Reputation: 1718
Avoid DoS attacks on App Engine
I have a small question with possibly a complex answer. I have tried to research around, but I think I may not know the keywords.
I want to build a web service that will send a JSON response, which would be used for another application. My goal is having the App Engine server crawl a set of webpages and store the relevant values so the second application (client) would not need to query everything. It will only go to my server with the already condensed information.
I know, it's pretty common, but how can I defend from attackers who wish to exhaust my App Engine resources/quota? I have been thinking on limiting the amount of requests by IP (say.. 200 requests / 5 minutes), but is that feasible? Or is there a better, and more clever way of doing it?
Upvotes: 1
Views: 1786
Answers (2)
Reputation: 15984
First, you need to cache the JSON. don't hit the datastore for every request. use memcache or possibly, depending on your requirements, you can cache the JSON in a static file in Cloud Storage. This simple is the best defender against DDOS, since every request adds minimal overhead.
Also, take a look in the DDOS protection service offered by app engine: https://developers.google.com/appengine/docs/java/config/dos
Upvotes: 2
Reputation: 3281
You could require users to log-in then generate and send an auth key to the client app that must accompany any requests to the app engine service.
Upvotes: 0
Related Questions
- Denial of service attack in Google Compute Engine running Ubuntu
- Google App Engine - How Dos configuration works?
- Is it possible to prevent DoSing on Google App Engine?
- Google App Engine: secure inter-app communication
- Google app engine bot attack?
- Should I worry about DoS attacks to files in static_dir?
- Security problems for google app engine webservices
- Securing Google App Engine Endpoints
- How can I safely configure AppEngine sockets w/ Google Compute Engine
- Google App Engine and dos.xml