How to drop a request?

[sophie]

My Python application receives a lot of unfriendly requests.  The faster the response will be sent the sooner I get a new request. Is it possible, in some cases, do not send a response (black hole mode)?

[Nicholas (Google Cloud Support)]

Hey sophie,

Thanks for sharing this question here.  Depending on what you mean by unfriendly requests and what you would like the respone to be, there are a few options.

Blacklist IPs in dos.yaml serving a static file as a response

To accomplish this, you must specify an IP or subnet to blacklist in the dos.yaml.  An IP matching a blacklist entry will, by default, be served a generic error page.  If you'd like to serve a specific error page, you could the the error_handlers in your app.yaml with the dos_api_denial error_code to serve a given static file.

Respond from your application with a 404 static file when hitting certain endpoints

This type of response still requires that your application respond to the request but does not require you to know the source IP range of undersirable requests in advance.  Serving 404 increases the likelihood that the response is cached and not re-requested again.  A 500 response for instance, may cause the requestor to ask again assuming the application was simply too busy.  Note that this option will incur usage of your App Engine quotas

Require login: required with most of the application's endpoints

If you know all the requests to a given application URL will be originating from Google-authenticated end users of your application, you could have them all require a login failing back to the auth_fail_action when unauthorized.  Note that this option will also incur usage of your App Engine quotas.

I hope the above suggestions are useful to you and lay out what options you can explore to meet your security needs.  Note that none of these options terminate the connection in a black hole way.