PS. I think it would also be possible to hide the identity of the GAE app the filter talks to. That way you can move your GAE app to a different app ID, so that the attacker can't hit it directly without going through your filter. DNS would also point to your filter.
On Wednesday, August 8, 2012 9:45:51 PM UTC-7, Kristopher Giesing wrote: > > Did your attacker change lines of attack after put in the curl blocking? > Or did the blocking itself not solve the problem? > > Here's a thought: use node.js to set up a simple filter (node.js because > it's high throughput for very lightweight operations). For valid traffic, > proxy to your real GAE site, otherwise proxy to a honeypot that will > black-hole the attacker's requests. I say proxy rather than redirect so > that your GAE site can whitelist the IP of your filter - I think HTTP > referrer can be spoofed, which would defeat the purpose. > > Writing node.js proxies is pretty straightforward (there's code for it on > the net) so the real trick is then making sure you can distinguish attacks > from normal traffic - hence my original question. > > This is all off the top of my head, there may be holes in this plan I > hadn't thought of. But it seems like it could work. > > - Kris > > On Wednesday, August 8, 2012 8:12:17 PM UTC-7, Kate wrote: >> >> My site has been on GAE for several years but am now experiencing denial >> of service attacks. I don't want to pay for them so my site is now down. I >> put in a production issue last week and have tried blocking the user agent >> (curl). But I can't block by IP as all IPs are different. >> >> Apart from moving from GAE what can I do. >> >> Thanks in advance, >> >> Kate >> >> -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/hSS-h1t9MhQJ. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
