How to use Cloud Armor with GAE Flex?

Cihat Kısa

unread,

May 27, 2020, 3:00:25 PM5/27/20

to Google App Engine

Hello,

I wonder if is it possible to use Cloud Armor with GAE Flex? Because in Cloud Armor's documentation, it says that you have to use an HTTPS Load Balancer. Since GAE Flex doesn't have a load balancer, how can we use Cloud Armor with GAE Flex? We have to use a WAF to prevent DDOS attacks. Is it possible to use Cloud Armor with GAE Flex through HTTPS Load Balancer? If so, can you explain how can I achieve this goal?

Thank you.

Mary (Google Cloud Support)

unread,

May 27, 2020, 11:26:17 PM5/27/20

to Google App Engine

Hello Cihat,

Currently Cloud Armor does not support App Engine Standard or Flex. Both App Engine Standard and App Engine Flexible offer a firewall which may help mitigate DDoS attacks by specifying denial rules to specific or range of IPs.

[1] https://cloud.google.com/appengine/docs/flexible/go/creating-firewalls

Cihat Kısa

unread,

May 29, 2020, 7:21:14 AM5/29/20

to Google App Engine

Thank you for your answer. I use App Engine Firewall, but you can only block and allow IP addresses with it. It doesn't have other features like blocking or allowing by country code, user agent, and request headers. So it's hard to prevent DDOS attacks with only App Engine Firewall since you have to know all IP addresses that attackers use. I hope Google will provide these features soon.

Olu

unread,

May 29, 2020, 9:10:18 AM5/29/20

to Google App Engine

For any feature or Nice-to-have features that you would like to see implemented on the Google Cloud Platform or Google App Engine, you can always submit a feature request with detailed information about such features on the GCP issues tracking tool[1][2]. This would be evaluated and considered, should it fit into the long term plan or road map of the Google Cloud Platform.

Please keep in mind though that feature requests are subject to the evaluation of the particular Product team and there are no ETA for the implementation of such feature requests.

Particularly about using Cloud Armor with the Google App Engine, there is already a feature request open about this request and it is currently being evaluated by the App Engine team. I recommend that you bookmark the link to receive regular updates about the feature.

Thank you.

[1]https://developers.google.com/issue-tracker/#public_users

[2]https://issuetracker.google.com

[3]https://issuetracker.google.com/144150754

Arun Gopi

unread,

Aug 26, 2020, 4:45:42 PM8/26/20

to Google App Engine

Our application is a public facing app deployed on GAE standard. we cannot have firewalls or IAP so in our case we are left with cloud load balancer to mitigate DDOS.

can you please share document for load balancer for GAE? also for cloud aromor for our use case

artemisg

unread,

Aug 27, 2020, 9:40:29 AM8/27/20

to Google App Engine

Here [1] you may find the official documentation regarding routing requests with Cloud Load Balancing.

However using Cloud Armor with the Google App Engine is a Feature Request [2] currently being evaluated by the App Engine team. You may "star" it so that it receives visibility and also include your email in the "CC" section in order to receive further updates concerning this feature.

[1]:https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed#load_balancer

[2]:https://issuetracker.google.com/144150754

Arun Gopi

unread,

Sep 2, 2020, 11:52:34 AM9/2/20

to google-a...@googlegroups.com

Hi,

What domain should I provide here for SSL certificate? Is it an App Engine domain? we don't have any custom domain

gcloud compute ssl-certificates create www-ssl-cert \
    --domains [DOMAIN]

https://cloud.google.com/load-balancing/docs/negs/setting-up-serverless-negs#gcloud:-app-engine

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/43a25926-2db5-4dc4-8791-06c141eca471n%40googlegroups.com.

Tariq (Google Cloud Support)

unread,

Sep 3, 2020, 12:44:18 PM9/3/20

to Google App Engine

It is worth mentioning that Google Groups is a place for non-technical how-to questions (where you're likely to find information like service status updates and release notes, and ranging from book recommendations to creative shortcuts) [1].

For technical questions, I would recommend you to reach out to Stack Exchange sites [2] (e.g. Server Fault [3] or Stack Overflow [4]) where Google also participates that can help you find answers or troubleshoot problems.

[1] Discussions: Google Groups: https://cloud.google.com/support/docs/community#discussions_google_groups

[2] Ask Technical Questions on Stack Exchange Sites: https://cloud.google.com/support/docs/stackexchange

[3] Server Fault (A question and answer site for deploying and managing IT platforms): https://serverfault.com/questions/tagged/google-cloud-platform

[4] Stack Overflow (a question and answer site for programmers): https://stackoverflow.com/questions/tagged/google-cloud-platform

Reply all

Reply to author

Forward