Menu
I'm new in network and I want to protect the layer 7 of a Google cloud function. I've found cloud armour that allow to create an allow/deny ip list for an https load balancer. Also Cloudflare that propose an illimited ddos mitigation.
My questions are:
1 - Is it possible to use cloud armour when my users ip list is dynamic/(unknown in advance) ? If so, can somebody point me to an informative link please?
2 - When my cloud function is behind a load balancer, can I access it again with it's normal url?
3 - Do somebody know better ways to achieve my goal with a priority to Google cloud plateforme solutions.
Thank for your help and sorry if my English is bad.
275
Use Google Cloud Armor security policies to help protect your load-balanced applications from distributed denial of service (DDoS) and other web-based attacks.
More aggressively time out half-open connections whenever possible. Drop malformed and spoofed packages as early as possible. Rate limit your router to prevent volumetric DDoS attacks. Set lower thresholds for SYN, ICMP, and UDP flood.
I'm not an expert, but I believe that you can't define a policy to a dynamic list. Although you can create a custom logging metric + Stackdriver alert to invoke a script to update your cloud armor policy [ 1 ] (using webhooks[ 2 ]).
About your second question, you can't put google cloud function behind a load balance.
To conclude you can create protection about DDOS attack but Google already provides a tremendous and transparency protection against it [ 3 ].
103
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
