Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rate Limiting Rules - Security Policy #11014

Closed
dawsonpaul opened this issue Feb 1, 2022 · 2 comments
Closed

Rate Limiting Rules - Security Policy #11014

dawsonpaul opened this issue Feb 1, 2022 · 2 comments
Labels
enhancement forward/review In review; remove label to forward service/compute-security-policy

Comments

@dawsonpaul
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Rate Limiting Rules made available within Security Policy creation

Rate Based Throttling and Rate Based Bans added to resource_compute_security_policy.go

Rate Based Throttling
Rate Based Bans

New or Affected Resource(s)

  • google_compute_security_policy

Potential Terraform Configuration

#Throttling Rule Potential
  rule {

    action      = "throttle"
    description = "rate limiting rule"
    preview     = "false"
    priority    = "100"
    match {
      versioned_expr = "SRC_IPS_V1"
      config {
        src_ip_ranges = [
          "1.2.3.0/24",
        ]
      }
    }
    rateLimitOptions {
      conformaction = "allow"
      enforceonkey  = "IP"
      exceedaction  = "deny(429)"
      rateLimitThreshold {
        count       = "100"
        intervalsec = "60"
      }

    }

  }

#Banning Rule Potential
rule {
  
  action = "rate_based_ban"
  description = "rate based banning rule"
  kind = "compute_securityPolicyRule"
  match{
    config {
      srcIpRanges = "0.0.0.0/0"
      }
    versionedExpr = "SRC_IPS_V1"
  }
  preview = false
  priority = 102
  rateLimitOptions {
    banDurationSec= 600
    banThreshold{
      count = 500
      intervalSec = 600
      }
    conformAction = "allow"
    enforceOnKey = "ALL"
    exceedAction = "deny(429)"
    rateLimitThreshold{
      count = 20
      intervalSec = 60
    }
  }
}

References

  • #0000
@rileykarson
Copy link
Collaborator

I believe this duplicates #10020, which was recently closed!

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 10, 2022
@github-actions github-actions bot added forward/review In review; remove label to forward service/compute-security-policy labels Jan 14, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement forward/review In review; remove label to forward service/compute-security-policy
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rileykarson @dawsonpaul