{"id":22946,"date":"2025-06-25T10:15:58","date_gmt":"2025-06-25T03:15:58","guid":{"rendered":"https:\/\/gcloudvn.com\/?p=22946"},"modified":"2025-06-25T14:35:08","modified_gmt":"2025-06-25T07:35:08","slug":"how-to-protect-your-site-from-ddos-attacks-with-the-power-of-google-cloud-networking-and-network-security","status":"publish","type":"post","link":"https:\/\/gcloudvn.com\/en\/kienthuc\/how-to-protect-your-site-from-ddos-attacks-with-the-power-of-google-cloud-networking-and-network-security\/","title":{"rendered":"How to protect your site from DDoS attacks with the power of Google Cloud networking and network security"},"content":{"rendered":"<section class=\"wpb-content-wrapper\"><div class=\"vc_row wpb_row vc_row-fluid\"><div class=\"wpb_column vc_column_container vc_col-sm-12\"><div class=\"vc_column-inner\"><div class=\"wpb_wrapper\">\n\t<div class=\"wpb_text_column wpb_content_element\" >\n\t\t<div class=\"wpb_wrapper\">\n\t\t\t<p><span style=\"font-weight: 400;\">Google Cloud constantly innovates and invests significantly in our capabilities to stop cyberattacks such as distributed denial-of-service attacks from taking down websites, apps, and services. It\u2019s an essential part of protecting our customers.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Our Project Shield offering, which uses Google's Cloud networking and our Global Front End infrastructure to help defend against attacks, including stopping one of the world's largest distributed denial-of-service (DDoS) attacks to date, uses elements of our Cloud Armor, Cloud CDN, and Load Balancing services. It combines them into a robust defense platform that can help keep key public-interest websites online in the face of constant attacks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">While Project Shield is designed for customers at high risk of DDoS attacks, such as news media, election and voting infrastructure, and human rights organizations, enterprise customers can also tap the power of Google Cloud networking and network security. Google Cloud can help you protect workloads anywhere on the web, just like Project Shield does, using the same defense platform to help protect your app, website, or API. Here\u2019s how.<\/span><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/how-to-protect-your-site-from-ddos-attacks-with-the-power-of-google-cloud-networking-and-network-security\/#Phu_nhan_su_phu_nhan\" >Denying the denial<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/how-to-protect-your-site-from-ddos-attacks-with-the-power-of-google-cloud-networking-and-network-security\/#Lam_the_nao_de_bat_dau\" >How to get started<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/how-to-protect-your-site-from-ddos-attacks-with-the-power-of-google-cloud-networking-and-network-security\/#Toi_uu_hoa_lop_luu_tru_dem_cua_ban\" >Optimizing your caching layer<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/how-to-protect-your-site-from-ddos-attacks-with-the-power-of-google-cloud-networking-and-network-security\/#Bat_dau_ngay_hom_nay\" >Get started today<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Phu_nhan_su_phu_nhan\"><\/span><b>Denying the denial<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">DDoS is a serious threat, and can take down your service \u2014 no special access or compromise required. These attacks could come from anywhere in the world, and are hard to track. They frequently use botnets made up of compromised machines (and sometimes light bulbs). The attacks look like normal network traffic, except they are blazingly fast, with hundreds of millions of malicious requests per second.<\/span><\/p>\n<figure id=\"attachment_22895\" aria-describedby=\"caption-attachment-22895\" style=\"width: 1800px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/new-gemini-summary-cards-now-available-in-the-gmail-app-on-android-and-ios-devices\/attachment\/1_lkqiyyp-max-1800x1800\/\" rel=\"attachment wp-att-22895\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-22895 size-full\" src=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/1_lkqIyyp.max-1800x1800-1.png\" alt=\"\" width=\"1800\" height=\"905\" srcset=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/1_lkqIyyp.max-1800x1800-1.png 1800w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/1_lkqIyyp.max-1800x1800-1-768x386.png 768w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/1_lkqIyyp.max-1800x1800-1-1536x772.png 1536w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/1_lkqIyyp.max-1800x1800-1-18x9.png 18w\" sizes=\"auto, (max-width: 1800px) 100vw, 1800px\" \/><\/a><figcaption id=\"caption-attachment-22895\" class=\"wp-caption-text\">Some of the DDoS attacks that we see here at Google. Over the last decade, the size and frequency of attacks has continued to grow.<\/figcaption><\/figure>\n<p><span style=\"font-weight: 400;\">Protecting your service requires separating legitimate traffic from attack traffic; you still have to process every request, no matter its origin. We want you to be able to focus on delivering value to your audience instead of trying to beat the request escalation. To do so, successful defenses have to be able to scale up to more than your total actual traffic.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Lam_the_nao_de_bat_dau\"><\/span><b>How to get started<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Older defensive techniques have proven inadequate over time. Firewalls struggle to block requests when they come from seemingly legitimate sources. Filtering traffic yourself requires a huge investment in infrastructure, which is expensive and drains resources you\u2019d prefer to put to better use.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It only takes a few minutes to protect your site with Google Cloud networking and network security offerings. Our tools can mitigate attacks using our latest machine learning (ML)-based defenses, and cache your content so it can reach users faster while lowering the burden on your hosting servers. While your content can live anywhere, the protections are going to involve using Google Cloud's Load Balancer, Content Delivery Network, Cloud Armor and potentially Adaptive Protection.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are two ways to set up these defenses for your organization. You can follow our below outlined guidance through the Google Cloud console interface, or you can run this Terraform script (with a few edits.)<\/span><\/p>\n<p><figure id=\"attachment_22892\" aria-describedby=\"caption-attachment-22892\" style=\"width: 632px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/new-gemini-summary-cards-now-available-in-the-gmail-app-on-android-and-ios-devices\/attachment\/4_-_turn_on_cloud_cdn_v1-max-1000x1000\/\" rel=\"attachment wp-att-22892\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-22892 size-full\" src=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/4_-_Turn_on_Cloud_CDN_v1.max-1000x1000-1.png\" alt=\"\" width=\"632\" height=\"1000\" srcset=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/4_-_Turn_on_Cloud_CDN_v1.max-1000x1000-1.png 632w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/4_-_Turn_on_Cloud_CDN_v1.max-1000x1000-1-8x12.png 8w\" sizes=\"auto, (max-width: 632px) 100vw, 632px\" \/><\/a><figcaption id=\"caption-attachment-22892\" class=\"wp-caption-text\">Creating a backend service, which directs your traffic. This uses the network endpoint group you just created.<\/figcaption><\/figure><br \/>\n<figure id=\"attachment_22893\" aria-describedby=\"caption-attachment-22893\" style=\"width: 765px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/new-gemini-summary-cards-now-available-in-the-gmail-app-on-android-and-ios-devices\/attachment\/3_-_create_a_backend_service-max-1100x1100\/\" rel=\"attachment wp-att-22893\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-22893 size-full\" src=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/3_-_Create_a_backend_service.max-1100x1100-1.png\" alt=\"\" width=\"765\" height=\"1100\" srcset=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/3_-_Create_a_backend_service.max-1100x1100-1.png 765w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/3_-_Create_a_backend_service.max-1100x1100-1-8x12.png 8w\" sizes=\"auto, (max-width: 765px) 100vw, 765px\" \/><\/a><figcaption id=\"caption-attachment-22893\" class=\"wp-caption-text\">Creating a load balancer and reserving an IP address to serve your traffic to the world.<\/figcaption><\/figure><br \/>\n<figure id=\"attachment_22894\" aria-describedby=\"caption-attachment-22894\" style=\"width: 758px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/new-gemini-summary-cards-now-available-in-the-gmail-app-on-android-and-ios-devices\/attachment\/2_-_create_ip_and_http_load_balancer-max-1000x1000\/\" rel=\"attachment wp-att-22894\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-22894 size-full\" src=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/2_-_Create_IP_and_HTTP_load_balancer.max-1000x1000-1.png\" alt=\"\" width=\"758\" height=\"1000\" srcset=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/2_-_Create_IP_and_HTTP_load_balancer.max-1000x1000-1.png 758w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/2_-_Create_IP_and_HTTP_load_balancer.max-1000x1000-1-9x12.png 9w\" sizes=\"auto, (max-width: 758px) 100vw, 758px\" \/><\/a><figcaption id=\"caption-attachment-22894\" class=\"wp-caption-text\">Creating a network endpoint group to tell Google's network where your content lives.<\/figcaption><\/figure><\/p>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_22891\" aria-describedby=\"caption-attachment-22891\" style=\"width: 1009px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/new-gemini-summary-cards-now-available-in-the-gmail-app-on-android-and-ios-devices\/attachment\/5_-_create_an_https_load_balancer_and_certificate_1\/\" rel=\"attachment wp-att-22891\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-22891 size-full\" src=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/5_-_Create_an_HTTPS_load_balancer_and_certificate_1.png\" alt=\"\" width=\"1009\" height=\"1454\" srcset=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/5_-_Create_an_HTTPS_load_balancer_and_certificate_1.png 1009w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/5_-_Create_an_HTTPS_load_balancer_and_certificate_1-768x1107.png 768w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/5_-_Create_an_HTTPS_load_balancer_and_certificate_1-8x12.png 8w\" sizes=\"auto, (max-width: 1009px) 100vw, 1009px\" \/><\/a><figcaption id=\"caption-attachment-22891\" class=\"wp-caption-text\">Turning on CloudCDN, which allows Google to serve cacheable content from the edge of our network. This speeds up your site\u2019s performance, and protects against attack.<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_22890\" aria-describedby=\"caption-attachment-22890\" style=\"width: 519px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/new-gemini-summary-cards-now-available-in-the-gmail-app-on-android-and-ios-devices\/attachment\/6_-_turn_on_adaptive_protection_v1-max-1000x1000\/\" rel=\"attachment wp-att-22890\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-22890 size-full\" src=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/6_-_Turn_on_Adaptive_Protection_v1.max-1000x1000-1.png\" alt=\"\" width=\"519\" height=\"1000\" srcset=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/6_-_Turn_on_Adaptive_Protection_v1.max-1000x1000-1.png 519w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2025\/06\/6_-_Turn_on_Adaptive_Protection_v1.max-1000x1000-1-6x12.png 6w\" sizes=\"auto, (max-width: 519px) 100vw, 519px\" \/><\/a><figcaption id=\"caption-attachment-22890\" class=\"wp-caption-text\">Creating an HTTPS load balancer and selecting a certificate to serve your traffic using modern encryption.<\/figcaption><\/figure>\n<p><span style=\"font-weight: 400;\">Here is a step-by-step guide on how you can protect your service using the Google Cloud console interface:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Start with a Google Cloud project.<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">If your content is already hosted on Google Cloud, you can reuse the same project.<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">You'll need to enable APIs for:<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\">Cloud Load Balancer<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\">Cloud CDN<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\">Cloud Armor<\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Create a simple proxy to find your content, called a network endpoint group. You have some fields to fill out.<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Give it a name.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">You can choose to point to a fully qualified domain name or an IP address under 'New network endpoint'.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Use your website's IP and port here (rather than the example below of 8.8.8.8). This step tells the load balancer where to fetch content from when requests come in.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Click Create.<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Next we'll create a new Load Balancer (Global Front End) using the following choices (all are default options, so you can click Next four times):<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\">Application load balancer<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\">Public facing (external)<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\">Best for global workloads<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\">Global external Application Load Balancer<\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Give the load balancer a name.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Specify where the traffic will go.<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Give the frontend a name, and choose Create IP Address (no more expensive than Ephemeral, and allows you to point traffic at it consistently)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Use that IP for your Frontend Load Balancer setup, which will look similar to slide (2).\u00a0<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Next add the Backend service<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Click Create a Backend Service.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Give it a name.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Choose backend type: Internet network endpoint group. This container holds the info that the Load Balancer uses to connect to a location somewhere on the internet.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Under 'New Backend' click to see a list of network endpoint groups, and the one we made above should show up. Pick that.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Make sure that Enable Cloud CDN is checked (it should be) because we need that later.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Cache mode defaults are fine. Cache static content means Cloud CDN will cache static content (such as Images and PDFs) if no explicit cache-control header is given, and will otherwise respect cache-control headers.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">You can leave Security settings at their defaults and come back to modify Cloud Armor rules later in that UI.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">For the Cloud Armor edge security policy, you can add rules that will take effect before traffic gets to Cloud CDN in case you need to protect your backends from specific sources (such as known attackers, specific geographic regions, and high volume.) You can also add these rules later in the Cloud Armor UI.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Click Create to finish adding the backend service to the load balancer.<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click Create at the bottom of the page to set up your new Load Balancer.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Repeat steps 4 to 7 for HTTPS, using the same static IP as your HTTP load balancer.<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Select Google-Managed certificates, or upload your own certificates. If you use Google-Managed certificates, follow the instructions to create a CNAME record to provision the certificate.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">You can use a second security policy, or select the same security policy you created for your HTTP load balancer to simplify your defense configuration.<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Now that has been configured, you can point your traffic to your new load balancer. Remember to change your DNS settings for your domain to point to the new static IP you created above.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">[Optional] If you want ML-based protections for your backend, you can do it with a few more clicks:<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Enroll in the Paygo Cloud Armor Service Tier (or subscribe for yearly savings with Annual).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Go to your Cloud Armor policies.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Click into your policy.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Click Edit.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Under Adaptive Protection click the Enable box.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Click Update.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Click Add rule.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Select Advanced Mode and enter evaluateAdaptiveProtectionAutoDeploy()<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Enter 0 for priority (or any other low number to use the rule at high priority.)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Click Add.<\/span> <span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Now Google Cloud can adapt to attack patterns and take care of the cat-and-mouse game for you, using what we learn about attack patterns and normal traffic.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Toi_uu_hoa_lop_luu_tru_dem_cua_ban\"><\/span><b>Optimizing your caching layer<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Cloud CDN provides caching, giving your backend a break by allowing traffic to resolve at the Google edge (which will also bring lower latency.) That helps defend against broad, shallow DDoS attacks, and you can activate it very easily on your load balancers.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The cache-control headers that your backend serves will guide our cache, though we can also allow for default caching of static resources such as images even in the absence of headers. Using a short Time-To-Live (TTL) can provide a big benefit in mitigating floods of requests, while still preserving freshness. Even starting with \u201done second\u201d as your TTL will help avoid backend overload.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Bat_dau_ngay_hom_nay\"><\/span><b>Get started today<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">To try this out today, pick a backend that would benefit for increased accessibility and reliability, and give it some Load Balancer and CDN love, then watch the happiness go up. Protection-as-a-service, with less headache and more time to focus on the joy.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Read more about key topics at:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/cloud.google.com\/load-balancing\/docs\/negs\/internet-neg-concepts\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Internet network endpoint groups overview | Load Balancing | Google Cloud<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/cloud.google.com\/load-balancing\/docs\/https\/setup-global-ext-https-external-backend\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Set up a global external Application Load Balancer with an external backend<\/span><\/a><\/li>\n<\/ul>\n\n\t\t<\/div>\n\t<\/div>\n<div class=\"templatera_shortcode\"><div class=\"vc_row wpb_row vc_row-fluid\"><div class=\"wpb_column vc_column_container vc_col-sm-12\"><div class=\"vc_column-inner\"><div class=\"wpb_wrapper\"><div class=\"vc_message_box vc_message_box-standard vc_message_box-rounded vc_color-blue\" ><div class=\"vc_message_box-icon\"><i class=\"vc-mono vc-mono-technorati\"><\/i><\/div><p><a href=\"https:\/\/gcloudvn.com\/en\/main-logo-1\/\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-664\" src=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2021\/06\/main-logo-1.png\" alt=\"\" width=\"221\" height=\"72\" srcset=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2021\/06\/main-logo-1.png 214w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2021\/06\/main-logo-1-18x6.png 18w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2021\/06\/main-logo-1-183x60.png 183w\" sizes=\"auto, (max-width: 221px) 100vw, 221px\" \/><\/a>As a senior partner of Google in Vietnam, Gimasys has more than 10+ years of experience, consulting on implementing digital transformation for 2000+ domestic corporations. Some typical customers Jetstar, Dien Quan Media, Heineken, Jollibee, Vietnam Airline, HSC, SSI...<\/p>\n<p>Gimasys is currently a strategic partner of many major technology companies in the world such as Salesforce, Oracle Netsuite, Tableau, Mulesoft.<\/p>\n<p>Contact Gimasys - Google Cloud Premier Partner for advice on strategic solutions suitable to the specific needs of your business:<\/p>\n<ul>\n<li>Email: gcp@gimasys.com<\/li>\n<li>Hotline: 0974 417 099<\/li>\n<\/ul>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div>\n<\/section>","protected":false},"excerpt":{"rendered":"Google Cloud li\u00ean t\u1ee5c \u0111\u1ed5i m\u1edbi v\u00e0 \u0111\u1ea7u t\u01b0 \u0111\u00e1ng k\u1ec3 v\u00e0o kh\u1ea3 n\u0103ng ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng nh\u01b0 t\u1ea5n c\u00f4ng t\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5 ph\u00e2n t\u00e1n nh\u1eb1m \u0111\u00e1nh s\u1eadp c\u00e1c trang web, \u1ee9ng d\u1ee5ng v\u00e0 d\u1ecbch&hellip;","protected":false},"author":2,"featured_media":22889,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1,135],"tags":[],"class_list":["post-22946","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kienthuc","category-google-cloud-platform","entry","has-media"],"_links":{"self":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts\/22946","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/comments?post=22946"}],"version-history":[{"count":0,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts\/22946\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/media\/22889"}],"wp:attachment":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/media?parent=22946"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/categories?post=22946"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/tags?post=22946"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}