🛡 Welcome back to Go Deep with Google Cloud Armor! What questions do you have about Cloud Armor? While you’re here, be sure to subscribe for future episodes! → goo.gle/GoogleCloudTech
The last rule "iplist-tor-exit-nodes", the action is set to deny with 403 (forbidden), but the test received 404 response, and the log also shows a 404. can you help to understand this part?
Anyone have any recommendations on how to create path based rules for cloud armor? I'm working on a project where the aim is to create path based rules that search for a phrase listed in a text file that I created by SSHing into a vm attached to my load balancer. No matter how I write the rules or set the priority I cannot get any rule to work. I've tried adjusting every aspect of the rule to make it function and I've got nothing. I tried creating new policies, no dice. At this point I just have to walk away to preserve the shrivel of sanity I have left. Any suggestions before I YEET my computer out a window?
I am trying to geofence my loadbalancer from 18 countries. I can seem to use CEL expression for 18 countries. gives me "1:1: Expression count of 6 exceeded maximum of 5 expressions." error. How can I implement geofencing with cloud armour?
Go to cloud armor policies screen. Select the policy and delete. Alternatively if you want to remove policy for particular target then simply select the policy go to the target option above rules table and delete the target.
You need to expose the VM not through an external ip address, but adding it to a instance group (you have to decide either managed or unmanaged, depending on your workload), and then exposing that group via a LB
🛡 Welcome back to Go Deep with Google Cloud Armor! What questions do you have about Cloud Armor? While you’re here, be sure to subscribe for future episodes! → goo.gle/GoogleCloudTech
Nice
Guys, give it 5 minutes to kick in when you add a rule. It takes some time for changes to take effect, no matter what the web console tells you
The last rule "iplist-tor-exit-nodes", the action is set to deny with 403 (forbidden), but the test received 404 response, and the log also shows a 404. can you help to understand this part?
You should mention, that you need to enable logs level to VERBOSE, to see that kind of details in logs
Hi Cezary thanks for the comment. Yes verbose logging is required to view details of preconfigured WAF logging
Anyone have any recommendations on how to create path based rules for cloud armor? I'm working on a project where the aim is to create path based rules that search for a phrase listed in a text file that I created by SSHing into a vm attached to my load balancer. No matter how I write the rules or set the priority I cannot get any rule to work. I've tried adjusting every aspect of the rule to make it function and I've got nothing. I tried creating new policies, no dice. At this point I just have to walk away to preserve the shrivel of sanity I have left. Any suggestions before I YEET my computer out a window?
did you ever figure this out?
request.path.matches("/login.html")
Did you try writing CEL that checks the request.path?
Yes.
Rate limiting have a limitation of 1000 QPM so no one would apply that small value of rate limiting.
If it's possible to restrict ip address, but not affecting the URL communication?
I am trying to geofence my loadbalancer from 18 countries. I can seem to use CEL expression for 18 countries. gives me "1:1: Expression count of 6 exceeded maximum of 5 expressions." error. How can I implement geofencing with cloud armour?
Thanks
How to disable cloud armor?
Go to cloud armor policies screen. Select the policy and delete. Alternatively if you want to remove policy for particular target then simply select the policy go to the target option above rules table and delete the target.
Hi, how to add a load balancer to for my VM?
You need to expose the VM not through an external ip address, but adding it to a instance group (you have to decide either managed or unmanaged, depending on your workload), and then exposing that group via a LB
15:42 duckduckgo ad within a gcp vid :)
cloud armour rules for facebook sharing