A critical step in securing a web app is to block injection attacks, like SQL injection (SQLi), from modifying or accessing the app’s SQL database. In this hands-on lab, you’ll use the Cloud Armor and Cloud Load Balancing services to block SQLi attacks against a vulnerable web app.
Successfully complete this lab by achieving the following learning objectives:
- Configure Cloud Load Balancing HTTP(S) Settings
- Use the Cloud Load Balancing service to create an internet-facing and global (non-classic) HTTP(S) load balancer.
- Name the load balancer lb.
- Create a frontend service named frontend.
- Create a backend service named backend.
- Configure the backends of the new backend service to use the recently created instance group.
- Create a health check named hc, and set the check interval to 25 seconds and the timeout to 20 seconds.
- Create a Cloud Armor Policy to Block SQLi
- Create a Cloud Armor security policy named cap with a default rule action of Allow.
- Create a rule named SQLi that uses the preconfigured expression for sqli-v33-stable, and set its priority to 1.
- Set the target to the recently created backend load balancer.
- Enable Container Registry
Enable the Container Registry service using the GCP console.
- Docker Pull, Tag, and Push the Container Image Using Cloud Shell
Use the Cloud Shell to perform the following actions:
- Pull the DVWA Docker image.
- Tag the DVWA Docker image.
- Push the DVWA Docker image.
- Create an Instance Group
- Create an instance group using the GCP console.
- Create a new instance template based on the container pushed to the Container Registry.