{"id":25559953,"url":"https://github.com/threadseeker/cf-proxy-example","last_synced_at":"2026-03-02T23:30:19.735Z","repository":{"id":276493688,"uuid":"929450948","full_name":"Threadseeker/cf-proxy-example","owner":"Threadseeker","description":null,"archived":false,"fork":false,"pushed_at":"2025-02-08T15:30:28.000Z","size":31,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-02-08T16:30:01.689Z","etag":null,"topics":["cloudflare-workers","proxy"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Threadseeker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-08T15:28:20.000Z","updated_at":"2025-02-08T15:31:02.000Z","dependencies_parsed_at":"2025-02-08T16:30:04.184Z","dependency_job_id":"00d5900b-549f-4879-a4a6-5ca0a10ef268","html_url":"https://github.com/Threadseeker/cf-proxy-example","commit_stats":null,"previous_names":["threadseeker/cf-proxy-example"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Threadseeker%2Fcf-proxy-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Threadseeker%2Fcf-proxy-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Threadseeker%2Fcf-proxy-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Threadseeker%2Fcf-proxy-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Threadseeker","download_url":"https://codeload.github.com/Threadseeker/cf-proxy-example/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239881679,"owners_count":19712624,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloudflare-workers","proxy"],"created_at":"2025-02-20T17:28:40.670Z","updated_at":"2026-03-02T23:30:19.659Z","avatar_url":"https://github.com/Threadseeker.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cf-proxy-example\n\nThis is a minimal example of a Cloudflare Worker that proxies requests while changing the request headers, including the ones with IP addresses.\n\nSome services only use the IP address information of the headers to determine the location of the user. This worker changes the IP address of the request to a different one, which can be useful for bypassing certain restrictions.\n\nThis project and the implementation was inspired by [@maxchou415](https://github.com/maxchou415). Without his suggestion, Threadseeker wouldn't be able to solve the rate limiting issue so quickly.\n\n## Features\n\n- Changes the IP address of the request to a random one, including:\n  `CF-Connecting-IP`, `X-Forwarded-For`, `X-Forwarded`, `X-Client-IP`\n- Changes the `User-Agent` and `Referer` headers of the request to a random one.\n\n## Disclaimer\n\nThe \"@threadseeker/cf-proxy-example\" was developed for educational and research purposes only. It's clear that abusing the code for illegal or unethical purposes might violate the terms of service of Cloudflare, the target service or the law of your region.\n\nAny actions or activities related to the material contained within this repository are solely the user's responsibility. The author and contributors of this repository do not support or condone any unethical or illegal activities.\n\n## Setup\n\n```bash\ngit clone https://github.com/threadseeker/cf-proxy-example.git\ncd cf-proxy-example\n\n# Install the dependencies\npnpm install\n```\n\n## Local Development\n\nRun the worker locally with:\n\n```bash\npnpm dev\n```\n\nThe worker will be available at `http://localhost:8787`\n\n## Testing\n\nThe repo comes with certain tests to cover the most important parts of the code. Run them with:\n\n```bash\npnpm test\n```\n\nAnd the unit tests are available at `./tests`\n\n## Deployment\n\nTo deploy the worker, run:\n\n```bash\nnpx wrangler deploy\n```\n\n## Additional Information\n\n### It is not safe to determine the visitor's IP address only from the headers\n\nWith the perspective of the target service, it's not solid to determine the visitor's real IP address only from the headers, since they could be modified by the clients. Like this example, the worker changes the headers to a random one, so the target service could be misleaded if only based on the headers.\n\n### Identify requests coming from Cloudflare Workers\n\nThere're 2 headers can be used to determine if the request is coming from a Cloudflare worker and cannot be spoofed:\n\n1. The [`CF-Worker`](https://developers.cloudflare.com/fundamentals/reference/http-headers/#cf-worker) header, which is set to the name of the zone which owns the Worker making the subrequest (fetch)\n2. The [`CF-Ray`](https://developers.cloudflare.com/fundamentals/reference/http-headers/#cf-ray) header, which can be used to match requests proxied to Cloudflare to requests in your server logs.\n\nThe 2 headers are injected by Cloudflare once a subrequest is made from a Cloudflare worker, and cannot be modified anyway by the client.\n\nIf you are a developer that want to protect your service from being abused by this kind of workers, you can use the 2 headers mentioned above to detect, [report](https://abuse.cloudflare.com/) or block the requests.\n\n### Preventing the requests try to bypassing Cloudflare's protection utilizing Cloudflare Workers\n\nIt is possible that the Cloudflare Workers could be abused to bypass Cloudflare's protection with certain techniques.\n\nHowever, according to this [comment](https://news.ycombinator.com/item?id=26688390) from Cloudflare's tech lead:\n\n\u003e Instead of IP-based authentication, we strongly recommend using mTLS-based authenticated origin pulls (with a zone-specific key pair) or Argo Tunnel, as these methods are much more secure.\n\nPreventing the requests try to bypassing Cloudflare's protection utilizing Cloudflare Workers is doable with mTLS-based authenticated origin pulls or Argo Tunnel with Cloudflare.\n\n### Conclusion\n\nOverall, this worker is just a minimal example of a Cloudflare Worker that proxies requests while changing the request headers, including the ones with IP addresses.\n\nYet, there are still many other ways to determined those requests with the default headers from Cloudflare Workers to avoid abused as a targeted service. Also, the CDN has no way of knowing if the origin server that a user has configured really belongs to them, so setting mTLS-based authenticated origin pulls or Argo Tunnel with Cloudflare is recommended for advanced protection.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthreadseeker%2Fcf-proxy-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthreadseeker%2Fcf-proxy-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthreadseeker%2Fcf-proxy-example/lists"}