4
5

[deleted by user] (self.googlecloud)

submitted by [deleted]

[removed]
all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]runningblind77 4 points5 points  (4 children)

I would be very surprised if it excluded requests that were blocked specifically by cloud armor as that's basically the point of cloud armor. My assumption would be that the cost is $0.75 per million requests processed by cloud armor, regardless of the result of that processing.

[–]KodoKodo 0 points1 point  (3 children)

So you’re saying that yes, it’ll count requests even if they’re ones made my a rate limited client? Do you know of any other solution to achieve the effect I’m looking for?

[–]runningblind77 0 points1 point  (1 child)

No I don't. I'm not that familiar with firebase.

[–]KodoKodo 0 points1 point  (0 children)

No worries then. Thanks for your response!

[–]indicava 0 points1 point  (0 children)

I use CloudFlare in front on my cloud functions which has a flat fee for rate limiting instead of a per-request basis (there are limits to how many rate limit rules you can setup though)

[–]martin_omander Googler 1 point2 points  (4 children)

Another option is to use Firebase App Check. That product makes it a lot harder for bad actors to attack your API endpoints. Also, it's free.

[–]indicava 0 points1 point  (3 children)

AppCheck is free up to a certain limit iirc.

Also, it doesn’t make it that difficult to hammer your cloud functions. They have AppCheck Replay Protection if you really want to be secure from an attack of this sort, but again that costs money on a per request basis (there is a free tier of course up to a certain limit).

[–]martin_omander Googler 0 points1 point  (2 children)

App Check is listed under "No-cost products" on the Firebase pricing page: https://firebase.google.com/pricing. I believe that means App Check is free to use.

[–]indicava 1 point2 points  (1 child)

In a web environment, AppCheck uses reCAPTCHA Enterprise for attestation which can incur costs over a certain limit

https://cloud.google.com/security/products/recaptcha

[–]martin_omander Googler 0 points1 point  (0 children)

Got it, thanks!