Cloudflare Workers

Overview

This guide covers the console workflow for installing the Centinel Worker. The worker deploys globally in 2-3 minutes.

Prerequisites

Centinel secret key (for validator API)
Cloudflare account with a website added
Access to the Cloudflare dashboard

Prepare the script

Download or copy centinel-worker.js.
Keep your CENTINEL_SECRET_KEY ready (you'll add it as an environment variable later).

Create the worker

Log into your Cloudflare dashboard.
Go to Workers & Pages → Create application → Create Worker.
Name your worker (e.g. centinel-protection).
Click Deploy to create the worker with default code.

Upload the script

In the worker overview, click Quick Edit (or go to Edit code).
Delete all the default code.
Paste the entire contents of centinel-worker.js.
Click Save and Deploy.

Configure environment variables

Go to Settings → Variables.
Under Environment Variables, add:
- Variable name: CENTINEL_SECRET_KEY
- Value: your-secret-key
- Type: Encrypt (recommended)
(Optional) Add CENTINEL_VALIDATOR_URL if using a custom validator endpoint.
Click Save and Deploy.

Add a route to your domain

Go to Triggers → Add route.
Enter your route pattern (e.g. example.com/* or *.example.com/*).
Select your zone/domain from the dropdown.
Click Add route.

Verify deployment

Visit your site to confirm traffic flows normally.
Test that requests to protected paths are validated by the Centinel API.
Monitor worker logs by clicking Logs → Begin log stream in your worker dashboard.
Look for entries with "service": "CentinelAnalytica" to verify the worker is running.

Advanced configuration

Edit the activateCentinel() call at the bottom of the script (around line 580):

export default {
    async fetch(request, env, ctx) {
        const handler = activateCentinel(undefined, {
            // Protect only specific paths (optional)
            protectedPathsInclusion: /\/(api|admin|checkout)\//,

            // Exclude static assets (already excluded by default)
            protectedPathsExclusion: /\.(js|css|png|jpg|svg)$/,

            // Custom validator URL (optional)
            validatorURL: 'https://custom-validator.example.com/validate',

            // Increase API timeout in milliseconds (default: 300ms)
            timeout: 500,

            // Enable debug logging (default: false)
            enableDebugging: false,
        });
        return handler.fetch(request, env, ctx);
    },
};

For permanent changes, edit the variables at the top of the script (lines 26-27):

/**
 * Path regex patterns for protection
 */
let CENTINEL_PROTECTED_PATHS_INCLUSION = null;  // null = protect all paths
let CENTINEL_PROTECTED_PATHS_EXCLUSION = /\.(avi|avif|bmp|css|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|json|less|map|mka|mkv|mov|mp3|mp4|mpeg|mpg|ogg|ogm|opus|otf|png|svg|svgz|swf|ttf|wav|webm|webp|woff|woff2|xml|zip)$/i;

Examples:

// Protect only API and admin paths
let CENTINEL_PROTECTED_PATHS_INCLUSION = /\/(api|admin)\//;

// Add more file extensions to exclusion
let CENTINEL_PROTECTED_PATHS_EXCLUSION = /\.(js|css|png|jpg|svg|ico|woff|woff2|ttf)$/i;

After making changes, click Save and Deploy.

Using Wrangler CLI (alternative)

For command-line deployment:

# Install Wrangler
npm install -g wrangler

# Authenticate
wrangler login

# Set secret
wrangler secret put CENTINEL_SECRET_KEY

# Deploy
wrangler deploy centinel-worker.js --name centinel-protection

# Add route
wrangler route add "example.com/*" centinel-protection

Monitoring and logs

Real-time logs: Workers dashboard → Your worker → Logs → Begin log stream
Analytics: Workers dashboard → Your worker → Analytics
Debugging: Set enableDebugging: true in configuration options for detailed logging

Changelog

1.2 - Better timeout handling.
1.1 - Better error handling.
1.0 - Initial release.

Cloudflare Workers

Advanced configuration

Using Wrangler CLI (alternative)

Monitoring and logs

Changelog

On this page