If I'm not missing something obvious, you should also manually, from code, block access to routines from *.appspot.com requests, and move one step forward and manually whitelist CF IP's at your code
Even if you do all of these, that person will still be able to request *.appspot.com/static.file of yours - so I don't think these will solve your problem On Monday, October 28, 2013 7:37:05 AM UTC+2, Vinny P wrote: > > On Sun, Oct 27, 2013 at 9:40 PM, Lawrence Mok > <[email protected]<javascript:> > > wrote: > >> Yesterday my site is being attacked for the first time causing the reach >> of daily budget limit thus a complete stop of the site. >> >> Someone from the IP 117.194.36.17 was requesting a 5MB file download 600 >> times within a short period >> >> I know I can blacklist this IP, but is there anything Google can do just >> to prevent this from happening in advance, given that this can happen on >> any IP? >> > > > I would recommend Cloudflare's DDOS protection. They have basic DDOS > protection measures available on their free plan, and more advanced options > available on paid tiers. You can compare their plans here: > http://www.cloudflare.com/plans > > I would also recommend moving any large, static files to Google Cloud > Storage hosting. It's a bit easier to manage and separates your application > code from static assets. > > > ----------------- > -Vinny P > Technology & Media Advisor > Chicago, IL > > App Engine Code Samples: http://www.learntogoogleit.com > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/groups/opt_out.
