DEV Community

Ayyappa
Ayyappa

Posted on

2

What measures are available for Google Cloud Functions / Firebase Functions to protect from DDoS?

Google Cloud Functions offers the service at a great affordable price but it has missing pieces like protecting from DDoS and Rate Limiting.

It's very tough to go public with out protecting the product from abuse as at some point down the line we may get unexpected volumes of requests leading to huge bills!

Solutions i'm aware but seems not effective

Cloud Endpoints : Can be used for rate limiting but the pricing part is way more higher than the cloud functions pricing. Instead of using Endpoints, it looks like it better to handle in cloud functions as endpoints have the same problems.

Cloud Armour : No friendly pricing plans and a starter.

Questions

  • Is it fine if I add Cloud Flare to handle the DDoS attacks? Does it add any extra latency to the Rest API services?
  • Does having a reverse proxy for rate limiting and DDoS shield work? At what level of traffic I need to upgrade the reverse proxy server (Nginx) to make sure its scalable? I know it beats the purpose of serverless functions as i'm limited by the reverse proxy performance but I don't see any other alternative If i go with this.

I would like to know what measures you guys follow to protect serverless functions from abuse.

Sentry blog image

How I fixed 20 seconds of lag for every user in just 20 minutes.

Our AI agent was running 10-20 seconds slower than it should, impacting both our own developers and our early adopters. See how I used Sentry Profiling to fix it in record time.

Read more

Top comments (4)

Collapse
 
robertcrowdis profile image
Robert Crowdis β€’

I would love to know as well!

Collapse
 
quantuminformation profile image
Nikos β€’

any updates?

Collapse
 
quantuminformation profile image
Nikos β€’

dang I thought I was about to learn something here

Collapse
 
supermnr profile image
Mounir β€’

any updates?

You Know That Your Mobile App Needs Security. Here\

You Know That Your Mobile App Needs Security. Here's How to Get Started

Mobile apps have become a cornerstone of modern life. With billions of users, they have become a prime target for attackers. By implementing strong mobile app security, organizations can prevent IP theft, revenue loss, and an erosion of user trust.

Read the guide

πŸ‘‹ Kindness is contagious

Discover this thought-provoking article in the thriving DEV Community. Developers of every background are encouraged to jump in, share expertise, and uplift our collective knowledge.

A simple "thank you" can make someone's dayβ€”drop your kudos in the comments!

On DEV, spreading insights lights the path forward and bonds us. If you appreciated this write-up, a brief note of appreciation to the author speaks volumes.

Get Started