Hi, small SaaS founder here (tardis.dev) - I've been heavy Cloudflare Workers user (currently 4 billions requests & 1PB of data per month) for about 4 years already and today at 00:00 UTC without any warning my account was restricted, both website and APIs are down or very very slow to respond/time out, customers are angry obviously. I confirmed with support that "hmm, I see that your zone seems like being restricted due to 2.8 Limitation on Serving Non-HTML Content, see that there's high JSON data transfer". - which is bit strange as I'm using workers which have different terms - https://news.ycombinator.com/item?id=20791660 (confirmed by their CTO)...anyways I get it, perhaps I pay too little and should be on enterprise plan already, but when I got approached by Cloudflare sales team I explicitly asked if I can still be on pay as you go/self server model and reply was: "Enterprise wise, that's up to you and you could likely get away with utilising self-serve as you go, but if you did choose to go enterprise (without R2) I might be able to have something approved in the xx/month range."
I would fully understand that I am required to upgrade, but why not sending me an email before shutting down my business completely? I even asked about such scenario on zoom meeting I had with their Sales and they said it will never happen - few weeks forward and here we are...anyways going back to replying to my customers emails regarding service outage.
https://ised-isde.canada.ca/site/office-consumer-affairs/en/...
I just repost the same comment I put in the above thread
> The thing that scary me most is that his business get shut down without any notice period (at least the author not mentioning any previous communications from Cloudflare team about the issue).
> This is really a shitty thing from Cloudflare, you cannot shut down an already running business without any notice/grace period.
https://developers.cloudflare.com/workers/examples/return-js...
From the terms
> 2.8 Limitation on Serving Non-HTML Content
> The Services are offered primarily as a platform to cache and serve web pages and websites. Unless explicitly included as part of a Paid Service purchased by you, you agree to use the Services solely for the purpose of (i) serving web pages as viewed through a web browser or other functionally equivalent applications, including rendering Hypertext Markup Language (HTML) *or other functional equivalents, and (ii) serving web APIs subject to the restrictions set forth in this Section 2.8*. Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service *or expressly allowed under our Supplemental Terms for a specific Service*. If we determine you have breached this Section 2.8, we may immediately suspend or restrict your use of the Services, or limit End User access to certain of your resources through the Services.
Supplemental terms
> The Cloudflare Developer Platform consists of the following Services: (i) *Cloudflare Workers*, a Service that permits developers to deploy and run encapsulated versions of their proprietary software source code (each a “Workers Script”) on Cloudflare’s edge servers; (ii) Cloudflare Pages, a JAMstack platform for frontend developers to collaborate and deploy websites; (iii) Cloudflare Queues, a managed message queuing service; and (iv) Workers KV, Durable Objects, and R2, storage offerings *used to serve HTML and non-HTML content.*
I can't quite figure out how to parse this such that workers would be deemed unusable to just run an API.
I'd absolutely have gone ahead with using it for an API.
https://news.ycombinator.com/item?id=34383720
https://web.archive.org/web/20230114202232/https://news.ycom...
2.Cloudflare may, with or without notice to you and without liability of any kind, temporarily limit your storage and/or the number of requests you can make or receive using the Developer Platform for any reason (in its sole reasonable discretion), including without limitation, if processing such requests would put an undue burden on the Cloudflare network, adversely impact the Service, or otherwise threaten the integrity of Cloudflare’s networks.
To be fair I'm using lots of requests and bandwidth so could be reason, just if only I got an email about that before shutting everything down.
I’m using cloudflare pages with workers doing the same as you on a much smaller scale. The workers reverse proxy a rest api under the same host so I don’t need to worry about CORS, take the country HTTP header provided by Cloudflare then route the request to backend servers in the nearest AWS region and also cache any responses with cache control headers utilising Cloudflare’s Edge caching. It works great and gives a fast user experience regardless of where you are in the world.
I was going to implement rate limiting backed by durable objects to protect my backends.
It seems exactly the usecase and ideal usage of workers! Now seeing this, it has me rethinking using/investing in cloudflare if they can decide if they like how you use workers or not and kick you off. It shouldn’t matter what output the worker generates as long as it conforms to https://developers.cloudflare.com/workers/platform/limits/
On the R2 page https://www.cloudflare.com/products/r2/ we see:
> No more egress charges. You shouldn’t have to pay to access your data. Pay no egress charges for data accessed from R2. Our affordable and consistent pricing means no more surprise bills.
Whereas I think the non-HTML traffic terms still apply to R2. Or do they?
Speaking from experience, if you only need rudimentary L7 load balancing, then Cloudflare Workers is as good as it gets.
> How much are you paying for the workers/month?
Per my estimate, probably between $600 to $2000 for Workers: https://news.ycombinator.com/item?id=34639930
https://tmsearch.uspto.gov/bin/showfield?f=doc&state=4803:lq...
In particular, if I ran this business, I would be concerned that I was infringing on this part of the trademark:
"( computer software for use in downloading audio, video, still and moving images and data in compressed and uncompressed form from a computer or communication network; )) [ computer software for use in database management; downloadable electronic publications, namely, magazines, books, newsletters, pamphlets, printed guides, catalogues, manuals and programs featuring entertainment, instruction, education, sport and news; ] "
That said, IANAL and specifically IANAIPL so as I said just a heads-up.
"The main issue is not that [COMPANY] is working hard to protect itself and its customers, but that customers feel very powerless in these situations. When it takes a massive effort to get attention, especially if you're small and powerless, you feel that you have no control, and that your issues will go unanswered. What can the average, powerless customer who doesn't have the weight of social media, HN, @dang, or others on their side do when their hard-earned money or business is being held, locked, or otherwise prevented, and when the cause is not fraudulent, or if the customer is unaware of that activity? The problem is that accounts are just shut down, moneys are held, and there's no quick or clear communication, with customer support simply saying it's not in their control. It's this feeling of powerlessness that's the issue, regardless of whether or not [COMPANY] is in its rights or doing what it feels is in its and its customers best interests.
What can you do to help empower the powerless customers when their livelihoods are at stake? Can you provide some way to not instantly assume fraud or malicious intent on behalf of the customer and provide some quick and direct way for the customer to feel empowered?"
Having to resort to HN to get major problems resolved that are major customer service and potential legal / liability issues causes me a lot of stress when I realize that I have don't have nearly the same sort of power or influence as some of the others here do on HN. I worry that my complaints would simply go ignored.
@jgrahamc would love you to comment on what we can do to avoid people having to resort to HN for a solution to these problems, which favors the well-connected and squeaky wheels and disfavors everyone else.
https://www.cloudflare.com/supplemental-terms/
(I'm the lead engineer on Workers. I don't know what happened to OP, though; I'm not personally looped into that conversation.)
I think that case is different than this one because it was very obvious that it was against the rules, to the point where even the OP of that post came in to say that yes, they knowingly violated the TOS but would have appreciated a heads up.
The comment I was referring to: https://news.ycombinator.com/item?id=34235749
Sorry for the confusion, I tried to separate using “this post” and “that post” but I’m sure I slipped up somewhere there.
None of Cloudflare's marketing or technical documentation makes any explicit reference to "permitted usages" for Cloudflare services such as R2 and Workers.
This page for example means one thing without any reference to permitted usages and would mean something entirely different if the permitted usages were promoted with the same level of visibility as the benefits.
https://www.cloudflare.com/products/r2/
Nothing here tells me I cannot write my own video serving code with Workers:
https://workers.cloudflare.com/
You might even believe "whatever you need" from this paragraph from the above link:
"Static assets with dynamic power. Say goodbye to build steps which pre-generate thousands of assets in advance. Harness the unrivaled raw power of the edge to generate images, SVGs, PDFs, whatever you need, on the fly, and deliver them to users as quickly as a static asset."
This developer documentation would takes on an entirely new meaning if a link to "acceptable uses" was prominent at the top of each page (not fine print).
https://developers.cloudflare.com/r2/get-started/
https://developers.cloudflare.com/r2/data-access/workers-api...
https://developers.cloudflare.com/r2/examples/demo-worker/
Have built an entire application around assuming there were no such limitations I now need to rebuild elsewhere.
Humph.
I now no longer even understand what "no egress fees" means - in a way that's worse than the big cloud providers where at least you know they are charging you 9 cents per gigabyte.
> Traffic from this customer went suddenly from an average of 1,500 requests per second, and a 0.5MB payload per request, to 3,000 requests per second (2x) and more than 12MB payload per request (25x)
https://www.theregister.com/2023/02/09/cloudflare_traffic_th...
And to requote the OP back to you like I did above, given that customer support told them there's a 24hr limit to that ban becoming permanent and tried to help them get it resolved before then, in this case it was in fact entirely reasonable to expect at least a one-line update within (in this specific case) a day, since either way the outcome would be known.
And in fact here's the OP's followup post: https://news.ycombinator.com/item?id=34721870