Access Control

Access control allows you to add a whitelist or blacklist to specify IP addresses that are allowed or denied to access a listener. A whitelist allows specified IP addresses to access the listener, while a blacklist denies access from specified IP addresses.

Adding the whitelist or blacklist may cause risks. Once a whitelist is added, only IP addresses in the whitelist can access the listener. After a blacklist is added, IP addresses in the blacklist cannot access the listener.
Whitelists and blacklists do not conflict with inbound security group rules. Whitelists define the IP addresses that are allowed to access the listeners, while blacklists specify IP addresses that are denied to access the listeners. Inbound security group rules control access to backend servers by specifying the protocol, ports, and IP addresses.
Access control does not restrict the ping command. You can still ping backend servers from the restricted IP addresses.
- To ping the IP address of a shared load balancer, you need to add a listener and associate a backend server to it.
- To ping the IP address of a dedicated load balancer, you only need to add a listener to it.
Access control policies only take effect for new connections, but not for connections that have been established. If a whitelist is configured for a listener but IP addresses that are not in the whitelist can access the backend server associated with the listener, one possible reason is that a persistent connection is established between the client and the backend server. To deny IP addresses that are not in the whitelist from accessing the listener, the persistent connection between the client and the backend server needs to be disconnected.

Configuring Access Control

Log in to the management console.
In the upper left corner of the page, click and select the desired region and project.
Hover on in the upper left corner to display Service List and choose Networking > Elastic Load Balance.

Locate the load balancer and click its name.
You can configure access control for a listener in either of the following ways:
- On the Listeners page, locate the listener and click Configure in the Access Control column.
- Click the name of the target listener. On the Basic Information page, click Configure on the right of Access Control.

In the displayed Configure Access Control dialog box, configure parameters as shown in Table 1.

**Table 1** Parameter description
Parameter	Description	Example Value
Access Control	Specifies how access to the listener is controlled. Three options are available: All IP addresses: All IP addresses can access the listener. Whitelist: Only IP addresses in the IP address group can access the listener. Blacklist: IP addresses in the IP address group are not allowed to access the listener.	Blacklist
IP Address Group	Specifies the IP address group associated with a whitelist or blacklist. If there is no IP address group, create one first. For more information, see IP Address Group Overview.	ipGroup-b2
Access Control	If you have set Access Control to Whitelist or Blacklist, you can enable or disable access control. Only after you enable access control, the whitelist or blacklist takes effect. If you disable access control, the whitelist or blacklist does not take effect.	N/A

Click OK.

Parent topic: Listener

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot