Google App Engine and dos.xml

Question

My understanding is that the only way to really mitigate a DDoS attack is to automate the process of blacklisting IP addresses/ranges.

Google App Engine (GAE) allows you to configure and upload a dos.xml file and specify IP addresses/ranges to blacklist at any given time.

Obviously, if my web app is under a well-orchestrated DDoS attack, the IP addresses/ranges that will be attacking me will be constantly changing.

How often does GAE allow me to update dos.xml? How long does it take the changes to go into effect? I ask because I'm devising an AutoBlacklister system that inspects the IP addresses that it believes to be the attackers, and will update dos.xml dynamically. If there are more than 100 attackers (GAE restricts you to 100 address/ranges) then only the Top 100 "worst offenders" will be on the list.

But, if dos.xml can only be updated with a certain periodicity (like once a day, etc.), and if it takes too long (more than a few minutes!) to take effect,then this system is pretty much useless against a real DDoS.

Also, this question assumes there's a way to automate the uploading of dos.xml: is there? I would imagine there's a secure URL I could upload the file to with something like HttpClient, but with GAE, you never know what terms/restrictions you're going to face! Thanks in advance!

Answer 1

You can update dos.xml through AppCfg. It is possible to update this file without a full redeployment of the server, which is an expensive process. As far as I'm aware, there is no limit on how often this update can be performed.

Full deployment does have a limit which is described here:

The number of times the application has been uploaded by a developer. The current quota is 1,000 per day.