dos.yaml file provides the controls to denylist IP addresses or
subnets to protect your app from Denial of Service (DOS) attacks or similar
forms of abuse. For more information, see
Creating App Engine firewall rules.
appengine-web.xmlreference on static error handlers.
The following is an example
blacklist: - subnet: 192.0.2.1 description: a single IP address - subnet: 192.0.2.0/24 description: an IPv4 subnet - subnet: 2001:DB8::1 description: an IPv6 address - subnet: 2001:DB8::/32 description: an IPv6 subnet
dos.yaml file at any location in your application source code configures
DoS Protection Service denylists for your application.
The syntax of
dos.yaml is the YAML format. For more information about this
syntax, see the YAML website.
||An optional description for the denylist entry.|
||Required. The subnet value is any valid IPv4 or IPv6 subnet in CIDR notation.|
Deploying the DoS configuration file
dos.yaml file can reside anywhere in your source code directory.
To deploy the DoS configuration file without otherwise altering the currently serving version, use one of the following commands in the directory containing your dispatch file, depending on your environment:
gcloud app deploy dos.yaml
mvn appengine:deployDos dos.yaml
gradle appengineDeployDos dos.yaml
Deleting all DoS configuration
To delete all DoS configuration:
Edit the contents of the
dos.yamlfile to App Engine.
You can define a maximum of 100 denylist entries in your configuration file. Uploading a configuration file with more than 100 entries will fail.