-
Setup Project ID
export PROJECT_ID=$(gcloud config get-value project) echo $PROJECT_ID gcloud config set project $PROJECT_ID
-
Enable API
gcloud services enable compute.googleapis.com gcloud services enable logging.googleapis.com gcloud services enable monitoring.googleapis.com gcloud services enable recaptchaenterprise.googleapis.com
-
Buat firewall http dan ssh
gcloud compute --project=qwiklabs-gcp-01-957336381b05 firewall-rules create default-allow-health-check --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=tcp:80 --source-ranges=130.211.0.0/22,35.191.0.0/16 --target-tags=allow-health-check
gcloud compute firewall-rules create allow-ssh --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=tcp:22 --source-ranges=0.0.0.0/0 --target-tags=allow-health-check
-
Buat instance template
gcloud compute instance-templates create lb-backend-template --project=qwiklabs-gcp-01-957336381b05 --machine-type=n1-standard-1 --network-interface=network-tier=PREMIUM,subnet=default --metadata=startup-script=\#\!\ /bin/bash$'\n'sudo\ apt-get\ update$'\n'sudo\ apt-get\ install\ apache2\ -y$'\n'sudo\ a2ensite\ default-ssl$'\n'sudo\ a2enmod\ ssl$'\n'sudo\ su$'\n'vm_hostname=\"\$\(curl\ -H\ \"Metadata-Flavor:Google\"\ \\$'\n'http://metadata.google.internal/computeMetadata/v1/instance/name\)\"$'\n'echo\ \"Page\ served\ from:\ \$vm_hostname\"\ \|\ \\$'\n'tee\ /var/www/html/index.html,enable-oslogin=true --maintenance-policy=MIGRATE --provisioning-model=STANDARD --service-account=177619573536-compute@developer.gserviceaccount.com --scopes=https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring.write,https://www.googleapis.com/auth/servicecontrol,https://www.googleapis.com/auth/service.management.readonly,https://www.googleapis.com/auth/trace.append --region=us-east1 --tags=allow-health-check --create-disk=auto-delete=yes,boot=yes,device-name=lb-backend-template,image=projects/debian-cloud/global/images/debian-11-bullseye-v20230509,mode=rw,size=10,type=pd-balanced --no-shielded-secure-boot --shielded-vtpm --shielded-integrity-monitoring --reservation-affinity=any -
Buat instance group
gcloud beta compute instance-groups managed create lb-backend-example --project=qwiklabs-gcp-01-957336381b05 --base-instance-name=lb-backend-example --size=1 --template=lb-backend-template --zone=us-east1-c --list-managed-instances-results=PAGELESS --no-force-update-on-repair
gcloud beta compute instance-groups managed set-autoscaling lb-backend-example --project=qwiklabs-gcp-01-957336381b05 --zone=us-east1-c --cool-down-period=60 --max-num-replicas=1 --min-num-replicas=1 --mode=off --target-cpu-utilization=0.6
-
Tambah port di gruop
gcloud compute instance-groups set-named-ports lb-backend-example \ --named-ports http:80 \ --zone us-east1-c
-
Buat reCAPTCHA session token dan enable WAF
gcloud recaptcha keys create --display-name=test-key-name \ --web --allow-all-domains --integration-type=score --testing-score=0.5 \ --waf-feature=session-token --waf-service=ca
-
Buat reCAPTCHA challenge-page site key dan enable WAF
gcloud recaptcha keys create --display-name=challenge-page-key \ --web --allow-all-domains --integration-type=INVISIBLE \ --waf-feature=challenge-page --waf-service=ca
-
Implement reCAPTCHA di websitenya
-
Pindah direktori
cd /var/www/html/ sudo su -
Edit
index.htmlecho '<!doctype html><html><head><title>ReCAPTCHA Session Token</title><script src="https://www.google.com/recaptcha/enterprise.js?render=6Le5tEQmAAAAAA8FPmG-x1vjB0-7676XL5AUMh6P&waf=session" async defer></script></head><body><h1>Main Page</h1><p><a href="/good-score.html">Visit allowed link</a></p><p><a href="/bad-score.html">Visit blocked link</a></p><p><a href="/median-score.html">Visit redirect link</a></p></body></html>' > index.html
-
Buat halaman
good-score.htmlecho '<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"></head><body><h1>Congrats! You have a good score!!</h1></body></html>' > good-score.html
-
Buat halaman
bad-score.htmlecho '<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"></head><body><h1>Sorry, You have a bad score!</h1></body></html>' > bad-score.html
-
Buat halaman
median-score.htmlecho '<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"></head><body><h1>You have a median score that we need a second verification.</h1></body></html>' > median-score.html
-
-
Buat security policy
gcloud compute security-policies create recaptcha-policy \ --description "policy for bot management" -
Buat reCAPTCHA
gcloud compute security-policies update recaptcha-policy \ --recaptcha-redirect-site-key "6Le5tEQmAAAAAA8FPmG-x1vjB0-7676XL5AUMh6P" -
Tambah bot management di good-score.html
gcloud compute security-policies rules create 2000 \ --security-policy recaptcha-policy\ --expression "request.path.matches('good-score.html') && token.recaptcha_session.score > 0.4"\ --action allow -
Tambah bot management di bad-score.html
gcloud compute security-policies rules create 3000 \ --security-policy recaptcha-policy\ --expression "request.path.matches('bad-score.html') && token.recaptcha_session.score < 0.6"\ --action "deny-403"
-
Tambah bot management di median-score.html
gcloud compute security-policies rules create 1000 \ --security-policy recaptcha-policy\ --expression "request.path.matches('median-score.html') && token.recaptcha_session.score == 0.5"\ --action redirect \ --redirect-type google-recaptcha -
Tambah security di backend
gcloud compute backend-services update http-backend \ --security-policy recaptcha-policy --global