Ensure GCP Google compute firewall ingress does not allow unrestricted HTTP port 80 access
Error: GCP Firewall rule allows all traffic on HTTP port (80)
Bridgecrew Policy ID: BC_GCP_NETWORKING_17
Checkov Check ID: CKV_GCP_106
Severity: LOW
GCP Firewall rule allows all traffic on HTTP port (80)
Description
You should also consider restricting access to HTTP port 80 to only the IP addresses or ranges that need it. This can help reduce the risk of your network being accessed by unauthorized users or devices, and can also help reduce the risk of attacks such as denial of service (DoS) or distributed denial of service (DDoS) attacks.
Fix - Runtime
Fix - Buildtime
Terraform
resource "google_compute_firewall" "restricted" {
name = "example"
network = "google_compute_network.vpc.name"
allow {
protocol = "tcp"
ports = ["80"]
}
source_ranges = ["172.1.2.3/32"]
target_tags = ["ssh"]
}
Updated 9 months ago