Access Control

Access control allows you to add a whitelist or blacklist to specify IP addresses that are allowed or denied to access a listener. A whitelist allows specified IP addresses to access the listener, while a blacklist denies access from specified IP addresses.

Important

  • Adding the whitelist or blacklist may cause risks. Once a whitelist is added, only IP addresses in the whitelist can access the listener. After a blacklist is added, IP addresses in the blacklist cannot access the listener.

  • Whitelists and blacklists do not conflict with inbound security group rules. Whitelists define the IP addresses that are allowed to access the listeners, while blacklists specify IP addresses that are denied to access the listeners. Inbound security group rules control access to backend servers by specifying the protocol, ports, and IP addresses.

  • Access control does not restrict the ping command. You can still ping backend servers from the restricted IP addresses.

    • To ping the IP address of a shared load balancer, you need to add a listener and associate a backend server to it.

    • To ping the IP address of a dedicated load balancer, you only need to add a listener to it.

  • Access control policies only take effect for new connections, but not for connections that have been established. If a whitelist is configured for a listener but IP addresses that are not in the whitelist can access the backend server associated with the listener, one possible reason is that a persistent connection is established between the client and the backend server. To deny IP addresses that are not in the whitelist from accessing the listener, the persistent connection between the client and the backend server needs to be disconnected.

Configuring Access Control

  1. Log in to the management console.

  2. In the upper left corner of the page, click image1 and select the desired region and project.

  3. Hover on image2 in the upper left corner to display Service List and choose Network > Elastic Load Balancing.

  1. Locate the load balancer and click its name.

  2. Click Listeners and locate the listener. On the Basic Information page of the listener, click Configure on the right of Access Control. In the displayed dialog box, configure access control.

    Table 1 Parameter description

    Parameter

    Description

    Example Value

    Access Policy

    Specifies how access to the listener is controlled. Three options are available:

    • All IP addresses: All IP addresses can access the listener.

    • Whitelist: Only IP addresses in the IP address group can access the listener.

    • Blacklist: IP addresses in the IP address group are not allowed to access the listener.

    Blacklist

    IP Address Group

    Specifies the IP address group associated with a whitelist or blacklist. If there is no IP address group, create one first. For more information, see IP Address Group Overview.

    ipGroup-b2

    Access Control

    If you have set Access Policy to Whitelist or Blacklist, you can enable or disable access control.

    • Only after you enable access control, the whitelist or blacklist takes effect.

    • If you disable access control, the whitelist or blacklist does not take effect.

    N/A

  3. Click OK.

last updated: 2024-05-02 01:51