Cloudflare Worker

DataDome Cloudflare integration detects and protects against bot activity.

This module is dedicated to be used on Cloudflare, utilizing the Workers feature: https://developers.cloudflare.com/workers/about/

Before the regular Cloudflare process starts, an event is triggered and processes the DataDome logic in a Workers function.
The module makes a call to the closest DataDome endpoint. Depending on the API response, the module either blocks the request or lets Cloudflare proceed with the regular process.

The module has been developed to protect the visitor' experience: if any errors were to occur during the process, or if the timeout is reached, the module will automatically disable its blocking process and allow the regular CloudFlare process to proceed.

How to install and configure

  1. Connect to your Cloudflare console and go to the Workers section
  2. Click on "Manage Workers"
  1. Click on "Create a Worker"
  1. Download our Cloudflare Module and paste the code from datadome.js in the Script Editor.
  1. Fill the server-side key variable value (DATADOME_LICENSE_KEY) with the server-side key from your dashboard

  2. Fill the client-side key variable value (DATADOME_JS_KEY) with the client-side key from your dashboard.

  3. Go back to the Workers section and Add Route for the domain you want to protect. Depending on your Cloudflare plan, dashboards may differ a bit.

  1. Click on the 'Save' button

Congrats! Your website is ready to be protected, at the Edge, against bot traffic!

Settings

Setting

Description

Required

default

DATADOME_LICENSE_KEY

Your DataDome server-side key

Yes

""

DATADOME_JS_KEY

Your DataDome client-side key

Optional (but recommended)

""

DATADOME_JS_TAG_OPTIONS

JSON object describing JStag option (see here for more documentation)

Optional

""

DATADOME_TIMEOUT

The request timeout for the DataDome API, in milliseconds

Optional

150

DATADOME_URI_REGEX

Processes matching URIs only

Optional

""

DATADOME_URI_REGEX_EXCLUSION

Ignores all matching URIs

Optional

exclude static asset

Caching policy

DataDome module doesn't change the default caching policy.

However, the module adds a tracking cookie on all requests, which may impact some custom policies.

You can use the Worker TTL feature to force a specific caching TTL.
Feel free to contact our support for any specific needs.

FAQ

Can I enable DataDome only for specified IP?

Yes, you can. You need to update the code at the beginning of the function handleRequest similarly to the below:

async function handleRequest(request) {
  try {

    if (request.headers.get('cf-connecting-ip') != "1.2.3.4" && request.headers.get('cf-connecting-ip') != "2606:4700:30::681b:938f") {
        return await fetch(request);
    }

    const url = new URL(request.url);
...

DataDome will only process requests incoming from IP 1.2.3.4 or 2606:4700:30::681b:938f.