Resizing an image is computationally intensive (at least compared to the average HTTP request). You can sidestep that by using caching: resize once, then serve the cached version from then on.
Dynamic resizing opens you up to a DDOS attack, essentially: someone would request the image at 1x1, and 1x2, and 1x3... you get the idea. But yeah, if there was anyone able to mitigate that risk via other means you'd think it would be Cloudflare.
I worked with sites that had performance issues because of attacks against dynamic image scaling in Cloudflare (scaling probably done with workers). Services like Cloudflare does not in general protect against service design issues. I try to explain that to people all the time. I also worked with another provider where a monthly bill got 5 times higher one month because images were requested at many different large sizes.
Yeah, I've come across sites that allow arbitrary resizing via dimension numbers in the URL. Seems like it would be easy to CPU ddos by submitting random numbers in those fields.
Huh. I don't understand how this would effect a site using Cloudflare Images. It seems like maybe a DDOS against Cloudflare itself, but I don't see how it would be a problem for your site. But you say it was, so.
But okay, thanks for providing more context. I have not used Cloudflare Images at all, so I don't really know, just trying to make sense of it.
Can you say or link to more? I'm not following this. Like... attacks... on Cloudflare?