google-cloud-platformthrottlingrate-limitinggoogle-cloud-armor

How to enforce rate limiting for an IP that received 403 errors repeatedly in a Security Policy in Google Cloud?


I want to enforce rate limiting (throttling) if an IP has repeatedly faced 403 errors, on the edge, using Google Cloud Armor.

I have been able to enforce rate-based limiting/throttling for any IP that crosses the benchmark using the enforceKey on IP as the key.

However, I want to also throttle, at a higher priority, any IP that faces 403 errors.

Is this doable in Google Cloud Armor?


Solution

  • This is not doable today as the 403 code is an origin response and Cloud Armor does not process outbound rules, just inbound.