stackoom
  简体   繁体   中英

gcp external load balancer port blocking

 原文  2023-01-25 05:48:03       google-cloud-platform/ gcp-load-balancer/ google-cloud-armor

Question

I have GCP setup with external https load balancer and backend services with server less NEG. in front of the load balancer that has another cloud WAF. my requirement is when we blocking all IP ranges (except cloud WAF) from cloud armor security policy that will be apply only for layer 7. when we scan port in load balancer IP, port 80 and 443 are open for everyone in layer 3 and 4 is there any security rule for layer3 and layer 4?

I have config cloud armor IP blocking security policy.

1 answers

solution1
 0  2023-01-25 14:17:52

The GCLB will have open ports enabled by default: https://cloud.google.com/load-balancing/docs/https#open_ports

How are you instituting the IP allow/deny rule? Are you inspecting a header with the contained IPs, which would imply L7 rules? Generally with an IP ACL rule, Cloud Armor will look at the connecting IP and issue a block at the lower layer and not use L7 rules.

Taking a step back, what is the concern you are trying to mitigate?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question GCP - No tags for Global Load Balancer GCP: load balancer rewrite path GCP API Gateway is confused about JWT by adding an external load-balancer in front How to Send 103 Early Hints via GCP External HTTPS Load Balancer? Can't set up the GCP's external load balancer to work correctly with Terraform GCP TCP Load Balancer with PROXY Protocol GCP HTTP/S Load Balancer Routing Rules GCP Google Cloud - Cannot create Load Balancer Auto Scaling Without Load Balancer in GCP Issue with routing rules in GCP Load Balancer
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM