All Products
Search

This Product

    Hologres:IP whitelists

    Document Center

    Hologres:IP whitelists

    Last Updated:Feb 04, 2026

    Hologres supports IP whitelists in HoloWeb to help you manage access and ensure security. This topic describes how to configure an IP whitelist for your Hologres instance.

    Notes

    Before you set an IP whitelist in HoloWeb, note the following:

    • Only Hologres V0.10.14 and later (excluding V2.0.4 to V2.0.5) support IP whitelists. Check your current instance version on the instance details page in the Hologres console or by running the select hg_version() command. If your instance version is earlier than V0.10.14, you can join the Hologres DingTalk group to request an upgrade. For more information, see How do I get more online support?.

    • After you purchase a Hologres instance, it is accessible from all networks by default if no IP whitelist is configured.

    • Only instance administrators (Superusers) can configure IP whitelists.

    • Whitelist settings take effect only for new connections. Existing connections are not automatically disconnected when the whitelist is modified. To release existing connections, see Release a connection.

    • When you configure a data connection in HoloWeb, set the Logon Method to Passwordless logon for current user to configure an IP whitelist for the current connection. For instructions on how to configure a connection to a Hologres instance, see Connect to a Hologres instance.当前用户免密登录

    • After you set a whitelist, DataStudio cannot access the instance. Therefore, follow the instructions in Add an IP whitelist to add its corresponding group to the IP whitelist to ensure normal access.

    • If Flink is connected to the Hologres instance network but still cannot access your Hologres instance, obtain the IP address and CIDR block of Flink and add them to the database whitelist. For more information about how to obtain the IP address and CIDR block of the Flink project, see How do I configure a whitelist?.

    • You cannot configure an IP whitelist on a read-only secondary instance. You can only configure it on the primary instance. The IP whitelist of the read-only secondary instance must be the same as that of the primary instance.

    • Features in HoloWeb such as connecting to instances, the SQL editor, and user management are restricted by the IP whitelist of the Postgres database. To use these features in HoloWeb, add IP addresses to the Postgres database whitelist as needed.

    Add an IP whitelist

    1. Log on to the Hologres console. In the top menu bar, select a region.

    2. In the navigation pane on the left, click Go to HoloWeb to go to the HoloWeb developer interface.

    3. On the HoloWeb page, in the navigation pane on the left of the Security Center page, select IP Whitelist.

    4. In the upper-right corner of the page, click Add IP Address to Whitelist and configure the following parameters.

      IP白名单

      Parameter

      Description

      Group

      A custom group name.

      After you set the Logon Method to Passwordless logon for current user, you must also add the DataWorks data integration resource group to the IP whitelist. Otherwise, the feature is unavailable. Select the corresponding group name from the Group drop-down list.

      Database Restriction

      From the drop-down list, select the database for which you want to configure a whitelist. To configure a whitelist for all user-created DBs (excluding system DBs) in the current instance, select ALL.

      User Restriction

      From the drop-down list, select the user for whom you want to configure a whitelist. To configure a whitelist for all users in the current instance, select ALL.

      IP Address

      The IP addresses to be added to the whitelist. The configuration is as follows:

      • All IP addresses: Enter ALL.

      • Specific IP address: For example, 192.168.0.1. This allows access from the IP address 192.168.0.1.

      • Specific CIDR block: For example, 192.168.0.0/24. This allows access from IP addresses in the range of 192.168.0.1 to 192.168.0.255.

      • Multiple IP addresses: Enter each IP address on a new line.

    5. Click OK. After the whitelist is successfully configured, only requests from the specified IP addresses are allowed.

    Edit an IP whitelist

    To modify the IP address information in a whitelist, you can edit the whitelist. Currently, you can only change the IP addresses. To change information such as database or user restrictions, create a new IP whitelist.

    Note

    Only instance administrators (Superusers) can edit IP whitelists.

    1. On the HoloWeb page, in the navigation pane on the left of the Security Center page, select IP Whitelist.

    2. On the IP Whitelist management page, find the target IP whitelist and click Edit in the right-side column.

    3. On the Edit IP Whitelist page, modify the IP address information. For information about how to configure IP addresses, see Add an IP whitelist.

    4. Click OK to complete the configuration.

    Delete an IP whitelist

    If you no longer need an IP address whitelist, you can delete it. If you delete all IP address whitelists, the default is that no whitelist is set.

    Note

    Only instance administrators (Superusers) can edit the IP address whitelist.

    1. On the HoloWeb page, in the navigation pane on the left of the Security Center page, select IP Whitelist.

    2. On the IP Whitelist management page, find the target IP whitelist and click Delete in the right-side column.

    3. Click OK to complete the deletion.

    FAQ

    An error occurs when I configure a whitelist.

    • Symptom: An error is reported when I configure a whitelist for an instance. The error message is as follows.

      ERROR: commit ddl phase1 failed: DDLWrite is not allowed on replica

    • Cause: IP whitelists cannot be configured on read-only secondary instances.

    • Solution: Configure the IP whitelist on the primary instance. The primary instance and its secondary instances share the same whitelist configuration.