Does Google Cloud App Engine Firewall have some API?

Question

I've been searching about if Google App Engine (GAE from now on) has some kind of DDOs protection. Apparently it had but it's been replaced with GAE Firewall which allows you to choose which IPs to allow to access your App.

This firewall raises 2 questions on me:

1. If someone tries to launch a DDOs attack on my App. Will they success or will they fail? I want to believe that Google will stop it automatically (or try at least) but I don't really know if it does.
2. Is there some kind of API for pogramming languages like Java to modify the allowed IPs in the Firewall so that I can programatically forbid IPs that I feel are dangerous? I haven't been able to find anything for this and it'd be really great.

Thanks!

Answer 1

Try to use Cloud Armor it’s the best solution :

https://cloud.google.com/armor

Answer 2

If you are concerned about the security of your app my recommendation is to use the Identity-aware-proxy. This should offer full protection to your app, not only for DDoS attacks.

Answer 3

Okay, I think I found it. Here's a list of libraries for various programming languages: https://cloud.google.com/apis/docs/cloud-client-libraries?hl=es

And what seems to be what I'm looking for is the FirewallClient which has method insertFirewall(InsertFirewallHttpRequest request): https://googleapis.dev/java/google-cloud-clients/latest/index.html

Answer 4

You can manage your firewall rule programmatically using AppEngine Admin APIs which have a Java client available here (however I couldn't find the call for updating firewall rules).