmatically for Multiple Domains via PHP/Python/Bash Script
• How to Transfer Domain From Namesilo to CloudFlare Registra?
• A Simple Rate Limiter for CloudFlare Workers (Serverless API) based on KV Stores
• Cloudflare Worker Unexpected High Usage of API Requests - How to Avoid Surprising Billing?
• Tutorial: How to Set Up a API Load Balancer by Using CloudFlare Worker?
• How to Fix CloudFlare Error 1101 (Worker threw exception)?
• Using CloudFlare Worker Serverless Technology to Deploy a Load Balancer (RPC Node) for Steem Blockchain
• Set Up Website Health Checks (Canaries) using CloudFlare
• CloudFlare Internet Summit - Recaps
• Does CloudFlare Cache 403 and 503 By Default?
• The PHP Page Rule Checker of CloudFlare
• Cloudflare Offers Dedicated SSL Certificates
• How to Clear CloudFlare Caches of Multiple URLs using PHP Script with CloudFlare API?
• Does CloudFlare (Cache Everything) Affect the Adsense?
• Posting SQL code on bbForum Triggers Security Rules by CloudFlare
• How to Offload Your Server by Using CloudFlare - Cache Everything?

–EOF (The Ultimate Computing & Technology Blog) —