How is Google App Engine Firewall working?

0
votes

With this feature now I can test my app on app engine, allow & deny access for particular set of IP's. That is more relief to developers. But, how could I set the priority in a way that I can only allow the IP addresses in certain range as shown in the below image. Also, this is in beta, Is there any way will it remain consistent with the upcoming stable version ?

enter image description here

And, how can I avoid the conflicting rules in the app engine ? There is a large rnge limit on priorities, Does it affect the performance in any case ? Does it works fine with multiple domains ?

Kindly, help. Thanks in advanced.

1
google-app-enginegoogle-cloud-platformfirewall

1 Answers

1
votes

Hopefully these points that may help

  • All traffic that is not matched by a rule is permitted, while not one of your questions it is critical to remember this.
  • Items that match multiple items will honor the rule with the numerically lowest priority.
  • default is priority 2147483647 so you are in good shape there, it is also the max value or last to be applied rule.
  • Priority values must be unique, this avoids conflicts but requires careful attention to the ordering of rules. Higher priority matching rules will not be applied.
  • App engine firewall performance should not be effected by a reasonable number of rules, but as it is in beta, Google does not offer SLAs and it is subject to deprecation without notice or changes that break backwards compatibility.

Note that you cannot edit rules once they are created, you have to delete and recreate them. Due to the ordered nature of these you may also want to increase the priority of the one rule you have. If you want to add more critical rules you will be limited to a max of 99 under the current config.