问题
What is the best way to stop an attacker from triggering a Cloud Function repeatedly, causing a huge bill or causing the project to run into quota limits?
Some ideas:
- Use RTDB or Cloud Storage triggers as much as possible, since writes to those are protected by those products' security rules
- Put functions behind a service like Cloudflare
- Set up billing alerts, so a notification is sent if the monthly bill is unusually large
回答1:
Check my answer here.
Short breakdown of items from my answer :
- Limit the type of requests
- Authenticate if you can
- Check for origin
- Use a load balancer in between
- Use something like Cloudflare Page Rules
Hope it helps :)
来源:https://stackoverflow.com/questions/46333886/preventing-abuse-cloud-functions-for-firebase