From the docs...
* Do not use this service for security. It is designed for quantitative
abuse prevention, such as preventing DoS attacks, only. Some requests from
blacklisted users may still get through to your application.*
https://developers.google.com/appengine/docs/python/config/dos
--
I have blocked 178.32.0.0/15 in my app's dos.yaml but I've recently noticed
that certain requests are getting past the rule. I have included a snippet
from the logs below. It shows 178.32.216.193 being refused (http 403) some
of the time, but not always (http 200). I've seen this happening for