MySQL service firewall exposes a broad range of addresses

Security · Azure Database for MySQL · Rule · 2020_06 · Important

Determine if there is an excessive number of permitted IP addresses.

Description

Typically the number of IP address rules permitted through the firewall is minimal, with management connectivity from on-premises and cloud application connectivity the most common.

Recommendation

The MySQL server has greater then ten (10) public IP addresses that are permitted network access. Some rules may not be needed or can be reduced.

Notes

This rule is only applicable for the Azure Database for MySQL Single Server deployment model.

Links

• SE:06 Network controls
• Create and manage Azure Database for MySQL firewall rules by using the Azure portal
• Create and manage Azure Database for MySQL VNet service endpoints and VNet rules by using the Azure portal
• Azure deployment reference

Comments