I have a static website hosted in Firebase. I can attach a custom domain to it fine. I would like to restrict access to my site to a certain range of IPs.
I am aware that in GCP Google Cloud Armor can do this. But Cloud Armor only works with a Load Balancer and the load balancer routes traffic only to GCP VMs.(not to a Firebase hosted site)
In AWS, there is a Web Application Firewall that lets you do IP Filtering.
I see GCP has provided links to 3rd Party partners here: https://cloud.google.com/security/partners/
But my question is what is the best and easiest way to whitelist IPs for a static website hosted in Firebase?
While Firebase does have a CDN, it doesn't offer you distributed denial of service attacks (DDoS) prevention, web application firewall (WAF), or rate-limiting. All of these are incredibly important to prevent malicious actors from breaking your system or stealing your data.
For example, to whitelist an IP address (to create IP whitelist), you first need to determine which devices or users are allowed access. Once you have a list of approved IP addresses, web applications, or users, you can add them to your whitelist using the network settings on your computer, router or firewall.
Retention: Firebase Authentication keeps logged IP addresses for a few weeks. It retains other authentication information until the Firebase customer initiates deletion of the associated user, after which data is removed from live and backup systems within 180 days.
Web sites on Firebase Hosting are accessible to everyone. There is no way to block certain users, or IP ranges, from accessing them
Because Firebase is PaaS service, there is no such thing like firewall. By Firebase launch checklist
There are only two kind of protection you can do:
Add whitelisting for your domains to prevent unauthorized usage.
Because any client can connect to any Firebase, you must write security rules to secure your data.So according to this document Firebase security, it will show you how to secure your web by secure who can access database.
This blog Firebase Security & Rules is also a good reference to learn how to secure your Firebase.
Hope this will help you
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With