Evaluates as Compliant if no listener whitelist of a Server Load Balancer (SLB) instance contains a specified IP address or Classless Inter-Domain Routing (CIDR) block.
Scenarios
Use this rule to verify that SLB listener whitelists do not contain specific IP addresses or CIDR blocks, reducing network exposure and strengthening cloud network security.
Risk level
Default risk level: high.
You can change the risk level based on your business requirements when you apply this rule.
Compliance evaluation logic
- If no listener whitelist of an SLB instance contains a specified IP address or CIDR block, the evaluation result is Compliant.
- If a listener whitelist of an SLB instance contains a specified IP address or CIDR block, the evaluation result is Incompliant. For remediation steps, see Incompliance remediation.
Rule details
| Item | Description |
| Rule name | slb-acl-no-has-specified-ip |
| Rule identifier | slb-acl-no-has-specified-ip |
| Tag | SLB and LoadBalancer |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | SLB |
| Input parameter | IpAddress |
Incompliance remediation
Configure a whitelist or blacklist for an SLB listener. For more information, see Enable access control.
该文章对您有帮助吗?