The IP configuration allow a lot of IPs

ID

azure_sql_server_ip_config

Severity

high

Vendor

Azure

Resource

Network

Tags

reachable

Description

The IP configuration allow a lot of IPs. If you configure start_ip_address=0.0.0.0 or end_ip_address=255.255.255.255 a range of IPs can contain a lot of IPs. You must configure a limited IP range.

Learn more about this topic at Azure SQL firewall rule.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create (or update) Firewall Rule
      azure_rm_sqlfirewallrule:
        resource_group: myResourceGroup
        server_name: firewallrulecrudtest-6285
        name: firewallrulecrudtest-5370
        start_ip_address: 0.0.0.0
        end_ip_address: 172.28.10.138
    - name: Create (or update) Firewall Rule
      azure_rm_sqlfirewallrule:
        resource_group: myResourceGroup2
        server_name: firewallrulecrudtest-6286
        name: firewallrulecrudtest-5371
        start_ip_address: 172.28.10.138
        end_ip_address: 255.255.255.255

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create (or update) Firewall Rule
      azure_rm_sqlfirewallrule:
        resource_group: myResourceGroup
        server_name: firewallrulecrudtest-6285
        name: firewallrulecrudtest-5370
        start_ip_address: 172.28.10.136
        end_ip_address: 172.28.10.138