SQL Databases should only allow ingress traffic from specific IP addresses

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

By default, the “Allow access to Azure Services” setting for SQL Databases is set to “NO”, ensuring that no ingress is allowed from 0.0.0.0/0 (ANY IP). This default setting includes a firewall with a start IP of 0.0.0.0 and an end IP of 0.0.0.0, granting access to all Azure services. Disabling this setting will break all connections to the SQL server and hosted databases unless custom IP-specific rules are added in the Firewall Policy. It is recommended to define more granular IP addresses by referencing the range of addresses available from specific data centers in order to reduce the potential attack surface for the SQL server.

Remediation

From the console

  1. Go to SQL servers
  2. For each SQL server, click on Networking
  3. Uncheck the checkbox for Allow Azure services and resources to access this server
  4. Set firewall rules to limit access to only authorized connections