What Is Access Control?
Access control allows you to add a whitelist or blacklist to specify IP addresses that are allowed or denied to access a listener.
Network ACL rules configured for the frontend subnet of a load balancer do not restrict traffic from clients to the load balancer. Use access control to limit which IP addresses can access the load balancer.
Whitelist and Blacklist
- Once the whitelist is set, only the IP addresses or CIDR blocks specified in the IP address group can access the listener.
Access control policies only take effect for new connections, but not for connections that have been established. If a whitelist is configured for a listener but IP addresses that are not in the whitelist can access the backend server associated with the listener, one possible reason is that a persistent connection is established between the client and the backend server. To deny IP addresses that are not in the whitelist from accessing the listener, the persistent connection between the client and the backend server needs to be disconnected.
- Once the blacklist is set, the IP addresses or CIDR blocks specified in the blacklist cannot access the listener.
- Access control does not restrict the ping command. You can still ping a load balancer from restricted IP addresses.
- Whitelists and blacklists do not conflict with inbound security group rules. Access control defines the IP addresses or CIDR blocks that are allowed or denied to access listeners, while inbound security group rules control access to backend servers. Requests first match the access control policy then the security group rules before they finally reach backend servers.
Configuring Access Control
- Go to the load balancer list page.
- On the displayed page, locate the load balancer and click its name.
- Configure access control for a listener in either of the following ways:
- On the Listeners page, locate the listener and click Configure in the Access Control column.
- Click the name of the target listener. On the Summary page, click Configure on the right of Access Control.
- In the displayed Configure Access Control dialog box, configure parameters as described in Table 1.
Table 1 Parameter description Parameter
Description
Access Control
Specifies how access to the listener is controlled. Three options are available:
- All IP addresses: All IP addresses can access the listener.
- Whitelist: Only IP addresses in the IP address group can access the listener.
- Blacklist: IP addresses in the IP address group are not allowed to access the listener.
IP Address Group
Specifies the IP address group associated with a whitelist or blacklist. If there is no IP address group, create one first. For more information, see What Is an IP Address Group?
Access Control
If you have set Access Control to Whitelist or Blacklist, you can enable or disable access control.
- Only after you enable access control, the whitelist or blacklist takes effect.
- If you disable access control, the whitelist or blacklist does not take effect.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot