dos.xml Reference

The dos.xml file provides the controls to blacklist IP addresses or subnets to protect your app from Denial of Service (DOS) attacks or similar forms of abuse. For more information, see Configuring DoS protection.

By default, App Engine serves a generic error page to blacklisted addresses. You can configure your app to serve a custom response instead. For details, see the appengine-web.xml reference on static error handlers.

Example

The following is an example dos.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<blacklistentries>
  <blacklist>
    <subnet>1.2.3.4</subnet>
    <description>a single IP address</description>
  </blacklist>
  <blacklist>
    <subnet>1.2.3.4/24</subnet>
    <description>an IPv4 subnet</description>
  </blacklist>
  <blacklist>
    <subnet>abcd::123:4567</subnet>
    <description>an IPv6 address</description>
  </blacklist>
  <blacklist>
    <subnet>abcd::123:4567/48</subnet>
    <description>an IPv6 subnet</description>
  </blacklist>
</blacklistentries>

Syntax

A dos.xml file in the WEB-INF directory of your application configures DoS Protection Service blacklists for your application.

Element Description
<description> An optional description for the blacklist entry.
<subnet> Required. The subnet value is any valid IPv4 or IPv6 subnet in CIDR notation.

For an XSD describing the format, check the file docs/dos.xsd in the SDK.

Limits

You can define a maximum of 100 blacklist entries in your configuration file. Uploading a configuration file with more than 100 entries will fail.