Cloudflare Worker requests to *.fly.dev returning HTTP 409 before reaching Fly app

Hi Fly team,

I’m running a Cloudflare Worker that calls my Fly app’s gRPC endpoint at https://*.fly.dev. The domain is the standard *.fly.dev subdomain—not

proxied through Cloudflare on my side.

The Worker consistently gets HTTP 409 responses. Logs inside the Worker show headers like:

gRPC request failed: HTTP 409 fly-request-id= cf-ray=99e3582173f7e004-LAX server=cloudflare

via=

Notably:

• Every failing response has server=cloudflare and a cf-ray, but no fly-request-id, which means the

  request never reaches my Fly app.

• The exact same request (same headers, same path) works fine from a browser or curl on my local machine;

  only the Cloudflare Worker is blocked.

• It looks like Cloudflare Worker traffic hits Fly’s Cloudflare front door from a Cloudflare/Workers IP

  range and is rejected with 409 before Fly Router processes it.

Could someone from Fly confirm whether there’s a protection rule blocking Cloudflare Workers’ egress

IPs? If so, can it be relaxed or is there a recommended workaround (e.g., an officially supported way

for Cloudflare Workers to reach Fly apps without being rejected)? I can provide timestamp/cf-ray samples

if needed.

Thanks!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.