On Wed, Aug 1, 2012 at 5:05 PM, Damian Menscher <[email protected]> wrote: > > Google automatically blocks IPs sending attack traffic. If you decide to > have your entire userbase come through a handful of IPs (in this case the > CloudFlare proxies), then any time a single one of your users attacks > Google, it's possible all of your users will be blocked. Hopefully none of > this is particularly surprising.
It surprised the hell out of me, and from other comments in this thread, I don't think I'm the only one. This behavior is not documented anywhere. It has *dramatic* repercussions for anyone running on a reverse proxy to provide SSL or edge caching or access from China or whatnot. It means that anyone with a few cleverly designed requests can immediately DOS your app, and possibly a number of other apps too. I absolutely do NOT want this protection on my app. There is currently one live thread on this mailing list about someone whose app is getting DDOSed and Google's "protection" does nothing, yet I'm getting shut down for a "false-positive". Combined with zero analytics, zero alerting, and Google's sluggish response to inquiries (downtime measured in hours, not minutes) and it's hard to see this undocumented "feature" as anything other than a HUGE liability. FWIW, I like CloudFlare's attack protection feature because I can leave it off. I only care about it if I'm getting attacked. Oh, and they give me nice charts and graphs so I can get a window into what's actually going on. > That page produces a 503, not a 200: > > bash-3.2$ curl -I 'www.google.com/sorry/?continue=http://www.voo.st/#' > HTTP/1.1 503 Service Unavailable > [snip other response headers] You are totally right - sorry. Not sure why our monitoring system didn't pick that up. Must have been confused by the redirect. At any rate, we're grepping for specific content on the check pages now. Jeff -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
