Join Log in
Score:1
Dani avatar Server

Add firewall rule in front of a Google Cloud Load Balancer

cn flag
Dani

I have a Load Balancer on Google Cloud.

I want to setup a simple firewall rule that will restrict access to the Load Balancer from specific ip.

How can I do it ?

434
1 + 0
Score:4
John Hanley avatar Server
cn flag
John Hanley

Yes, by adding Google Cloud Armor.

Create a security policy. Add rules to the security policy. Assign the security policy to HTTP Load Balancer. If your goal is to only allow traffic from specific addresses, be sure to change the default rule to DENY.

Configuring Google Cloud Armor security policies

Cloud Armor makes it very easy to create a rule based upon IP address match.

enter image description here

0 + 2
Dani avatar
cn flag
Dani
I managed to almost achieve what I want using VPC firewall. The only problem is that when I block the external - for some reason it also blocks the internal from the load-balancer.
0
Reply
John Hanley avatar
cn flag
John Hanley
@Dani - You cannot use a VPC firewall to block access to the load balancer. When the load balancer connects to your VM, the VPC firewall sees the load balancer's IP address and not the client's IP address. The client's IP address is stored in the HTTP header **X-Forwarded-For** and VPC firewalls do not process HTTP headers.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.