K
Q

Google Compute Engine denying access to ip address

11/10/2017

I have a kubernetes cluster running on GCE. Someone is using bots to create a lot of requests on my server and I don't know how to block him. I could do it from within the application but that will eat a lot more resources as compared to a more elegant solution such as a firewall rule.

I tried adding such a firewall rule without any positive results: enter image description here

I would probably drop it if I was using the Nginx loadbalancer but I'm using their own loadbalancer and I can't mangle with that.

So...how does one ban a request based on source ip address in GCE/kubernetes?

-- Romeo Mihalcea
google-compute-engine
google-kubernetes-engine
kubernetes

Similar Questions

Detect successful kubernetes deployment
Pods don't seem to be receiving upstream dns or stub domains when using custom kube-dns config map
Access non Istio resource
Kubernetes: one pod, more containers on more nodes

1 Answer

12/1/2017

You can run nginx behind the GCE ingress and reject IPs based on the X-Forwarded-FOR header [github] (https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/whitelist)

-- miguelfrancisco85
Source: StackOverflow