We have our app deployed in Cloud Run which is schedule to run through cloud scheduler every half n hour but recently we are flooded with 401 and 403 errors . These are the new and recurring errors that have been spamming our alert system. We noticed some malicious hits made by third party to invoke our Cloud Run Service .

The remote IPs of the invoker (which is getting rejected each time due to not having the correct permissions to invoke pipeline executions) are consistent with a malicious party who is known for trying to disrupt or gain access to unsecured endpoints and resources online.

Details of the unauthenticated requests: Error - 401 - 209.17.96.*** - userAgent: "Mozilla/5.0 (compatible; Nimbostratus-Bot/v1.3.2; http://cloudsystemnetworks.com)" Error - 403 - 209.17.97.*** - userAgent: "Mozilla/5.0 (compatible; Nimbostratus-Bot/v1.3.2; http://cloudsystemnetworks.com)"

what could be a possible solution to restrict/blacklist these Incoming Traffic from our Cloud Run service ?enter image description here

CodePudding user response：

Posting John Hanley's answer as community wiki

I am assuming that your Cloud Run application is public. Cloud Run does not have a firewall to block IP addresses. One option is to deploy an HTTP load balancer with Cloud Armor. In general, public endpoints are hit with this type of bad traffic constantly. Solutions will cost money, and your budget will determine the best solution.