Severity Framework
Snyk CCSS
Rule category
Network / Public Access
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Azure
CIS-Controls
CSA-CCM
ISO-27001
NIST-800-53
PCI-DSS
SOC-2
- Snyk ID SNYK-CC-00660
- credit Snyk Research Team
Description
To reduce the potential attack surface for a SQL server, firewall rules should be defined with more granular IP addresses by referencing the range of addresses available from specific data centers.
How to fix?
Set start_ip_address
and end_ip_address
to specific IP address only, e.g. 10.0.17.62
.
An invalid range has start IP set to 0.0.0.0
and end IP set to 0.0.0.0
or 255.255.255.255
.
Example Configuration
"resources": [
{
"type": "Microsoft.Sql/servers/firewallRules",
"apiVersion": "2022-05-01-preview",
"name": "test660deal1/allowed",
"properties": {
"endIpAddress": "10.0.17.62",
"startIpAddress": "10.0.17.62"
},
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', 'test660deal1')]"
]
}
]