Did your attacker change lines of attack after put in the curl blocking? Or did the blocking itself not solve the problem?
Here's a thought: use node.js to set up a simple filter (node.js because it's high throughput for very lightweight operations). For valid traffic, proxy to your real GAE site, otherwise proxy to a honeypot that will black-hole the attacker's requests. I say proxy rather than redirect so that your GAE site can whitelist the IP of your filter - I think HTTP referrer can be spoofed, which would defeat the purpose. Writing node.js proxies is pretty straightforward (there's code for it on the net) so the real trick is then making sure you can distinguish attacks from normal traffic - hence my original question. This is all off the top of my head, there may be holes in this plan I hadn't thought of. But it seems like it could work. - Kris On Wednesday, August 8, 2012 8:12:17 PM UTC-7, Kate wrote: > > My site has been on GAE for several years but am now experiencing denial > of service attacks. I don't want to pay for them so my site is now down. I > put in a production issue last week and have tried blocking the user agent > (curl). But I can't block by IP as all IPs are different. > > Apart from moving from GAE what can I do. > > Thanks in advance, > > Kate > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/CxhoHfsyxBcJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
