This topic describes how to enable access control for a listener. SLB provides listener-based access control. You can configure different whitelists or blacklists for different listeners.

Prerequisites

Before you enable access control, make sure that the following requirements are met:

Procedure

  1. Log on to the Server Load Balancer console.
  2. Select the region of the target SLB instance.
  3. Find the target SLB instance and click its instance ID.
  4. On the page that appears, click the Listener tab.
  5. Find the target listener and choose More > Set Access Control in the Actions column.
    Set Access Control
  6. In the Access Control Settings dialog box, enable access control and configure the whitelist, and then click OK.
    • Whitelist: Only the requests from the IP addresses or CIDR blocks in the specified ACL are forwarded. You can use the whitelist feature when you want to allow access from specified IP addresses.

      Using the whitelist feature may pose risks to your services. The whitelist allows only the traffic from the IP addresses in the specified ACL to access the SLB listener. If the whitelist is used while the corresponding ACL does not contain any IP addresses, the SLB listener forwards all access requests.

    • Blacklist: Requests from the IP addresses or CIDR blocks in the specified access control list are not forwarded. You can use the blacklist feature when you want to deny access from specified IP addresses.

      If the blacklist is used while the corresponding ACL does not contain any IP addresses, the SLB listener forwards all access requests.

    Note The access control feature works only for new connection requests and does not affect existing connections.