calm narwhal
It seems that all the requests sent by workers show the same IP (2a06:98c0:3600::103), as we can see when we request, e.g., https://icanhazip.com/.
This behaviour is somewhat unfortunate in cases where we use several workers for webscraping. In my case, if two workers happen to make the same request to a website I want to scrape data from, one of them is refused.
Can this be changed by some operation?
bright locust
No, this is fully intended. Workers are subject to the same security as the rest of Cloudflare
calm narwhal
Why such a restriction?
bright locust
To ensure people can clearly identify Workers. If someone sees abuse from Workers, it's easy for them to take action.
Whereas, if they used all of the normal cf egress IPs, they couldn't block that
calm narwhal
I am sorry, but I find that hard to understand. If a server's security is based on filtering the IPs it receives, it's a bad server and nothing is going to save it.
It's this kind of restriction that prevents thousands of open source developers like me from sharing non-abusive code that is intended to be deployed on a free infrastructure like Cloudflare workers, so that everyone can use it.
bright locust
Yes, there is a better way to also identify (we also send a cf-worker header) which they can block against however, you must understand people do use IP blocks very regularly (and even in automated fashion).
Either way, sorry but this is the security posture setup