Firebase Storage set rate limit

1
votes

I have a simple file uploader and the uploader must be available to the public (no need for a google account). The files will be uploaded directly to the firebase storage.

However, I want to prevent spam uploads (storage flooding). I can imagine this by restricting the number of uploads per day per ip. This would already be sufficient and I know this is not secure at all but it will prevent simple spam flooding. The uploader will anyways be removed after a month.

Can this be coded as a security rule?

2
firebasefirebase-storagefirebase-security

2 Answers

1
votes

Security rules for Cloud Storage don't have this capability. They don't have access to the client's IP address. You will need some middleware that sits between the client and Cloud Storage that can manage this detail.

1
votes

You can use Anonymous authentication and can track the uploads through firestore document, cloud function triggered on upload and using auth claims in security rules. Here's my detailed answer considering authenticated users but it can be applied here too.

From Firebase Docs:

These temporary anonymous accounts can be used to allow users who haven't yet signed up to your app to work with data protected by security rules.