dos.yaml Reference

The dos.yaml file provides the controls to denylist IP addresses or subnets to protect your app from Denial of Service (DOS) attacks or similar forms of abuse. For more information, see Configuring DoS protection.

By default, App Engine serves a generic error page to denylisted addresses. You can configure your app to serve a custom response instead. For details, see the appengine-web.xml reference on static error handlers.

Example

The following is an example dos.yaml file:

blacklist:
- subnet: 192.0.2.1
  description: a single IP address
- subnet: 192.0.2.0/24
  description: an IPv4 subnet
- subnet: 2001:DB8::1
  description: an IPv6 address
- subnet: 2001:DB8::/32
  description: an IPv6 subnet

Syntax

A dos.yaml file at any location in your application source code configures DoS Protection Service denylists for your application. The syntax of dos.yaml is the YAML format. For more information about this syntax, see the YAML website.

Element	Description
`description`	An optional description for the denylist entry.
`subnet`	Required. The subnet value is any valid IPv4 or IPv6 subnet in CIDR notation.

Deploying the DoS configuration file

The dos.yaml file can reside anywhere in your source code directory.

To deploy the DoS configuration file without otherwise altering the currently serving version, use one of the following commands in the directory containing your dispatch file, depending on your environment:

gcloud

gcloud app deploy dos.yaml

Maven

mvn appengine:deployDos dos.yaml

Gradle

gradle appengineDeployDos dos.yaml

IDE

If you use IntelliJ or Eclipse, you select the individual configuration files to be deployed using the deployment form.

Deleting all DoS configuration

To delete all DoS configuration:

Edit the contents of the dos.yaml file to:
```
blacklist:
```
Deploy the dos.yaml file to App Engine.

Limits

You can define a maximum of 100 denylist entries in your configuration file. Uploading a configuration file with more than 100 entries will fail.