Ensure GCP Google compute firewall ingress does not allow unrestricted HTTP port 80 access

Error: GCP Firewall rule allows all traffic on HTTP port (80)
Bridgecrew Policy ID: BC_GCP_NETWORKING_17
Checkov Check ID: CKV_GCP_106
Severity: LOW

Suggest Edits

GCP Firewall rule allows all traffic on HTTP port (80)

Description

You should also consider restricting access to HTTP port 80 to only the IP addresses or ranges that need it. This can help reduce the risk of your network being accessed by unauthorized users or devices, and can also help reduce the risk of attacks such as denial of service (DoS) or distributed denial of service (DDoS) attacks.

Fix - Runtime

Fix - Buildtime

Terraform

resource "google_compute_firewall" "restricted" {
  name    = "example"
  network = "google_compute_network.vpc.name"

  allow {
    protocol = "tcp"
    ports    = ["80"]
  }

  source_ranges = ["172.1.2.3/32"]
  target_tags   = ["ssh"]
}

Updated 9 months ago