-
Bug
-
Resolution: Won't Fix
-
Normal
-
None
-
1002192
I'm using the Mojang API (api.mojang.com) in Cloudflare Workers, mainly for username to UUID and a bit of UUID to skin/cape. For a few months, I've noticed that I'm getting rate limited a lot even when I haven't made a request in a few minutes. This can make the API unusable for hours on some days. The reason for this is probably because other people using Cloudflare Workers are also using the Mojang API. Cloudflare does use different egress IP addresses for different data centres they operate in, but it seems like that isn't enough.
This, however, can be fixed. Cloudflare (AS13335) will always automatically add a "CF-Worker" header to every subrequest made by Cloudflare Workers (for example, a request to api.mojang.com). This header will contain the hostname of the worker making the request. As per the Cloudflare documentation:
The intended purpose of this header is to provide a means for recipients (for example, origins, load balancers, other Workers) to recognize, filter, and route traffic generated by Workers on specific zones.
The following rate-limiting logic would fix the issue:
- Check if the client IP address belongs to AS13335 (Cloudflare).
- If so, use the value of the "CF-Worker" header as the rate-limit identifier.
- Else use the client IP address as the rate-limit identifier.
If you want to check this issue for yourself then you can make a free Cloudflare account, this will give you 100k Cloudflare Workers requests every day. You could deploy the following script as a worker:
export default { // Executed for every incoming HTTP request to the worker fetch(request) { const username = "jeb_"; return fetch(`https://api.mojang.com/users/profiles/minecraft/${username}`); } }
This simple worker will make a request to the Mojang API and return the response back to the client. You can try to check your worker URL a few times throughout the day and you'll notice a rate-limit response sometimes, even when you clearly shouldn't be limited.