I use Google Cloud Platform to serve the site I manage.
I have one load balancer there, which controls the movement to several virtual machines.
When I came across the problem of DDOS attacks on this site, I started using Google Armor to block the intruders’ IP addresses, but over time, when the problem escalated, my team decided to use the Cloudflare service and now all domain traffic from the Internet to service is lead by Cloudflare as a middleman.
However, further DDOS incidents show that the attack is carried out in two ways: using the domain (or domain IP referring to Cloudflare), but also directly on the load balancer’s IP from Google Claud.
The attackers could have known this load balancer’s IP, before joining Cloudflare, because that IP has not changed.
I would like all traffic to be directed by Cloudflare and, if possible, that nobody from the outside knows the load balancer’s IP or virtual servers located in the Google Cloud.
I have two questions:
If I change the load balancer’s IP address now, can someone from the outside (attacker) get to this IP in some way?
I could use Google Armor (or another firewall) to allow Google Claud to accept traffic only from Cloudflare, but is there such a permanent (immutable) list of IP addresses that are only used by Cloudflare to communicate with my site (or all sites) to which I could restrict traffic?
Maybe someone else has some other ideas as to the situation in which he found the website that I manage, which he would like to share. I am happy to hear them.