HomeNetworkLoad BalancersHow to
Create and manage ACLs

Jump toUpdate content

How to create and manage ACLs

Published on 04 February 2022

An Access Control List (ACL) is a list of permissions that control which traffic (based on source and destination IPs, or HTTPS information) is allowed to pass through your Load Balancer. This allows you to build extra security into your Load Balancer, and permit or deny access to the application(s) behind it.

Requirements:

How to create ACLs

  1. Click Load Balancers in the Network section of the Scaleway Console side menu.

  2. Click the Load Balancer you want to create ACLs for.

  3. Click the Frontends tab.

  4. Click the «See more Icon» icon next to the frontend you want to create ACLs for, and select Manage ACLs from the dropdown list.

  5. Click Create an ACL.

  6. Enter the following information in the pop-up form:

    • ACL name: a name for your ACL
    • Priority: a priority number for your ACL. ACLs are dealt with in order of priority, starting from the lowest numbered rule.
    • Protocol type: choose TCP or HTTPS. If your backend protocol is TCP, you must select TCP here. If your backend protocol is HTTPS, you can select TCP or HTTPS.
    • Control action: Choose the action to take if your filters (path, header and/or IP) match.
      • Allow if: allow access if filter matches
      • Allow unless: allow access unless the filter matches
      • Refuse if: refuse access if the filter matches
      • Refuse unless: refuse access unless the filter matches
    • IP list: The IPs to filter for. You can add one/many invidual IPv4/IPv6 addresses, or one/many IP blocks. Enter the IP or IP block, click Add IP and continue until you have added all the IPs/blocks required.

    If you select the HTTPS protocol, an additional prompt appears, allowing you to filter on HTTPS data (paths or headers):

    • Filter type: choose from path_begin to filter on the beginning of the URL, path_end to filter on the end of the URL or regex to filter on a regular expression to match in the URL, enter the value/s to match and click Add Filter. Repeat for as many filter types and values as you wish.
    • If you choose the header filter type, an additional prompt appears:
      • Header name: enter a header name to filter on (one max per ACL)
      • Values: enter the values to match in the specified header (as many as you wish) and click Add filter for each.
  7. Click Create ACL to finish. You are redirected to the ACLs tab, where your new ACL now appears.

  8. Repeat steps 5 and 6 to create new ACLs. Remember that they will be applied in order, according to the priority number you give each ACL.

Tip:
  • ACLs are applied by the Load Balancer in order of priority, where the ACL with priority 1 (or the lowest given number) is applied first, followed by the next highest number etc.
  • An ACL which gives access to traffic based on the filter condition allow if, will therefore reject all traffic that does not match that filter condition.
  • Any ACLS further down the priority list that then attempt to give access to traffic that was already refused by a higher-priority rule, will therefore not be successful in allowing access. The traffic has already been refused.
  • You should therefore be careful in using the allow if and refuse unless actions with a high priority ACL that is part of a long list of ACLs. Depending on your use case, you may wish to favour the allow unless and reject if actions for high priority ACLs.

How to edit ACLs

  1. Click Load Balancers in the Network section of the Scaleway Console side menu.

  2. Click the Load Balancer you want to create ACLs for.

  3. Click the Frontends tab.

  4. Click the «See more Icon» icon next to the frontend whose ACL(s) you want to edit, and select Manage ACLs from the dropdown list. The list of your ACLs displays.

  5. Click the «See more Icon» icon next to the ACL you wish to edit, and select Edit.

  6. Edit the ACL as required, and click Update ACL to finish.

How to delete ACLs

  1. Click Load Balancers in the Network section of the Scaleway Console side menu.

  2. Click the Load Balancer you want to create ACLs for.

  3. Click the Frontends tab.

  4. Click the «See more Icon» icon next to the frontend whose ACL(s) you want to delete, and select Manage ACLs from the dropdown list. The list of your ACLs displays.

  5. Click the «See more Icon» icon next to the ACL you wish to edit, and select Delete.

  6. Confirm the action by clicking Delete this ACL.

See Also