Add more granularity to GAE Firewall rules and the ability to target specific services [110763628]

Assigned

Feature Request

Status Update

No update yet.

Description

qa...@google.com

created issue #1

Jun 25, 2018 08:21AM

Currently, it's not possible to create a specific set of rules for a specific service.

This would be useful to protect a backend service from unintended use by blocking any incoming requests that are not from a specific frontend service/a service in the same project/a service. This will reduce App Engine usage costs, development costs and help in speeding up the configuration process.

A workaround is to deploy the backend service to a project where the GAE Firewall rules prevent any requests except the other GAE services or to check that the requests are coming from the right service by adding an additional payload to the request.

Furthermore, an ability to target a specific service or a group of services as the only permitted to access the backend service would further improve all the mentioned above.

Comments

mo...@gmail.com <mo...@gmail.com> #2Jun 25, 2018 03:13PM

Thanks for the explanation.

Do you mean that I have to deploy the back-end and front-end into two different projects?

According to the last two lines (Furthermore, ....etc), how could we do that?

Message last modified on Jun 25, 2018 09:04PM

ea...@google.com <ea...@google.com> Jul 13, 2018 09:32AM

Assigned to gc...@google.com.

co...@topper.wku.edu <co...@topper.wku.edu> #3Oct 24, 2018 12:14AM

This is absolutely an issue for my project as well. There's no way to cut out parts of the API that customers should never be hitting.

ma...@gmail.com <ma...@gmail.com> #4May 8, 2019 07:33PM

I'm facing the same issue. I have a code that have multiple API's that need to make HTTP request to a central service that handles the organization management (add or removing projects, folders, etc), but I'm not having success with it.

ni...@inforintelligence.com <ni...@inforintelligence.com> #5Oct 16, 2019 02:09PM

+1
I have certain resources on App Engine which should only be accessible via Cloud Tasks while other services are supposed to be public at the same time.

gr...@gmail.com <gr...@gmail.com> #6Jan 19, 2020 08:10PM

This seems like a duplicate of

Bug 77891432

ma...@gmail.com <ma...@gmail.com> #7Aug 3, 2020 02:56AM

Any news on this? Just discovered this problem, really hoping a solution is in the works

[Deleted User] <[Deleted User]> #8Feb 2, 2021 06:24AM

Any news? Restricting access to specific service is very needed feature