Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I do IP whitelisting for a static site hosted in Firebase? / Is there a WAF for Firebase hosting?

Tags:

security

firebase

google-cloud-platform

firebase-hosting

I have a static website hosted in Firebase. I can attach a custom domain to it fine. I would like to restrict access to my site to a certain range of IPs.

I am aware that in GCP Google Cloud Armor can do this. But Cloud Armor only works with a Load Balancer and the load balancer routes traffic only to GCP VMs.(not to a Firebase hosted site)

In AWS, there is a Web Application Firewall that lets you do IP Filtering.

I see GCP has provided links to 3rd Party partners here: https://cloud.google.com/security/partners/

But my question is what is the best and easiest way to whitelist IPs for a static website hosted in Firebase?

like image 342
Blitz Blitz Avatar asked Apr 01 '19 01:04

Blitz Blitz

People also ask

Does Firebase have WAF?

While Firebase does have a CDN, it doesn't offer you distributed denial of service attacks (DDoS) prevention, web application firewall (WAF), or rate-limiting. All of these are incredibly important to prevent malicious actors from breaking your system or stealing your data.

How do I whitelist a static IP?

For example, to whitelist an IP address (to create IP whitelist), you first need to determine which devices or users are allowed access. Once you have a list of approved IP addresses, web applications, or users, you can add them to your whitelist using the network settings on your computer, router or firewall.

Does Firebase collect IP addresses?

Retention: Firebase Authentication keeps logged IP addresses for a few weeks. It retains other authentication information until the Firebase customer initiates deletion of the associated user, after which data is removed from live and backup systems within 180 days.

2 Answers

Web sites on Firebase Hosting are accessible to everyone. There is no way to block certain users, or IP ranges, from accessing them

like image 150
Frank van Puffelen Avatar answered Sep 18 '22 20:09

Frank van Puffelen

Because Firebase is PaaS service, there is no such thing like firewall. By Firebase launch checklist

There are only two kind of protection you can do:

Protect By Authenication

Add whitelisting for your domains to prevent unauthorized usage.

  • Whitelist your production domain for browser API keys and client IDs in the Google Developer Console.
  • Whitelist your production domain in the Auth tab of the Firebase console panel.

Protect your data

Because any client can connect to any Firebase, you must write security rules to secure your data.So according to this document Firebase security, it will show you how to secure your web by secure who can access database.

This blog Firebase Security & Rules is also a good reference to learn how to secure your Firebase.

Hope this will help you

like image 45
howie Avatar answered Sep 17 '22 20:09

howie
Sign in to Comment

Related questions

How to share provider data from streambuilder via different pages (contextes)
Firebase crashlytics dashboard keeps Loading [closed]
Development plan in Firebase easily "DoSsable"?
Error: File google-services.json is missing. The Google Services Plugin cannot function without it.
Cannot create new project in Firebase console
How to Sync Google Sheets spreadsheet with the Firebase database?
How to exclude item from a FirebaseRecyclerAdapter
moving my app's backend from Firebase to AWS
What does Firebase server side verifyIdToken() do under the hood?
Retrieve all values from a sub child in Firebase with Swift iOS
Cloud Functions for Firebase - Send email onWrite
c# Query path for Firebase data through FirebaseDatabase.net
How to use firebase TestLab with react native
Detect Firebase Auth Provider for Loged in User
Why does the Firebase Email Verification take a long time to deliver after user creation on Web?
app to mail form data to my inbox doesn't work correctly on Firebase
Couple Firebase Firestore and Firebase Storage calls together into a batch?
Firebase push promise never resolves
How to execute firebase function synchronously inside for loop?
Login with firebase + spring on backend

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!