This topic describes the managed rules that are provided in the BestPracticesForNetwork compliance package template.

Rule name Description
slb-loadbalancer-bandwidth-limit If the available bandwidth of each Server Load Balancer (SLB) instance is greater than or equal to the value specified by the input parameter, the evaluation result is compliant.
slb-listener-https-enabled If ports 80 and 8080 are used by the HTTPS listeners of each SLB instance, the evaluation result is compliant.
sg-public-access-check If the inbound authorization policy of each security group is set to Allow and you set the port range to -1/-1 or the authorized IP address to 0.0.0.0/0, the evaluation result is compliant.
sg-risky-ports-check If 0.0.0.0/0 is added to the IP address whitelist of each security group and ports 22 and 3389 are disabled, the evaluation result is compliant.
eip-bandwidth-limit If the available bandwidth of an elastic IP address (EIP) is greater than or equal to the value specified by the input parameter, the evaluation result is compliant.
cdn-domain-https-enabled If HTTPS is enabled for each domain name accelerated by Alibaba Cloud CDN, the evaluation result is compliant.
slb-aliyun-certificate-required If each SLB instance uses the certificates that are issued by Alibaba Cloud, the evaluation result is compliant.
vpn-ipsec-connection-health-check-open If the health check feature is enabled for each IPsec-VPN connection, the evaluation result is compliant.
vpc-flow-logs-enabled If the flow log feature is enabled for each virtual private cloud (VPC), the evaluation result is compliant.
slb-delete-protection-enabled If the release protection feature is enabled for each SLB instance, the evaluation result is compliant.
slb-server-certificate-expired If the certificates used by each SLB instance are valid, the evaluation result is compliant.
slb-status-active-check If each SLB instance is in the Running state, the evaluation result is compliant.
slb-servercertificate-expired-check If the remaining validity period before the server certificate of SLB expires is longer than or equal to the period specified by the input parameter, the evaluation result is compliant.
slb-instance-expired-check If the remaining validity period of each subscription SLB instance is longer than or equal to the period specified by the input parameter, the evaluation result is compliant.
slb-instance-loadbalancerspec-check If all SLB instances in use are high-performance SLB instances, the evaluation result is compliant.
slb-instance-autorenewal-check If the auto-renewal feature is enabled for each subscription SLB instance, the evaluation result is compliant.
slb-backendserver-weight-check If each SLB instance has a backend server and the weight of the backend server is not set to 0, the evaluation result is compliant.