"Cloud Armor" incorporating DDoS defense system and IP address access control into load balancer is now available on Google Cloud Platform

Google will offer DDoS defense technology used in its services such as Gmail and YouTube to customers of cloud service "Google Cloud Platform (GCP)" as a new service "Cloud Armor"We released it as.

Cloud Armor - Denial of Service Defense | Google Cloud
https://cloud.google.com/armor/


Cloud Armor uses Google's global infrastructure and security system to protect DDoS attacks against infrastructure and applications.


Cloud Armor is a GCPLoad balancerTo provide defense functions.


In addition, the function of controlling user access based on geographical data and IP address is provided as a beta version. Because it is a beta version, access control is only for load balancer except CDN.


OtherCross site scriptingYaSQL injectionWe are planning to set the default settings for defending against. Since this function is an alpha version at the time of article creation, it is provided only by a specific selected customer.


Cloud Armor can be set in "Network security" in the "Networking" item of the GCP menu.


Cloud Armor's rule creation screen looks something like this. Because it is a beta version, only type "IP address" can be selected. Enter a range of IP addresses under it and select whether to allow or deny access from the IP address entered under "Action" below. In "Deny status" you can select from 403 (access denied), 404 (file undetected), 502 (unauthorized gateway) status to notify parties when rejected. If you check "Preview only", you will only leave logs without applying rules. In the case of conflicting rules, the one with the smaller "priority" takes precedence.


As Cloud Armor is offered in beta version, incompatible changes may occur and quality of service is not guaranteed. There is no fee in the beta version, but in the future one dollar per rule (about 100 yen), a policy of determining the load balancer to apply the rules collectively 5 dollars per month (about 520 yen) And announced it would be $ 0.75 (about 80 yen) for every million access.