Google Cloud has provided a Web Application Firewall (WAF) rule configuration that can help mitigate the Apache Log4j vulnerability in CVE-2021-44228. For more information, including additional configuration examples, see the GCP documentation.
References:
https://cloud.google.com/blog/products/identity-security/recommendations-for-apache-log4j2-vulnerability
In GCP Console -
In Terraform -
References:
https://registry.terraform.io/providers/hashicorp/google/4.50.0/docs/resources/compute_security_policy#expr
https://cloud.google.com/load-balancing/docs/ssl-policies-concepts