I serve "Denied" if IP matches X. You don't need Google For this. I do the same thing if User Agent = X
This is a risk with any solution, from DreamHost to Amazon to RackSpace. I can ruin your day regardless of platform. From: google-appengine@googlegroups.com [mailto:google-appengine@googlegroups.com] On Behalf Of Bay Sent: Sunday, September 11, 2011 2:28 AM To: google-appengine@googlegroups.com Subject: [google-appengine] New pricing scheme and concerns about abuse Say someone does not like a person behind one of the small/medium sized apps on app store (lets say 2-3 instances continously each day). For the sake of argument, say that it is me, but it could just as easily apply to any of you guys out there. What will stop a person of ill intend to make his own app engine app (or use any other similar service available on the web) and use this app to hit my small/medium sized app engine app with hundreds of asyncrone requests each second - forcing the number of instance of my application to skyhigh levels and thus - depending on budget settings - either 1) bill me hundreds of USD for a few hours, or 2) hitting the instance hour quota very, very quickly... Such an "attack" could theoretically be made from another app engine app, possibly even under the free quota... Under the old pricing scheme the latency would just go up (it happened a few times to me). Possible solutions: 1) app engine team should provide an API for blacklist, so that I can programatically add IP's there 2) app engine team could make a setting to control "Max Number of Instances" [not just "max idle instances" - because they will not be idle]. A Max Number of Instances would of course make high latencies for all users on my app during an attack, but at least I wouldnt have to deal with hitting the quota levels => readjusting pricing => waiting for new ressources to be allocated => spending lots of time on damagecontrol + making the attacker happy... 3) any other ideas? I am concerned. Please advise. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/U_bUW2BUVj0J. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.