GCP - N8N on CloudRun with LB - WAF rules

rgrzesk · August 29, 2025, 11:26am

I am just setting up n8n on Cloud Run with Cloud SQL, exposed via HTTPS LB.

One open point is WAF (Cloud Armor).

Any suggestions from your experience on:

Extra WAF rules worth adding for n8n?
- thinking about rate limiting to prevent brute forcing
- some API endpoint protections
- core web vulnerabilities (SQL Injection, XSS, etc.)
- Vulnerability Scanner Blocking
Other gotchas or best practices when exposing n8n publicly?

Thanks in advance!

Zelite · August 29, 2025, 11:36am

Welcome to the n8n community @rgrzesk

Follow these steps to ensure your n8n setup is secure and protected against common web vulnerabilities.

Hope this helps

Topic		Replies	Views
N8n Cloud Security: Protection Against DDoS, Unauthorized Access & Webhook Abuse Questions	2	222	February 26, 2026
🔐 How I Secured My n8n Instance with Cloudflare Zero Trust (No Open Ports, No Public IP) further edits to come Tips & Tricks	8	4965	September 5, 2025
N8n - workflows getting unpublished / returning 404 randomly Questions	12	1236	September 5, 2021
Run n8n on stateless containers Questions deployment	22	4013	October 3, 2021
N8n Cloud access to internal API endpoints Questions core	3	407	October 14, 2024