Google Cloud: App Engine gets Firewall Protection

App Engine, a web framework for developing and hosting web applications in Google-managed data centers, which is perhaps the longest-running public cloud computing platform, has finally got firewall implemented.

While firewall is a security system that monitors and controls the incoming and outgoing network traffic based on predetermined rules, which typically establishes a barrier between trusted, secure internal network and outside network, such as the Internet.

Before now, developers have had to hard-code alternative security system into their applications, as they couldn't restrict access to their applications on the service to only a small set of IP addresses.

Firewall is a key security feature for application developers and administrators, as it enable them to allow or deny incoming requests based on source IP addresses.

With Google App Engine firewall, you simply provide a set of rules, ordered by priority and specific IP address, or a set of IP addresses to block or allow, and the rest is automated by Google.

App Engine firewall returns an HTTP 403 Forbidden response without ever hitting the app, when it receives a request that's configured to be denied. This prevents new instances from spinning up, and if you’re getting heavy traffic, the denied request won’t add to your load — or bandwidth cost.

Albeit, App Engine firewall is still in beta, and so should be avoided in actual production environments.

For developers, App Engine firewall rules can be setup in the Google Cloud Console as well as with the App Engine Admin API or gcloud command-line tool. If you've got questions, concerns or if something isn't working as you’d expect, you can log a public issue on Google App Engine forum, or get in touch on the App Engine slack channel (#app-engine).
Next Post »