0

If a particular computer is making tons of accounts or flooding my server with other requests, could parse-server automatically check this behaviour and block the specified IP address?

Built-in rate limiting would also be a nice alternative, although it doesn't really solve the problem if the person continues to spam.

I am hosting on google app engine by the way.

OneCricketeer
  • 179,855
  • 19
  • 132
  • 245
AppreciateIt
  • 696
  • 2
  • 8
  • 23

2 Answers2

0

I don't believe that this is a feature out of the box - see advanced options here: https://github.com/ParsePlatform/parse-server.

You'd need to look at controlling access to the Google App Engine (or another host - such as Microsoft Azure Web App) using a firewall (you can easily do this with Azure. I'm not familiar with Google App Engine, but imagine similar functionality is available.

However, I don't believe that a firewall is necessary - just better app security. Disable anonymous users - Parse Server Security

Community
  • 1
  • 1
Mr T
  • 990
  • 10
  • 32
0

I don't know about Parse itself, but from App Engine side you have DoS protection service controlled via dos.yaml file in your project that lets you blacklist IP blocks—sounds like that may help. It's not "automatic", though; you still need to manually update this file and issue appcfg.py update_dos <PROJECT_DIR> for changes to take effect.

asamarin
  • 1,544
  • 11
  • 15
  • It looks like dynamic ip restrictions are missing from GAE, despite being possible on AWS, Azure, or any individual load balancer (HAProxy, etc). Such a shame, it makes GAE not very viable imo. – AppreciateIt Apr 17 '16 at 06:24
  • FWIW GAE firewall was recently released, see https://stackoverflow.com/questions/23682114/google-app-engine-block-incoming-traffic-by-country/45891423#45891423 – Dan Cornilescu Aug 26 '17 at 02:36