I've an application deployed on a Google compute engine, which is being load balanced using Google's HTTPS Load Balancer. And according to this article ,
With global HTTP(S) load balancing, the first Google Cloud Platform (GCP) service to support Cloud Armor, you get built-in defense against infrastructure DDoS attacks. No additional configuration, other than to configure load balancing, is required.
So I've tried to do a simple DOS attack on my application using Jmeter. I've configured Jmeter with following configuraiton
- Total number of threads : 1500
- Rampup time : 10 sec
- Loop count : forever
I've ran this above configuration for around 5 min, after some time, I was able to see from the response that Load balancer is returning 502
. But the server was down & I can't even able to access my application from machine's other than where I've setup Jmeter. So if google's security is in place I should be able to see the page from other machine. and the machine from where I've done the DOS attach, that machine should've been block listed.
I might be wrong , but there is no documentation available on google cloud to verify the behavior of Load balancer's DDOS security using cloud Armor.
So if anyone can help me, that will be great.