DEV Community

Ayyappa
Ayyappa

Posted on

What measures are available for Google Cloud Functions / Firebase Functions to protect from DDoS?

Google Cloud Functions offers the service at a great affordable price but it has missing pieces like protecting from DDoS and Rate Limiting.

It's very tough to go public with out protecting the product from abuse as at some point down the line we may get unexpected volumes of requests leading to huge bills!

Solutions i'm aware but seems not effective

Cloud Endpoints : Can be used for rate limiting but the pricing part is way more higher than the cloud functions pricing. Instead of using Endpoints, it looks like it better to handle in cloud functions as endpoints have the same problems.

Cloud Armour : No friendly pricing plans and a starter.

Questions

  • Is it fine if I add Cloud Flare to handle the DDoS attacks? Does it add any extra latency to the Rest API services?
  • Does having a reverse proxy for rate limiting and DDoS shield work? At what level of traffic I need to upgrade the reverse proxy server (Nginx) to make sure its scalable? I know it beats the purpose of serverless functions as i'm limited by the reverse proxy performance but I don't see any other alternative If i go with this.

I would like to know what measures you guys follow to protect serverless functions from abuse.

Top comments (3)

Collapse
 
quantuminformation profile image
Nikos

any updates?

Collapse
 
quantuminformation profile image
Nikos

dang I thought I was about to learn something here

Collapse
 
robertcrowdis profile image
Robert Crowdis

I would love to know as well!