Reputation: 2151
Block direct external IP access for GCP's HTTP Load Balancer
I was wondering if someone knows how to block the HTTP access to an external IP provided by Google's Load Balancer, so you can just access it using the domain name.
For example:
- An user open a browser and navigate to
http://IP-> Block the access or forward traffic tohttps://example.com
I know some providers offers "this" (like Cloudflare), but I am in Google Cloud, and the documentation hasn't helped me a lot.
Someone knows how to achieve this?, do I need an extra configuration/service?
Upvotes: 3
Views: 4097
Answers (1)
Reputation: 2151
As John Hanley mentioned, you can achieve this by applying a cloud armor rule, checking the HTTP headers. Like this:
You must define the "greater" policy to deny all incoming request, and add a rule like the above to allow just the request with the corresponding Host (:authority for HTTP/2) header.
A note to consider is that this method does not work for backend buckets services (for now).
Upvotes: 9
Related Questions
- How do I restrict GCP load balancer access by domain, domain's IP or GKE ingress IP?
- Deny or redirect .php traffic in GCP
- How to restrict access to an external load balancer's endpoint
- How to restrict access to API Gateway from external GCP?
- Can I limit source IP to a GCP Load Balancer created by Ingress
- How to prevent public access to Compute Engine External IP Address?
- GCP: Allowing Public Ingress Web Traffic from the Load Balancer ONLY
- GCP: connection only between VM's (do not allow external IP's)
- Whitelist/Filter incoming ips for https load balancer
- Is it possible to set Load Balancing to access the resource outside GCP?