Consider blocking some invalid requests at the edge #275
Labels
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
priority/backlog
Higher priority than priority/awaiting-more-evidence.
I bet it costs less to apply security policies in app armor than to serve through to the registry, and we get a crapload of invalid requests to endpoints like /v2/_catalog that we could probably 404 at the load balancer before it even hits cloud run?
We should double check the feasibility and pricing of blocking some of these common bad requests at the LB (spot checking I think this checks out).
This would be implemented in the terraform in k8s.io, but tracking here.
As the cloud run is only around 2k/month right now so no rush, just an idea for the back burner.
/priority backlog
/lifecycle frozen
The text was updated successfully, but these errors were encountered: