To ensure the security and stability of Lindorm, the system prevents devices from accessing Lindorm instances by default. Before you use a Lindorm instance, configure a whitelist for the instance to allow external devices to access the instance. The security of Lindorm instances can be enhanced if you properly configure whitelists. We recommend that you maintain your whitelists on a regular basis.
Before you begin
Before you configure an IP whitelist for a Lindorm instance, obtain the IP addresses of the clients from which you want to allow access to the instance based on the installation locations.
Client installation location | Network type | How to obtain the IP address of a client |
---|---|---|
(Recommended) Elastic Compute Service (ECS) instance | Virtual private cloud (VPC) | Check the IP address of the ECS instance. For more information, see How do I query the IP addresses of ECS instances? Note Make sure that the ECS instance and the Lindorm instance reside in the same VPC. |
On-premises device | Internet | Select one of the following methods based on the operating system of the on-premises device:
|
Procedure
Warning If you add 0.0.0.0/0 to the whitelist, all IP addresses can access the Lindorm instance. In this case, high security risks occur on Lindorm. Proceed with caution.
- Log on to the Lindorm console.
- In the upper-left corner of the page, select the region in which the instance is located.
- On the Instances page, click the ID of the instance that you want to manage or click Manage in the Actions column corresponding to the instance.
- In the left-side navigation pane, click Access Control.
- On the page that appears, click Modify Whitelist.
- In the Modify Whitelist dialog box, add the IP addresses or CIDR blocks from which you want to allow access to the instance to the whitelist. Important
- You can specify the IP addresses or CIDR blocks in the following formats:
- Use a single IP address. For example, you can add 192.0.XX.XX.XX to the whitelist.
- Use Classless Inter-Domain Routing (CIDR) notation to specify IP ranges. For more information about CIDR notation, see What is CIDR? For example, you can add 192.0.XX.XX/24 to the whitelist. The suffix /24 indicates that the network prefix of the CIDR block is 24 bits in length. The value of the suffix ranges from 1 to 32.
- Separate multiple IP addresses or CIDR blocks with commas (,).
- If you add 127.0.0.1 to the whitelist, all IP addresses are prohibited from accessing the Lindorm instance.
- You can specify the IP addresses or CIDR blocks in the following formats:
- Click OK.