Recently, my Google App Engine (GAE) platform started returning 403 Forbidden errors to all incoming requests even if the IP is allowed access. After investigating, I discovered that I had 1002 active firewall rules in place. Interestingly, as soon as I manually deleted some rules and the count dropped below 1000 rules, the platform resumed normal operation, and the 403 errors disappeared.
The problem raises two major concerns:
-
Why did GAE give blanket 403 errors for all incoming requests (even from IPs not blocked by the firewall) after the firewall rule count exceeded 1000?
-
Why did the API allow the rule count to exceed 1000, when in the past it consistently rejected any attempts to go beyond this limit with the following error message:
{‘error’: {‘code’: 400, ‘message’: ‘Cannot add rule. Total rule count may not exceed 1000 rules’, ‘status’: ‘INVALID_ARGUMENT’}}
Additional Details:
Platform: Google App Engine Standard Environment
Firewall Rules: Mixture of IP blocks, both specific IPs and CIDR ranges (subnets)
Is there an internal limit or behavior in GAE that causes a platform-wide 403 error if the number of firewall rules exceeds 1000?
This seems to be an edge case or a potential bug but is very concerning as all of my end users were unable to use the platform which reduces their trust on the application. Any insights or documentation around this behavior would be greatly appreciated.
You need to sign in to view this answers
Leave feedback about this