Is there a way in google cloud to block attempt to access specific urls

Question

I have a VM instance that receives a lot of spam/bot traffic attempting to hack the instance such as New Request to /blog/wp-includes/wlwmanifest.xml. Although none of these are successful it adds strain to the instance.

Is it possible to block specific endpoint attempts on a google cloud network?

So far I can only find a way to block specific Ip addresses using the firewall.

I'm looking for something similar to the answer here: https://community.cloudflare.com/t/is-there-a-way-to-prevent-wp-path-probing/204761

Answer 1

Google Cloud Firewall works on the Level 3 OSI model, HTTP/HTTPS works on the Level 7 OSI model. As a result, you won't be able to use Google Cloud Firewall in this case.

As a solution you can use Web Application Firewall (WAF) which works on the Level 7 OSI model. Google Cloud Platform provides WAF as a service: Google Cloud Armor.

Please have a look at the documentation About Google Cloud Armor security policies:

by using the Google Cloud Armor custom rules language reference, you can create custom conditions that match on various attributes of the incoming traffic, such as the URL path, request method, or request header values.

and at the section Allow or deny traffic for a request URI that matches a regular expression:

The following expression matches with requests that contain the string bad_path in the URI:

request.path.matches('/bad_path/')