2

Google App-Engine supports version-specific routing of requests as documented here. This is useful for example for testing a new version prior to deploying it. However, this may also be problematic. Say the new version includes security enhancements - there should be a way to prevent access to previous versions without deleting them completely (in order to allow for quick roll-back for instance). Could not find a way to disable previous versions. Is there a way to accomplish that ? Thanks.

ACEGL
  • 149
  • 9

1 Answers1

6

There is no way to disable default/soft/targeted routing on the appspot.com domain.

But you could analyze the request's url structure and specifically reject requests with such undesired urls.

Or, if you're using a custom domain, reject all appspot.com requests (see Disable default domain https://[project-id].appspot.com of Node JS on Google App Engine) and only leave the custom domain operational. Then the domain will be served following the service's traffic migration/splitting configuration which you'd manipulate in your deployments/rollback actions (you cannot route to a specific service version in the dispatch.yaml file)

Update: indeed, as comments mentioned, blindly rejecting all appspot.com requests isn't a good idea. Since URLs would need to be parsed to select the undesired ones it may be worthy to take the opportunity to redirect to canonical custom domain counterparts instead of just rejecting the requests.

Dan Cornilescu
  • 39,470
  • 12
  • 57
  • 97
  • 2
    Task queues and cron jobs use the appspot domain, so can't reject all appspot requests... It makes sense to just have an on/off flag at the versions page in the console. – ACEGL Aug 19 '19 at 20:35
  • Indeed, I forgot about that, some care is needed. – Dan Cornilescu Aug 20 '19 at 04:11
  • If my code redirects all appspot requests to the custom domain couterparts, this means effectively canceling the option to call a specific version by the -dot-.appspot.com name scheme, which takes away the ability to test out a new version prior to making it the default. Clearly, a platform level solution (a flag) is needed rather than a hack, IMHO. – ACEGL Aug 24 '19 at 14:39
  • Well, you either want to disable access to the previous versions or not ;) If you want to disable just specific versions you can do that in your URL parsing for the reject/redirect decision. – Dan Cornilescu Aug 25 '19 at 06:34