Google has announced a new firewall feature that allows developers and administrators using App Engine to easily restrict access from specific traffic sources.
Google App Engine (GAE), a managed platform that sits within the broader Google Cloud suite of services that competes with the likes of Amazon Web Services (AWS) and Microsoft Azure, is a web framework and platform for developing and scaling apps hosted on Google’s cloud.
During testing or for other reasons entirely, developers may wish to open up new apps to just a few specific groups of users or perhaps prevent certain regions from accessing it. It is already possible to restrict access based on IP address, but this requires implementing access controls within the code and even then the requests are still allowed in the door — this not only consumes resources but can also cost companies money for traffic they don’t need or want. With the new Google App Engine firewall, which launches today in beta, developers provide a set of rules through the App Engine Admin API, Google Cloud Console, or Gcloud command-line tool and specify the IP addresses to block or allow. And that’s about it.
There is a default rule that allows all traffic to visit an app, but admins can update that rule to specify a range of permitted IP addresses from within the company’s own network or partner organizations, for example, or from a specific country.
Other use-cases for the App Engine firewall include being able to block malicious IP addresses and protecting an app from distributed denial of service (DDoS) attacks.
Developers can hit the Test IP tab in the Cloud Console to ensure that their rules are working as they intend. Those visiting from a blocked IP address will see an HTTP 403 Forbidden response, and their attempt to visit the website or app won’t add to the load or count in terms of traffic.
It’s worth remembering that this new tool isn’t a finished product, so some care is in order. “App Engine firewall is in beta, so avoid using this functionality in production environments,” noted Google product manager Lorne Kligerman, in a blog post.