Are you currently experiencing an attack?

Are you currently experiencing an attack?

Configuring Reblaze After Deployment on GCP

This document describes how to set up and configure the Reblaze platform, once you have deployed it via Google Cloud Launcher or some other method. If you have not yet done this, the Cloud Launcher deployment process is described here:

The post-deployment configuration process consists of four steps:

  1. Creating a login account.
  2. Setting initial parameters within Reblaze.
  3. Setting up a load balancer.
  4. Setting firewall rule
  5. Routing your traffic into the load balancer.

Step 1: Creating a login account

To begin configuration, the following screen should be visible:

Enter the requested information, then select “Complete Deployment.” This will create your account, along with some other GCP components (such as a BigQuery dataset, and the Cloud Storage to facilitate the Machine Learning infrastructure).

You will then be taken to the Reblaze management console, where you will configure the platform itself.

Step 2: Setting initial parameters within Reblaze

You should now be seeing the Reblaze dashboard:

Within the Reblaze interface, you will be doing three tasks:

  1. Specify the web assets you want to protect with Reblaze.
  2. (Optional, but recommended): Set Reblaze in report-only mode. Doing so means that Reblaze will not block any traffic; it will merely report on what it would have blocked. This is useful during a new deployment, since you can fine-tune and optimize your settings while avoiding false positives.
  3. Publish your changes.

Task 1: Specify the web assets

In the Reblaze interface, select “Web Proxy” under the “Settings” category in the left sidebar. The following screen will appear, set already to the “General Settings” tab:

For new deployments, most of the settings can be left at their defaults. On this page, you will need to fill out two lists (Upstream Servers and Domain Names), and select the Active Protocols setting.

Upstream Servers: This list is where you define the servers that Reblaze will protect. In other words, these are the servers to which Reblaze will send the (scrubbed) web traffic it receives.

This list provides robust capabilities for managing your traffic. You can enable and configure load balancing, which will weight and distribute traffic across your primary servers. You can define backup servers, to which Reblaze will failover your traffic when your primary servers aren’t available. You can take servers offline for maintenance by ticking a single box in the interface. You can even tell Reblaze to keep individual users connected to the same server throughout their sessions.

Adding and deleting servers from this list is straightforward. To add a server, enter its IP in the “New Server” box and click Add, then fill out the rest of the information in the new entry. To delete an existing entry, click on the Delete link next to that entry.

Here are explanations for each field in this list.

Host is the IP/FQDN for each server that Reblaze protects. This can be a normal web server, or it can be a load-balancing server. Note that Reblaze also provides load-balancing capabilities in its own right, as seen in the next field.

Weight is the relative weight of each server for load balancing purposes. Reblaze distributes traffic with a round-robin sequence, according to these weights.

For example, let’s say there are two servers in the list, with the weight of each servers set to one. Therefore, these servers will receive equal amounts of traffic. Suppose instead that the first server was set to three, while the second was set to one. This would mean that the first server would receive three visitors for every visitor sent to the second server.

A note on load balancing: Please note that the load balancing parameters shown here are separate from the load balancer that you will set up in Step 3. The load balancing within Reblaze (which is defined here) is done to distribute scrubbed traffic across the servers within your network. The load balancing outside of Reblaze (which is defined in Step 3) will dynamically create new instances of Reblaze as needed, in response to spikes of incoming traffic which has not yet been scrubbed.

Max Fails is the maximum number of failed communication attempts that are allowed for this server. Once this number of failures occurs, Reblaze will consider the server to be inactive. If other servers are available, Reblaze will failover the traffic to them. If this was the only server available, Reblaze will return an error to the client (either 504 Timeout, or 502 Bad Gateway).

Fail Timeout: When a server fails, this is the length of time that Reblaze will wait before trying to send traffic to it again. In the example, the timeout is ten seconds.

Is Down: When this box is checked, Reblaze will not attempt to communicate with this server. This allows you to easily take a server offline for temporary maintenance or some other purpose.

Is Backup: when this box is checked, Reblaze will treat this server as a backup. In other words, Reblaze will not attempt to communicate with it unless all the primary servers (i.e., those for which this box is not checked) are unavailable.

HTTP Port and HTTPS Port are self-explanatory.

As for Domain Names, this is the list of domains within this website that Reblaze will protect. It needs to be filled out according to the format shown.

Task 2: Set Reblaze in Report-Only Mode

As discussed above, this setting is optional (and if enabled, will only remain so for a period of testing). It is found on the Planet Overview page (which is under the “Settings” category in the left sidebar).

The red/green button displays the current state (Active, or Report-Only) for each domain. Clicking a button will toggle that domain to the other mode. After changing one or more of these settings, you must publish the changes for them to become effective.

Task 3: Publish Your Changes

Whenever you change the Reblaze platform’s configuration, you must push those changes to the cloud.

In the Reblaze interface, select “Planet Overview” under the “Settings” category in the left sidebar (as shown in the previous image).

This page provides three features: an overview of your “planet” (i.e., your entire Reblaze deployment), the ability to add a new site to your planet, and the ability to publish changes.

Select “Publish Changes” at the upper right to push your earlier edits to the cloud.

Step 3 : Setting up a load balancers

During initial deployment (i.e., the process that was completed before you began following the instructions in this document), an instance group for Reblaze was created. In this step, you will attach this group to an HTTP/S or TCP load balancing service, as a backend of the service.

This is a three-task process:

  1. Create the load balancer
  2. Create the backend service
  3. Attach the backend (i.e., the Reblaze instance group)

Task 1: Create a load balancer

In your Google cloud console, go to Network services → Load Balancing.

Creating a load balancer

Click on “Create load balancer.” Choose to “Start configuration” on the appropriate type:

  • The HTTP/S load balancer supports ports 80, 8080, and 443, and is the appropriate type for most Reblaze customers.
  • If you need non-standard ports, then you will need to use the TCP load balancer instead.
Choosing HTTP/S

Task 2: Create the backend service

Give the load balancer a name, and select “Backend configuration.”

Creating a load balancer backend service

If you wish to use an existing backend service, select it here. Otherwise, create a new one.

Typical Backend Service Example

We recommend creating a health check to ensure that instances are added when appropriate.

Task 3: Create the backend

As shown above, while creating the backend service, a new backend will also be created. This backend is how you attach the Reblaze instance group (created previously) to the backend service.

It is beyond the scope of this document to describe all the possible settings here, but they should be fairly straightforward. More information about Google’s load balancing can be found at If you have any questions, feel free to contact us at

When you are finished with the backend setup, choose “Frontend configuration” to change the IP address from “Ephemeral” to the one associated with the backend. You’ll need this IP in the next step.

Task 4: Create HTTPS load balancer

In case a HTTPS ( port 443 ) is required, replete steps 1–3 but make sure to choose the HTTPS protocol at the backend service and the referring port at the backend instance group .

Step 4: Setting Firewall rules

In order for traffic to flow from the load balancer on to the instances, we would need to create a firewall rule that allow such traffic. Reblaze deployment attach the reblaze-compute tag to the instances. we will use this tag for the firewall rule . create a new rule from GCP console and fill in the details. we will use Priority 1000, change it if needed. please also make sure to choose the network you run the deployment on . as you can see we allow traffic from specific subnets in according to google docs130.211.0.0/22 and

Step 5: Routing your traffic into the load balancer

At this point, your deployment and setup are complete. The last remaining step is to route your traffic into the load balancer, which will send it to your Reblaze instance(s), which will scrub the traffic and forward it on to your servers.

To do this, just set your DNS record to the IP address you obtained in the last part of Step 3 above. Once your changes propagate, your deployment will be live.

Back in Step 2, Task 2 you had the option of setting Reblaze into report-only mode. Assuming you did this, then Reblaze is not yet filtering your traffic; it is merely reporting on what it would have filtered, had it been set up in active mode. This gives you an opportunity to fine-tune Reblaze’s configuration, before any of your traffic is actually affected.

Going Forward: Customizing Reblaze

As you might notice from looking through the interface, the Reblaze web security platform is both powerful and highly customizable, with the ability to be fine-tuned for your specific needs.

However, it is beyond the scope of this document to describe this customization process. Furthermore, a full and correct customization is often rather daunting for new users.

We at Reblaze Technologies want you to have the best experience possible with the platform, so that you will enjoy the full benefits of comprehensive, intelligent, and effortless web security.

Therefore, please feel free to contact support at, for further one-on-one assistance in setting up your deployment. We’re available 24 hours per day to assist you.

Get your price quote

Fill out your email below, and we will send you a price quote tailored to your needs

This website uses cookies to ensure you get the best experience on our website.