The dos.yaml
file provides the controls to denylist IP addresses or
subnets to protect your app from Denial of Service (DOS) attacks or similar
forms of abuse. For more information, see
Configuring DoS protection.
app.yaml
reference on error handlers.
Example
The following is an example dos.yaml
file:
blacklist:
- subnet: 192.0.2.1
description: a single IP address
- subnet: 192.0.2.0/24
description: an IPv4 subnet
- subnet: 2001:DB8::1
description: an IPv6 address
- subnet: 2001:DB8::/32
description: an IPv6 subnet
Syntax
A dos.yaml
file in the root directory of your application alongside
app.yaml
: it configures DoS Protection Service denylists for your application.
dos.yaml
is the YAML format. For more information about this
syntax, see the YAML website.
Element | Description |
---|---|
description |
An optional description for the denylist entry. |
subnet |
Required. The subnet value is any valid IPv4 or IPv6 subnet in CIDR notation. |
Deploying the DoS configuration file
To deploy the DoS configuration file, run the following command:gcloud
gcloud app deploy dos.yaml
appcfg
If you install the original App Engine SDK, you can run:
appcfg.py update_dos [YOUR_APP_DIR]
Deleting all DoS configuration
To delete all DoS configuration:
Edit the contents of the
dos.yaml
file to:blacklist:
Deploy the
dos.yaml
file to App Engine.
Limits
You can define a maximum of 100 denylist entries in your configuration file. Uploading a configuration file with more than 100 entries will fail.