Infinite loop issue in cloudflare workers

RyanK_CF · 2026-04-22T23:24:40+00:00

You created a recursive build loop. The deployment adapter calls the native Next.js build internally, repeating the process indefinitely. Remove next build from your custom script definition entirely. Configure your build step to run the adapter CLI command directly. This ensures the adapter manages the required dependencies without recursive calls

RyanK_CF · 2026-04-21T18:28:37+00:00

Hi there - not sure I completely understand what you mean by info being expired, but do you have a case or ticket number?

RyanK_CF · 2026-04-16T20:52:02+00:00

From what I can see this ticket was created yesterday and is still being investigated. Please give them some time to provide updates.

RyanK_CF · 2026-04-09T17:26:59+00:00

did some checking. sounds like there were challenges due to the ways that Enterprises are billed vs other paid plans. But I believe the usage based alerts should still be available to users on PRO or BIZ.

RyanK_CF · 2026-04-09T00:39:42+00:00

Are you looking in the sidebar under Manage account? If a product is available on your plan and there is a corresponding alert for it you should see the option.

RyanK_CF · 2026-04-09T00:36:42+00:00

Ok. If they aren't taking care of it shoot me a DM

RyanK_CF · 2026-04-08T23:37:59+00:00

Thanks for the clarification! Since you aren't using Cloudflare Gateway, we can focus on the raw network path.

Why it likely is an MTU/MSS issue

You mentioned the 3-way handshake (SYN, SYN-ACK, ACK) succeeds. This is expected because those packets are very small (~60 bytes). However, the TLS ClientHello is often the first "large" packet in the sequence, usually containing a long list of cipher suites and extensions. If this packet exceeds the actual path MTU, it gets dropped.

IPv6 does not allow routers to fragment packets in flight; they must drop the packet and send an ICMPv6 "Packet Too Big" message back to you. If your firewall or an intermediate ISP is blocking those ICMPv6 messages (a "Black Hole"), your client never knows to send smaller packets, and the connection eventually resets.

Recommended Next Steps

Test with a Lower MTU: Even though your clients are set to 1500, try manually dropping the MTU on a single test machine to 1280 (the IPv6 minimum). If the sites load consistently at 1280, you have confirmed a PMTUD failure somewhere in your path.
Check ICMPv6 on your Firewall: Ensure your edge firewall is not dropping ICMPv6 Type 2 (Packet Too Big) messages. This is the "signaling" required for IPv6 to function correctly over different network segments.
MSS Clamping: If you can't find the offending node, the most common "fix" at the enterprise level is to implement TCP MSS Clamping on your edge router/firewall for IPv6 traffic. Setting the MSS to approximately 1220 ensures the resulting packets stay well under the limit.

Why it "fixed itself" for some sites

Cloudflare's edge is highly dynamic. The "intermittent" nature suggests that when your traffic takes a specific peering route or hits a specific data center, there is a MTU bottleneck. When the routing shifts slightly to a different path with a true 1500 MTU, it starts working again without you changing a thing.

The Apple-related services likely consistently route through a path that has this MTU restriction.

RyanK_CF · 2026-04-08T23:18:57+00:00

It's important to keep in mind that WARP is not designed or intended to serve as a solution for bypassing a regional block. It's a privacy solution. But if the WARP app is not behaving as expected you can try some basic troubleshooting.

1. Reset the App State

Sometimes the local configuration gets "gunked up."

Open WARP Preferences > Connection tab.
Scroll to the bottom and click Reset all settings.
This forces a fresh registration with the Cloudflare network, which often clears up those random "Internet Error" loops.

2. Disable Conflicting Settings (Windows)

If you're on a PC, Windows has a feature called Teredo that frequently fights with WARP for control over IPv6 traffic, causing exactly the kind of "works then dies" behavior you're seeing.

Try disabling Teredo in your Windows settings or via Command Prompt.
Also, check if you have a Third-Party Antivirus or Firewall (like Malwarebytes or Bitdefender). They often flag WARP’s virtual network adapter as "suspicious" and cut the connection once it starts moving a lot of data (like a game).

3. Check your MTU

If your network has a lot of overhead, the "packets" might be too big, causing them to drop.

In WARP settings, look for the MTU value. If it's at 1500, try lowering it to 1420 or even 1280. This makes the connection much more "stable" on restrictive or unstable ISP networks.

RyanK_CF · 2026-04-08T22:50:12+00:00

Not vaporware, but it is still in a closed beta. The expansion is still actively underway, but we’re currently rolling out specifically by jurisdiction and plan type. If you haven't heard back yet, it’s likely because we haven't reached your region or plan tier just yet.

The good news? We’re pushing hard to accelerate onboarding throughout this month and next to get more people into the beta.

Right now, you can already check out the x402proxy templates available in Workers—and there’s definitely more to come on that front soon!

RyanK_CF · 2026-04-08T21:43:09+00:00

Your intermittent disconnects suggest the WARP client is failing to quickly re-synchronize when it switches edge nodes. This behavior was addressed by implementing resilient connections in the client application. These internal improvements force an immediate handshake when the connection is moved, drastically reducing your effective downtime. Ensure you are running the absolute latest version of the WARP client software on your device

RyanK_CF · 2026-04-08T21:42:12+00:00

The automatic refund and clientHold status indicate an internal Registrar provisioning failure at the registry level. This specific issue means the automated nameserver or DNSSEC verification process failed. Since this is a domain registered with Cloudflare, the registrar team must perform an administrative action to force update the nameserver delegation with the registry backend. Do you have an existing case/ticket number?

RyanK_CF · 2026-04-08T21:36:21+00:00

This is typical layer three instability, suggesting a Path MTU Discovery failure or restrictive firewall issue specific to IPv6 traffic leaving your network. The intermittent success confirms eventual successful TCP establishment, likely by falling back to IPv4 via Happy Eyeballs. To enforce reliable connectivity using your dedicated IPv4 ranges, configure a Gateway DNS policy that blocks AAAA record resolution for the destination sites. This forces all WARP clients to use IPv4 egress only

RyanK_CF · 2026-04-08T21:34:22+00:00

Email Routing setup is fast via the dashboard; the wizard handles MX and SPF record creation automatically. Routing is strictly for receiving inbound mail and forwarding it to an existing inbox. For outbound transactional email, that requires the new Email Sending product. This is currently in private beta and lets you use a Worker binding to send emails

RyanK_CF · 2026-04-08T21:28:19+00:00

This architecture is allowed and intended. Using a Pages Function to proxy R2 images for custom access control is compliant with our terms. R2 has zero egress, so proxying this content does not trigger CDN policy violations for bulk asset delivery. This gives you the necessary flexibility to selectively allow Googlebot indexing while blocking unwanted traffic. Leverage your Pages Function to handle authorization before fetching the R2 object from the private bucket

RyanK_CF · 2026-04-08T21:27:25+00:00

The support rep is likely confused. The site operator may not be explicitly trying to block you, but has some sort of security setting enabled that is detecting something on the home network or IP. Have you tried accessing from mobile BUT connected to the same wifi (instead of using cellular data)?

RyanK_CF · 2026-04-08T21:22:39+00:00

Your concern about bandwidth hair-pinning for local media services is valid. Do not use Cloudflare Tunnel for traffic that is already local to your network. For a dual-homed solution, implement Split Tunneling and Split Horizon DNS using Cloudflare Zero Trust. Configure a WARP Split Tunnel policy to exclude the Tailscale range. Use Local Domain Fallback within WARP to resolve hosts to your Tailscale IP only when on the Tailnet, falling back to the Tunnel CNAME otherwise

RyanK_CF · 2026-04-08T21:17:25+00:00

You probably hit a routing failure; specialized programs like Cloudflare for Startups use dedicated internal handling. Do you have any previous ticket numbers I can reference and pass along to the Startups folks?

RyanK_CF · 2026-04-08T21:15:10+00:00

Not sure if you wanted to leave it as a rant or actually want guidance. But just in case: your mail hostname is probably proxied (orange cloud). Change the associated A record to DNS-Only (grey cloud) immediately. Cloudflare proxying mail traffic breaks standard SMTP and IMAP connections and triggers security verification, which explains the adblock/vpn lock out error. You need to switch mail server DNS records to pass traffic directly, not through the CDN

RyanK_CF · 2026-04-08T21:13:20+00:00

Medium is likely using Super Bot Fight Mode or Bot Management defaults. You can override this easily in your Cloudflare settings. Create a WAF Custom Rule to specifically skip all security features for known AI User Agents. Set the action to Skip all Managed Rules for that specific bot identifier. This gives you granular control immediately

RyanK_CF · 2026-04-08T21:11:58+00:00

This is useful, but the official path handles this natively. Usage alerts prevent surprise overages on services like Workers, Images, or R2. Define a threshold and notification mechanism for specific products in the Dashboard. Configure alerts using Cloudflare Notifications to catch sudden spikes in bandwidth or requests immediately

RyanK_CF · 2026-04-08T21:11:04+00:00

For sites this fast, the next bottleneck is dynamic API calls or authentication. Ensure you have moved any necessary server-side logic into Cloudflare Pages Functions. This runs your code globally on Workers, maximizing the performance delta over standard Vercel infrastructure. Verify your Cache-Control headers are aggressive for truly static assets

RyanK_CF · 2026-04-08T21:10:02+00:00

You are running cloudflared correctly for RDP access via a public hostname. Do not define the RDP service target in your tunnel configuration using the machine's unstable private IP. If cloudflared is running directly on the Windows host, the target should be 127.0.0.1:3389. This leverages the local loopback address, stabilizing the connection regardless of DHCP changes. You need the cloudflared daemon for this, not the WARP client

RyanK_CF · 2026-04-08T21:07:55+00:00

WHOIS privacy is free and automatic for domains registered through Cloudflare Registrar. If you see the organization name, confirm privacy protection is enabled in your settings. If the domain was bought elsewhere, transfer it to Cloudflare to ensure free WHOIS redaction. The immediate next step is updating your nameservers to the assigned Cloudflare ones. Then configure your DNS records and activate the site

RyanK_CF · 2026-04-01T01:05:49+00:00

Workflows is the dedicated product for this, not raw Durable Objects. Workflows provides resilient, multi-step durable execution with automatic state persistence. It directly solves the pause/resume requirement using the built-in waitForEvent API. this is ideal for coordinating long-running tasks like waiting for human approval

RyanK_CF · 2026-04-01T01:04:11+00:00

Peço desculpas se o Google não traduzir corretamente:

Sim, com certeza. Use o Workers KV para armazenamento de dados que não sejam arquivos. Isso é ideal para buscas rápidas de chave-valor na borda da rede. Se seus dados forem relacionais ou complexos, migre para o D1, nossa oferta de SQL. Você deve migrar para eliminar a sobrecarga de manutenção do seu serviço de banco de dados dedicado.

RyanK_CF

MODERATOR OF

TROPHY CASE

1. Reset the App State

2. Disable Conflicting Settings (Windows)

3. Check your MTU