GET https://recommender.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/recommenders/google.cloudsql.instance.SecurityRecommender/recommendations?filter=recommenderSubtype=REMOVE_BROAD_PUBLIC_IP_RANGE
GET https://recommender.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/insightTypes/google.cloudsql.instance.SecurityInsight/insights?filter=insightSubtype=BROAD_AUTHORIZED_NETWORKS
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-19。"],[],[],null,["# Improve instance security by removing broad public IP ranges from authorized networks\n\n\u003cbr /\u003e\n\n[MySQL](/sql/docs/mysql/recommender-broad-address \"View this page for the MySQL database engine\") \\| PostgreSQL \\| [SQL Server](/sql/docs/sqlserver/recommender-broad-address \"View this page for the SQL Server database engine\")\n\n\u003cbr /\u003e\n\nThis page describes how to view and implement recommendations about when to remove\nthe IP address range of `0.0.0.0/0` from authorized networks.\nInstances with `0.0.0.0/0` in authorized networks accept connections from all internet IPs. This [recommender](/recommender/docs/overview) is called **Remove broad public access**.\n\nEvery day, this recommender\nproactively detects instances that have broad public IP address ranges and provides insights and recommendations to improve\nyour instance security. You can view insights and detailed recommendations about instances that have public IP address\nranges enabled and are vulnerable to security breaches by using the Google Cloud console,\n[gcloud CLI](/sdk/gcloud), or the [Recommender API](/recommender/docs/using-api).\n\nBefore you begin\n----------------\n\nEnsure that you [enable the Recommender API](/recommender/docs/enabling).\n\n### Required roles and permissions\n\nTo get the permissions to view and work with insights and recommendations,\nensure that you have the required [Identity and Access Management (IAM) roles](/sql/docs/postgres/project-access-control#roles).\n\nFor more information about IAM roles, see [IAM basic and predefined roles reference](/iam/docs/understanding-roles) and [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\n\u003cbr /\u003e\n\nList the recommendations\n------------------------\n\nTo list the recommendations, follow these steps: \n\n### Console\n\nTo list recommendations about instance security, follow these steps:\n\n1. Go to the **Cloud SQL Instances** page.\n\n [Go to Cloud SQL Instances](https://console.cloud.google.com/sql/instances)\n2. View the **Issues** column in the instance table.\n\nAlternatively, follow these steps:\n\n1. Go to the **Recommendation Hub**.\n\n [Go to the Recommendation Hub](https://console.cloud.google.com/home/recommendations/)\n\n For more information, see [Exploring recommendations](/recommender/docs/recommendation-hub/identify-configuration-problems).\n2. In the **All recommendations** card, click **Security**.\n\n### gcloud\n\nRun the [`gcloud recommender recommendations list`](/sdk/gcloud/reference/recommender/recommendations/list) command as follows: \n\n```\ngcloud recommender recommendations list \\\n--project=PROJECT_ID \\\n--location=LOCATION \\\n--recommender=google.cloudsql.instance.SecurityRecommender \\\n--filter=recommenderSubtype=REMOVE_BROAD_PUBLIC_IP_RANGE\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region where your instances are located, such as us-central1.\n\n### API\n\nCall the [`recommendations.list`](/recommender/docs/reference/rest/v1beta1/projects.locations.recommenders.recommendations/list) method as follows: \n\n```\nGET https://recommender.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/recommenders/google.cloudsql.instance.SecurityRecommender/recommendations?filter=recommenderSubtype=REMOVE_BROAD_PUBLIC_IP_RANGE\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region where your instances are located, such as `us-central1`.\n\nView insights and detailed recommendations\n------------------------------------------\n\nTo view insights and detailed recommendations, follow these steps: \n\n### Console\n\nAfter listing the recommendations, click a recommendation.\nThe recommendation panel appears, which contains insights and detailed recommendations.\n\n### gcloud\n\nRun the [`gcloud recommender insights list`](/sdk/gcloud/reference/recommender/insights/list) command as follows: \n\n```\n\ngcloud recommender insights list \\\n--project=PROJECT_ID \\\n--location=LOCATION \\\n--insight-type=google.cloudsql.instance.SecurityInsight \\\n--filter=insightSubtype=BROAD_AUTHORIZED_NETWORKS\n\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e : A region where your instances are located, such as `us-central1`.\n\n### API\n\nCall the [`insights.list`](/recommender/docs/reference/rest/v1beta1/projects.locations.insightTypes.insights/list) method as follows: \n\n```\n\nGET https://recommender.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/insightTypes/google.cloudsql.instance.SecurityInsight/insights?filter=insightSubtype=BROAD_AUTHORIZED_NETWORKS\n\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region where your instances are located, such as `us-central1`.\n\nApply the recommendation\n------------------------\n\n### Console\n\nTo implement this recommendation, click **Manage authorized networks** and then use one of the following options:\n\n- Remove broad IP addresses from authorized networks. For more information, see [Authorize with authorized networks](/sql/docs/mysql/authorize-networks).\n- Use [Cloud SQL Auth Proxy](/sql/docs/postgres/sql-proxy) and [Cloud SQL Language Connectors](/sql/docs/postgres/language-connectors).\n\n### gcloud\n\nTo implement this recommendation, use one of the following options:\n\n- Remove broad IP addresses from authorized networks. For more information, see [Authorize with authorized networks](/sql/docs/mysql/authorize-networks).\n- Use [Cloud SQL Auth Proxy](/sql/docs/postgres/sql-proxy) and [Cloud SQL Language Connectors](/sql/docs/postgres/language-connectors).\n\n### API\n\nTo implement this recommendation, use one of the following options:\n\n- Remove broad IP addresses from authorized networks. For more information, see [Authorize with authorized networks](/sql/docs/mysql/authorize-networks).\n- Use [Cloud SQL Auth Proxy](/sql/docs/postgres/sql-proxy) and [Cloud SQL Language Connectors](/sql/docs/postgres/language-connectors).\n\nWhat's next\n-----------\n\n- [Authorize with authorized networks](/sql/docs/mysql/authorize-networks)\n- [Cloud SQL Auth Proxy](/sql/docs/postgres/sql-proxy)\n- [Cloud SQL Language Connectors](/sql/docs/postgres/language-connectors)\n- [Google Cloud recommenders](/recommender/docs/recommenders)\n- [Blog: Maximize your Cloud ROI](https://cloud.google.com/blog/products/management-tools/active-assist-comes-to-google-cloud)"]]
