This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Cloud Armor to Block Countries

Posted on 07-04-2024 09:56 AM
mio-emat
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello all!

I have a wordpress instance running on compute engine and I want to block certain countries from accessing my website. Can I use something like cloud armor to prevent a region such as Russia or China from accessing my site?

Thank you all!

2 5 913
Topic Labels
5 REPLIES 5

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
Reply posted on --/--/---- --:-- AM

Hello @mio-emat  ,Welcome on Google Cloud Community.

Yes. You are correct. You must create Security Policy for that in CEL format. Examples policies could be found here: 
https://cloud.google.com/armor/docs/rules-language-reference#expression-examples

Info, how to configure policy: https://cloud.google.com/armor/docs/configure-security-policies

--
cheers,
DamianS
LinkedIn medium.com Cloudskillsboost

Posted on --/--/---- --:-- AM
mio-emat
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello Damian,

Thanks for sharing the info. I am having an issue when trying to create the security policy. Can you take a look at the screenshot and let me know what to put please?

Thanks!

 

armor.png 

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
In response to mio-emat
Reply posted on --/--/---- --:-- AM

Hi @mio-emat 

1. You must click "ADD A RULE"
2. Then Condition -> Advanced mode ( for block particular region, use this piece of code and change region code

origin.region_code == 'AU'

3. Add priority ( can be 1000). Priority is evaluated from 0 (highest) to 2,147,483,647 (lowest)
4. Click DONE
5. You can apply policy to target now, or create policy and then attach policy to target.

DamianS_0-1720502130799.png

DamianS_1-1720502143234.png

DamianS_2-1720502158506.png

Example:
Simple page before policy applied

DamianS_3-1720502266325.png

Simple page with policy blocked PL region

DamianS_4-1720502724715.png

--
cheers,
DamianS
LinkedIn medium.com Cloudskillsboost

 

 

Posted on --/--/---- --:-- AM
mio-emat
Bronze 1
Bronze 1
In response to DamianS
Reply posted on --/--/---- --:-- AM

Thanks Damian. Quick follow up question: when I try to apply policy to new target, I don't have any option. What am I doing wrong?

Thanks,

Screenshot 2024-07-09 at 10.52.28 AM.png

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
In response to mio-emat
Reply posted on --/--/---- --:-- AM

Yes, because you have to configure Load Balancer. There is no possibility at this moment to attach Cloud Armor policies to VM instances. There is in fact feature request for that, but we don't have ETA https://issuetracker.google.com/issues/217773056

If you don't want to utilize Cloud Armor behind Load Balancer, you can use third party DDOS protection tools like CloudFlare. 

PS: You should be able to create Managed Instance Groups from existing VM, create Load Balancer ,with a backend and then apply policy. 

PS2: Dunno if fastest way would be create MIGs ( Managed Instance Groups ) with wordpress on it and migrate old DB wordpress to new one. 

Top Labels in this Space
Top Solution Authors
View all