vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/elb/umn/elb_03_0003.html
zhoumeng d7316db527 ELB_UMN_20240412 
Reviewed-by: Hajba, László Antal <laszlo-antal.hajba@t-systems.com>
Co-authored-by: zhoumeng <zhoumeng35@huawei.com>
Co-committed-by: zhoumeng <zhoumeng35@huawei.com>
2024-07-08 14:48:28 +00:00

53 lines
8.6 KiB
HTML
Raw Blame History

<a name="elb_03_0003"></a><a name="elb_03_0003"></a>
<h1 class="topictitle1">Access Control</h1>
<div id="body1516617042123"><p id="elb_03_0003__p7557113410409">Access control allows you to add a whitelist or blacklist to specify IP addresses that are allowed or denied to access a listener. A whitelist allows specified IP addresses to access the listener, while a blacklist denies access from specified IP addresses.</p>
<div class="notice" id="elb_03_0003__note1210711144917"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><ul id="elb_03_0003__ul1810181134920"><li id="elb_03_0003__li61091194912">Adding the whitelist or blacklist may cause risks. Once a whitelist is added, only IP addresses in the whitelist can access the listener. After a blacklist is added, IP addresses in the blacklist cannot access the listener.</li><li id="elb_03_0003__li19106112498">Whitelists and blacklists do not conflict with inbound security group rules. Whitelists define the IP addresses that are allowed to access the listeners, while blacklists specify IP addresses that are denied to access the listeners. Inbound security group rules control access to backend servers by specifying the protocol, ports, and IP addresses.</li><li id="elb_03_0003__li106833558262">Access control does not restrict the <strong id="elb_03_0003__b1635114715319">ping</strong> command. You can still ping backend servers from the restricted IP addresses.<ul id="elb_03_0003__ul1389724410417"><li id="elb_03_0003__li233113436413">To ping the IP address of a shared load balancer, you need to add a listener and associate a backend server to it.</li><li id="elb_03_0003__li12843165869">To ping the IP address of a dedicated load balancer, you only need to add a listener to it.</li></ul>
</li><li id="elb_03_0003__li142973122273">Access control policies only take effect for new connections, but not for connections that have been established. If a whitelist is configured for a listener but IP addresses that are not in the whitelist can access the backend server associated with the listener, one possible reason is that a persistent connection is established between the client and the backend server. To deny IP addresses that are not in the whitelist from accessing the listener, the persistent connection between the client and the backend server needs to be disconnected.</li></ul>
</div></div>
<div class="section" id="elb_03_0003__section109371640175915"><a name="elb_03_0003__section109371640175915"></a><a name="section109371640175915"></a><h4 class="sectiontitle">Configuring Access Control</h4><ol id="elb_03_0003__ol1693724011599"><li id="elb_03_0003__li132711514413">Log in to the management console.</li><li id="elb_03_0003__li11327121564118">In the upper left corner of the page, click <span><img id="elb_03_0003__image15299767936918" src="en-us_image_0000001747739624.png"></span> and select the desired region and project.</li><li id="elb_03_0003__li17301740102218">Click <span><img id="elb_03_0003__image128541183675133" src="en-us_image_0000001794660485.png"></span> in the upper left corner to display <strong id="elb_03_0003__b11199472675133">Service List</strong> and choose <strong id="elb_03_0003__b103720198075133">Network</strong> &gt; <strong id="elb_03_0003__b191380200375133">Elastic Load Balancing</strong>.</li></ol><ol start="4" id="elb_03_0003__ol7937240175912"><li id="elb_03_0003__li12937184095920">Locate the load balancer and click its name.</li><li id="elb_03_0003__li732042314481">You can configure access control for a listener in either of the following ways:<ul id="elb_03_0003__ul4729655597"><li id="elb_03_0003__li167299519597">On the <strong id="elb_03_0003__b22791632141612">Listeners</strong> page, locate the listener and click <strong id="elb_03_0003__b3734144441618">Configure</strong> in the <strong id="elb_03_0003__b524420484163">Access Control</strong> column.</li><li id="elb_03_0003__li355119112116">Click the name of the listener. On the <strong id="elb_03_0003__b41081446102011">Basic Information</strong> page, click <strong id="elb_03_0003__b1761820585206">Configure</strong> on the right of <strong id="elb_03_0003__b61414522120">Access Control</strong>.</li></ul>
</li><li id="elb_03_0003__li09947412311">In the displayed <strong id="elb_03_0003__b107874916410">Configure Access Control</strong> dialog box, configure parameters as shown in <a href="#elb_03_0003__table159371240125911">Table 1</a>.
<div class="tablenoborder"><a name="elb_03_0003__table159371240125911"></a><a name="table159371240125911"></a><table cellpadding="4" cellspacing="0" summary="" id="elb_03_0003__table159371240125911" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="elb_03_0003__row20937194017599"><th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.3.3.3.3.2.4.1.1"><p id="elb_03_0003__p159371240155912"><strong id="elb_03_0003__b842352706114331">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.3.3.3.3.2.4.1.2"><p id="elb_03_0003__p179371740105912"><strong id="elb_03_0003__b8423527061772">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.3.3.3.3.2.4.1.3"><p id="elb_03_0003__p10937104025916"><strong id="elb_03_0003__b842352706194150">Example Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="elb_03_0003__row17641244188"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.3.3.3.2.4.1.1 "><p id="elb_03_0003__p1764152416188">Access Control</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.3.3.3.2.4.1.2 "><p id="elb_03_0003__p571112817239">Specifies how access to the listener is controlled. Three options are available:</p>
<ul id="elb_03_0003__ul13289134512316"><li id="elb_03_0003__li14611327183216"><strong id="elb_03_0003__b7186124335410">All IP addresses</strong>: All IP addresses can access the listener.</li><li id="elb_03_0003__li19289114517237"><strong id="elb_03_0003__b9916158135417">Whitelist</strong>: Only IP addresses in the IP address group can access the listener.</li><li id="elb_03_0003__li14191417243"><strong id="elb_03_0003__b10609970555">Blacklist</strong>: IP addresses in the IP address group are not allowed to access the listener.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.3.3.3.2.4.1.3 "><p id="elb_03_0003__p1476532421817">Blacklist</p>
</td>
</tr>
<tr id="elb_03_0003__row484412181181"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.3.3.3.2.4.1.1 "><p id="elb_03_0003__p168451218151813">IP Address Group</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.3.3.3.2.4.1.2 "><p id="elb_03_0003__p1484541812184">Specifies the IP address group associated with a whitelist or blacklist. If there is no IP address group, create one first. For more information, see <a href="elb_ug_ip_0000.html#elb_ug_ip_0000__section1143912015382">IP Address Group Overview</a>.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.3.3.3.2.4.1.3 "><p id="elb_03_0003__p11574181042917">ipGroup-b2</p>
</td>
</tr>
<tr id="elb_03_0003__row1993734018590"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.3.3.3.2.4.1.1 "><p id="elb_03_0003__p793754019597">Access Control</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.3.3.3.2.4.1.2 "><p id="elb_03_0003__p967517492305">If you have set <strong id="elb_03_0003__b81010361142">Access Control</strong> to <strong id="elb_03_0003__b13111436347">Whitelist</strong> or <strong id="elb_03_0003__b1511143615419">Blacklist</strong>, you can enable or disable access control.</p>
<ul id="elb_03_0003__ul18937740125914"><li id="elb_03_0003__li0776145410312">Only after you enable access control, the whitelist or blacklist takes effect.</li><li id="elb_03_0003__li171440105326">If you disable access control, the whitelist or blacklist does not take effect.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.3.3.3.2.4.1.3 "><p id="elb_03_0003__p8938040105917">N/A</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="elb_03_0003__li1193811400599">Click <strong id="elb_03_0003__b842352706102911">OK</strong>.</li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="elb_ug_fw_0000.html">Access Control</a></div>
</div>
</div>
View Git Blame Copy Permalink