I know this blogging system runs on WordPress. So our WordPress on GCP are under attack by bots causing DDoS and I had to take them down by deleting NS Records (duh). It’s time to use mod_security2 as I did before on onprem servers. Google rebranded mod_security2 as Google Cloud Armor (GCA). This article is for documentation purpose only, use it with caution.
Prerequisite
- A backend service is already configured in (classic) load balancer.
- You’re familiar with gcloud CLI.
- Your public IP address is within GCP VPC Network
Things to do
First thing first: create policy name “block-with-modsec-crs”
gcloud compute security-policies create block-with-modsec-crs --description "Block with OWASP ModSecurity CRS"
Create priority number 2147483647, the lowest rule for our block-with-modsec-crs policy, give it action deny-403 as per GCA rule.
gcloud compute security-policies rules update 2147483647 --security-policy block-with-modsec-crs --action "deny-403"
Read more