The dos.xml
file provides the controls to denylist IP addresses or
subnets to protect your app from Denial of Service (DOS) attacks or similar
forms of abuse. For more information, see
Configuring DoS protection.
appengine-web.xml
reference on static error handlers.
Example
The following is an example dos.xml
file:
<?xml version="1.0" encoding="UTF-8"?>
<blacklistentries>
<blacklist>
<subnet>1.2.3.4</subnet>
<description>a single IP address</description>
</blacklist>
<blacklist>
<subnet>1.2.3.4/24</subnet>
<description>an IPv4 subnet</description>
</blacklist>
<blacklist>
<subnet>abcd::123:4567</subnet>
<description>an IPv6 address</description>
</blacklist>
<blacklist>
<subnet>abcd::123:4567/48</subnet>
<description>an IPv6 subnet</description>
</blacklist>
</blacklistentries>
Syntax
A dos.xml
file in the WEB-INF
directory of your application configures
DoS Protection Service denylists for your application.
Element | Description |
---|---|
<description> |
An optional description for the denylist entry. |
<subnet> |
Required. The subnet value is any valid IPv4 or IPv6 subnet in CIDR notation. |
For an XSD describing the format, check the file docs/dos.xsd
in the SDK.
Deploying the DoS configuration file
To deploy the dispatch configuration file without otherwise altering the currently serving version, use the command:
appcfg.sh update_dos <application directory>
replacing <application directory>
with the path to your application main
directory.
Deleting all DoS configuration
To delete all DoS configuration:
Edit the contents of the
dos.xml
file to:<?xml version="1.0" encoding="UTF-8"?> <blacklistentries/>
Deploy the
dos.xml
file to App Engine.
Limits
You can define a maximum of 100 denylist entries in your configuration file. Uploading a configuration file with more than 100 entries will fail.