diff --git a/avd_docs/aws/ec2/AVD-AWS-0107/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0107/Terraform.md
index 4f72892d..48804f32 100644
--- a/avd_docs/aws/ec2/AVD-AWS-0107/Terraform.md
+++ b/avd_docs/aws/ec2/AVD-AWS-0107/Terraform.md
@@ -7,6 +7,13 @@ Set a more restrictive cidr range
  	cidr_blocks = ["10.0.0.0/16"]
  }
  
+```
+```hcl
+ resource "aws_security_group_rule" "another_good_example" {
+ 	type = "ingress"
+ 	cidr_blocks = ["1.2.3.4/24"]
+ }
+ 
 ```
 ```hcl
 resource "aws_security_group_rule" "allow_partner_rsync" {
diff --git a/checks/cloud/aws/ec2/no_public_ingress_sgr.go b/checks/cloud/aws/ec2/no_public_ingress_sgr.go
index 158a2d0f..bbd8cc19 100755
--- a/checks/cloud/aws/ec2/no_public_ingress_sgr.go
+++ b/checks/cloud/aws/ec2/no_public_ingress_sgr.go
@@ -47,7 +47,7 @@ var CheckNoPublicIngressSgr = rules.Register(
 			for _, rule := range group.IngressRules {
 				var failed bool
 				for _, block := range rule.CIDRs {
-					if cidr.IsPublic(block.Value()) && cidr.CountAddresses(block.Value()) > 1 {
+					if cidr.IsPublic(block.Value()) && (cidr.CountAddresses(block.Value()) == 255*255*255*255 || cidr.CountAddresses(block.Value()) == 0xffffffffffffffff) {
 						failed = true
 						results.Add(
 							"Security group rule allows ingress from public internet.",
diff --git a/checks/cloud/aws/ec2/no_public_ingress_sgr.tf.go b/checks/cloud/aws/ec2/no_public_ingress_sgr.tf.go
index e5d68d5d..5cd6964b 100644
--- a/checks/cloud/aws/ec2/no_public_ingress_sgr.tf.go
+++ b/checks/cloud/aws/ec2/no_public_ingress_sgr.tf.go
@@ -8,6 +8,12 @@ var terraformNoPublicIngressSgrGoodExamples = []string{
  }
  `,
 	`
+ resource "aws_security_group_rule" "another_good_example" {
+ 	type = "ingress"
+ 	cidr_blocks = ["1.2.3.4/24"]
+ }
+ `,
+	`
 resource "aws_security_group_rule" "allow_partner_rsync" {
   type              = "ingress"
   security_group_id = aws_security_group.….id
diff --git a/checks/cloud/aws/ec2/no_public_ingress_sgr_test.go b/checks/cloud/aws/ec2/no_public_ingress_sgr_test.go
index 066feab5..bcab2a16 100644
--- a/checks/cloud/aws/ec2/no_public_ingress_sgr_test.go
+++ b/checks/cloud/aws/ec2/no_public_ingress_sgr_test.go
@@ -20,7 +20,7 @@ func TestCheckNoPublicIngressSgr(t *testing.T) {
 		expected bool
 	}{
 		{
-			name: "AWS VPC ingress security group rule with wildcard address",
+			name: "AWS VPC ingress security group rule with wildcard address (0.0.0.0/0)",
 			input: ec2.EC2{
 				SecurityGroups: []ec2.SecurityGroup{
 					{
@@ -38,6 +38,25 @@ func TestCheckNoPublicIngressSgr(t *testing.T) {
 			},
 			expected: true,
 		},
+		{
+			name: "AWS VPC ingress security group rule with public address (/24)",
+			input: ec2.EC2{
+				SecurityGroups: []ec2.SecurityGroup{
+					{
+						Metadata: trivyTypes.NewTestMetadata(),
+						IngressRules: []ec2.SecurityGroupRule{
+							{
+								Metadata: trivyTypes.NewTestMetadata(),
+								CIDRs: []trivyTypes.StringValue{
+									trivyTypes.String("1.2.3.4/24", trivyTypes.NewTestMetadata()),
+								},
+							},
+						},
+					},
+				},
+			},
+			expected: false,
+		},
 		{
 			name: "AWS VPC ingress security group rule with private address",
 			input: ec2.EC2{