Google Cloud Armor
Google Cloud Armor
Cloud Armor provides DDoS protection and WAF capabilities for applications behind Google Cloud Load Balancing:
from google.cloud import compute_v1
# Create security policy
security_policy_client = compute_v1.SecurityPoliciesClient()
project = "your-project-id"
security_policy = compute_v1.SecurityPolicy(
name="web-server-security-policy",
description="Security policy for web servers",
rules=[
compute_v1.SecurityPolicyRule(
priority=1000,
match=compute_v1.SecurityPolicyRuleMatcher(
expr=compute_v1.Expr(
expression="origin.region_code == 'CN'"
)
),
action="deny(403)",
description="Block traffic from specific country"
),
compute_v1.SecurityPolicyRule(
priority=2000,
match=compute_v1.SecurityPolicyRuleMatcher(
expr=compute_v1.Expr(
expression="request.headers['user-agent'].contains('BadBot')"
)
),
action="deny(403)",
description="Block bad bots"
)
]
)
operation = security_policy_client.insert(
project=project,
security_policy_resource=security_policy
)
# Configure rate limiting
rate_limit_rule = compute_v1.SecurityPolicyRule(
priority=3000,
match=compute_v1.SecurityPolicyRuleMatcher(
config=compute_v1.SecurityPolicyRuleMatcherConfig(
src_ip_ranges=["0.0.0.0/0"]
)
),
action="rate_based_ban",
rate_limit_options=compute_v1.SecurityPolicyRuleRateLimitOptions(
rate_limit_threshold=compute_v1.SecurityPolicyRuleRateLimitOptionsThreshold(
count=100,
interval_sec=60
),
ban_duration_sec=600
),
description="Rate limit requests"
)