Is there any support for DNSSEC for apps hosted on Firebase? According to these 2 reports not:
https://viewdns.info/dnssec/?domain=firebaseapp.com
https://viewdns.info/dnssec/?domain=web.app
DNSSEC is a feature of DNS. Firebase Hosting doesn't provide DNS functionality. You need to check with the DNS provider of the domain you are going to use. web.app and firebaseapp.com may not be setup with DNSSEC but you shouldn't use them for a production app anyways.
Related
I just got a mail from the Firebase support that my current API key restrictions for the Firebase API key lead to malfunctions for the Firebase Installation API. Since, I have a web application and not an iOS or an Android app, I´m assuming that this is not a real issue for me at the moment.
However, this got me wondering if I enabled all necessary HTTP referrers (websites) in the Google Cloud Platform to ensure a working environment for my web application. Let´s say my domain is called www.domain.com and my Firebase project is called projectx. I currently have these two entries in the HTTP referrers for the Application restrictions:
www.domain.com/*
projectx.firebaseapp.com/*
Is there anything else I should enable? Because I saw that Firebase also enables multiple domains such as projectx.web.app by default.
It's fairly simple: you need to enable the domains that your app uses.
The two domains you have are the defaults for cases where you have a common domain:
www.yourdomain.com/* is the custom domain that you typically share out with people.
projectx.firebaseapp.com is the default domain generated by Firebase, and is typically also used in sign-in screens (although you can change this).
You may also want to add:
projectx.web.app, which is a newer default domain that Firebase creates. But this is not required, so only add it if you expect to hand it out to folks.
localhost, which is handy for local testing
Having one of application hosted on Firebase with some additional services there (Cloud Firestore, Cloud Storage for Firebase, Cloud Functions for Firebase) decided to make some security scanning. One of the tools https://sitecheck.sucuri.net/ shows me that there's no firewall for it, is it possible? It has reverse proxy & Fastly's CDN, but would be a firewall missing for apps hosted on Firebase Hosting?
Firebase hosting resources access is unfortunately not restricted by any means, check out the question below?
Can Firebase restrict access to resources?
However, There are things you can do in the regard of security:
Use Cloud functions to render dynamic resources and microservices
https://firebase.google.com/docs/hosting/functions
Use Firestore rules to secure the data access
Use Firebase authentication to make sure that only authenticated users can do certain actions
Even though, we all hope for that firewall option to be added.
Best Regards
Firebase Hosting does not have a firewall feature. If you publish content to it, that will be accessible from anywhere there is an internet connection.
I am working on a platform (www.dashboard.example.com) that has an admin site (www.admin.example.com). Each site is hosted on a different Google Firebase Hosting Project.
I want only certain people to be able to access the admin site. After some consideration, I found an IPSec VPN to be the best solution for me.
I also found that GCP offers a VPN service, but from what I can tell, it seems to only work with google compute engines.
Is there a way to attach a Google VPN to a Firebase Hosted site?
There is no way to attach a Cloud VPN to a Firebase Hosting Project.
In GCP the correct way to restrict the access to your web server/application is by using firewall rules/App Engine's firewall and Cloud VPC/VPN service.
Your approach should be to put a proxy by configuring a Google Compute Engine1 in between your gateway service and your Firebase Hosting Project.
Another approach would be to use Cloud Storage2, as a static website3. You can then create an HTTPS Load Balancer based on Backend Bucket4. With this you can benefit from the advantages of using Load Balancer and also using Cloud VPN.
If you are interested in authentication with Firebase and App Engine I suggest to check the following link 2.
I have a custom domain (travelbox.id) that connected to Firebase Hosting already. I also have an App Engine application to serve as my API. I want to host the App Engine application on api-dev.travelbox.id. I mapped the custom domain to App Engine following this docs but domain connection to Firebase Hosting stop working. If you access api-dev.travelbox.id it is connected to App Engine. But if you access travelbox.id it doesn't connected to Firebase Hosting.
Is that impossible to achieve what I want?
I had the same issue and contacted Google Cloud support, here's their answer:
App Engine doesn't need to have the A records on the root domain if
you are only serving from a subdomain. App Engine should work
properly for you with just the one CNAME on subdomain.example.com.
I found the solution myself, here you go!
On the fourth step in this docs, i didn't add A records, just add AAAA records. Suprisingly, it works! :D
I am using angular 4 angularfire 2 and firebase in an web app. I am conditionate to use firebase as a backend service and because the app has to only be used inside the office i am wondering if there is any way i can configure some firebase rules or anything to make the app not work or be shown from another ip than the office ip. Please leave any kind of way i can do it. Thanks in advance!
There is currently no way to restrict access to a site deployed to Firebase Hosting. It will always be accessible from anywhere in the world that is not blocked by some other firewall.