Access Control

Access control allows you to add a whitelist to specify IP addresses that can access a listener.

You can add whitelists only to listeners. Adding whitelists may cause service risks. Once a whitelist is added, only IP addresses in the whitelist can access the listener.
If access control is enabled but no whitelist is added, the listener cannot be accessed.
Access control does not conflict with inbound security group rules. Whitelists define the IP addresses or CIDR blocks from which the load balancer receives traffic, whereas inbound security group rules specify the protocol, ports, and IP addresses that allow traffic to backend servers.

Add a Whitelist

Log in to the management console.
In the upper left corner of the page, click and select the desired region and project.
Click Service List. Under Network, click Elastic Load Balance.

Locate the target load balancer and click its name.

Click Listeners, locate the target listener, and click its name. In the Basic Information area, click Configure beside Access Control.

**Table 1** Parameter description
Parameter	Description	Example Value
Access Control	Enabled If access control is enabled and no whitelist is set, no IP address can access the listener. If access control function is enabled and a whitelist is set, only IP addresses in the whitelist can access the listener. Disabled If access control is disabled, the listener can be accessed from any IP address.	N/A
Whitelist	Lists the IP addresses or CIDR blocks that can access the listener. NOTE: A maximum of 300 IP addresses or CIDR blocks are supported. A comma (,) is used to separate every two entries. The whitelist does not support IPv6 addresses.	10.168.2.24,10.168.16.0/24