This topic describes how to enable access control for a listener. You can enable access control for each listener of a Classic Load Balancer (CLB) instance. You can configure access control when you create a listener or modify the access control settings of an existing listener.
Access control lists (ACLs)
- A whitelist is used for scenarios in which you want to allow access only from specific IP addresses or CIDR blocks.
Your service may be adversely affected if the whitelist is not properly configured. If a whitelist is configured for a listener, only requests from IP addresses that are added to the whitelist are forwarded by the listener. If you enable a whitelist but do not add an IP address to the whitelist, the listener forwards all requests.
- A blacklist is used for scenarios in which you want to deny access from specific IP addresses or CIDR blocks.
If a blacklist is configured for a listener but no IP addresses are added to the blacklist, the listener forwards all requests.
Limits
- You can associate only one ACL with each listener of a CLB instance.
- IPv6 instances can be associated only with IPv6 ACLs, and IPv4 instances can be associated only with IPv4 ACLs.
- The total number of IP entries added to ACLs that are associated with the same listener cannot exceed 1,000.
- An ACL can be associated with up to 50 listeners.
- The IP entries in ACLs that are associated with the same listener must be unique.
Procedure
The following figure shows how to configure an ACL for a listener.
- Create an ACL and add IP addresses or CIDR blocks to the ACL. For more information, see Create a network ACL and Add IP entries.
- Enable access control for the listener. For more information, see Enable access control.
- You can disable access control in the listener configuration. For more information, see Disable access control.