Domain removed from Cloudflare because of workers usage

[cpauwels]

🐛 Bug Report

I'm sorry this doesn't fall under a traditional bug report, but I think it's something the Workers team should have a look at.

I'm using Cloudflare Workers with the HTML for pages stored in KV store, and assets fetched through the worker as documented here: https://developers.cloudflare.com/workers/tutorials/configure-your-cdn.

In a sense, similar to Workers Sites, but with more custom logic (we're also using the HTMLRewriter for instance).

Today, all our customers webpages went offline at once. We received an automated email stating:

Cloudflare has deactivated your website, tappable.dev, because of a possible violation of the Terms of Service for the storage or caching of non-HTML content, such as video or audio files.

Going forward, visitors will access your website directly at the hosting origin server. As a result, your site won’t benefit from the performance and security benefits that Cloudflare provides. Learn more about the Cloudflare Terms of Service. https://www.cloudflare.com/terms

Correct me if I'm wrong, but from the documentation, examples and the existence of Workers Sites, caching images, videos, audio and fonts is intended.

The "Going forward" part of the email is the most problematic: we have no hosting origin server, everything is served from the workers. This means our pages are now completely offline with no way to fix anything.

I understand this email was sent automatically by an abuse detection script at Cloudflare, but is that script taking into account the existence of Workers? Could someone on the Workers team try to figure out what we as customers are supposed to do?

I have a ticket opened (#4288504), but so far I have not received any helpful responses, other than

Please be aware Cloudflare is a network provider offering a reverse proxy, pass-through security service. We are not a hosting provider nor do we allow our services to store files, or be linked to file storage sites. Using Cloudflare’s services primarily as an online storage space, including the storage, caching or proxying of a disproportionate percentage of images, movies, audio files or other non-HTML content is prohibited.

This is obviously problematic and against the whole purpose of Cloudflare Workers and the Caching API.

I have emailed jgc@cloudflare.com (Cloudflare CTO) after he encouraged emails instead of blog posts on Hacker News (https://news.ycombinator.com/item?id=22406277) but I have no other way to escalate. I'm hoping the Workers team can help me out or escalate the problem resolution and service restoration.

Thanks in advance,

Charles

[ispivey]

@cpauwels I just checked in with some folks internally — can you contact abusereply@cloudflare.com about this? They’ll be looking for your email.

[cpauwels]

I have a ticket open with the folks behind abusereply@cloudflare.com (ticket #4288504), but haven't received any helpful answers yet, and the last email I received was 3 hours ago. The email I contacted with is charles@tappable.co in case that helps.

[cpauwels]

@ispivey we still haven't received any reply or feedback from abusereply@cloudflare.com. Our customers sites are still down. What should we do?

[cpauwels]

Our domain has been reinstated :) I am however leaving this issue open since I think there is a problem with Cloudflare's abuse detection system and Cloudflare Workers usage patterns.

[ispivey]

@cpauwels I'm going to close this, as it's not actionable for folks working on wrangler, but rest assured we're working on this internally, and we'll follow up with you.

Again, really appreciate the report and sorry this impacted you.