2

we have a VM on GCP and we have every night people from differents countries trying to hack it, we have config evasive but they constantly change the ip and start again.

we were adding manually one by one the ip that are show on the apache log on a GCP Firewall rule with deny access but they keep coming.

we try to build an acl with all the ip from asia, russia and germany they the are almost 159000 address and GCP firewall rule only allows 256.

we try cloud armor but only allow 5 ip

what can we do to protect our VM from access this people at the edge network, before even a ping gets to the VM?

is there any GCP function to avoid this?

Austral
  • 21
  • 2

1 Answers1

0

You can deny a region with Cloud Armor using the attributes for example If your web application isn't available in the AU region, then all requests from that region must be blocked.

In a deny rule, use the following expression, which matches requests from the AU region:

origin.region_code == 'AU'

Here are the Officially assigned code elements

Armando
  • 11
  • 2