This topic describes how to enable access control for a listener. You can enable access control for each listener of a Classic Load Balancer (CLB) instance. You can set whitelists or blacklists for different listeners to regulate network access control.

Prerequisites

Before you enable access control, make sure that the following requirements are met:

Procedure

  1. Log on to the CLB console.
  2. Select the region where the CLB instance that you want to manage is created.
  3. Click the ID of the CLB instance.
  4. Click the Listener tab, find the listener that you want to manage, and then choose More > Set Access Control in the Actions column.
  5. Set the following parameters and click OK.
    Parameter Configuration method
    Enable Access Control Enable access control.
    Access Control Method Select an access control mode. Valid values:
    • Whitelist: After you set a whitelist for a listener, the listener forwards only requests from IP addresses or CIDR blocks that are added to the whitelist.

      Risks may arise if the whitelist is improperly set. After a whitelist is configured, only IP addresses in the whitelist can access the CLB listener. If you enable a whitelist but the whitelist does not contain an IP address, the listener forwards all requests.

    • Blacklist: After you set a blacklist for a CLB listener, the listener blocks requests from IP addresses or CIDR blocks that are added to the blacklist.

      After you enable a blacklist, if no IP address is added to the blacklist, the listener forwards all requests.

    Access Control List Select a network ACL.

    IPv6 instances can be associated only with IPv6 network ACLs, and IPv4 instances can be associated only with IPv4 network ACLs.

    Note Separate multiple IP entries with commas (,). You can add up to 300 IP entries to each network ACL. IP entries must be unique within each network ACL.