-2

I am using GCP loadbalancer for my application. Akamai has been set up as a reverse proxy. Now I want to restrict direct access from public internet to my load balancer, it should always come through Akamai. GCP provides cloud armor but it allows to add only 10 ip CIDR ranges in standard version. With the subscription model GCP has something called named IP addresses but Akamai is not a listed provider there. What are my options here? Please suggest if there is any other way apart from IP whitelsiting if it does not seem to be a good security option.

I tried adding firewall rules on my VPC but for global GCP load balancers, it does not work. I did research around cloud armor which do not allow more than 10 ip-ranges and do not have Akamai as a listed provider for named IP addresses.

ayushi gupta
  • 7
  • 2
  • First it's IP ranges, and not IP addresses, so if you have consecutive IPs, a range is more appropriate. Then, you can use multiple rules (AFAIK, the 10 limit is for 1 rule) – guillaume blaquiere Aug 25 '23 at 07:17
  • @guillaumeblaquiere Thanks for your response. There are around 25 ip ranges. I think if I split in multiple rules then it would not be a OR operation for my backend services. I need to whitelist all the IP ranges provided by Akamai for all the backend services. – ayushi gupta Aug 25 '23 at 16:35

0 Answers0