How can I do IP whitelisting for a static site hos

2020-03-30 02:36发布

站内问答 / 后端开发
1272 2 4

I have a static website hosted in Firebase. I can attach a custom domain to it fine. I would like to restrict access to my site to a certain range of IPs.

I am aware that in GCP Google Cloud Armor can do this. But Cloud Armor only works with a Load Balancer and the load balancer routes traffic only to GCP VMs.(not to a Firebase hosted site)

In AWS, there is a Web Application Firewall that lets you do IP Filtering.

I see GCP has provided links to 3rd Party partners here: https://cloud.google.com/security/partners/

But my question is what is the best and easiest way to whitelist IPs for a static website hosted in Firebase?

2条回答
老娘就宠你
2楼-- · 2020-03-30 03:12

Because Firebase is PaaS service, there is no such thing like firewall. By Firebase launch checklist

There are only two kind of protection you can do:

Protect By Authenication

Add whitelisting for your domains to prevent unauthorized usage.

  • Whitelist your production domain for browser API keys and client IDs in the Google Developer Console.
  • Whitelist your production domain in the Auth tab of the Firebase console panel.

Protect your data

Because any client can connect to any Firebase, you must write security rules to secure your data.So according to this document Firebase security, it will show you how to secure your web by secure who can access database.

This blog Firebase Security & Rules is also a good reference to learn how to secure your Firebase.

Hope this will help you

查看更多
0人赞 添加讨论(0) 举报
Root(大扎)
3楼-- · 2020-03-30 03:16

Web sites on Firebase Hosting are accessible to everyone. There is no way to block certain users, or IP ranges, from accessing them

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)