All Products
Search

This Product

    Microservices Engine:Configure a whitelist

    Document Center

    Microservices Engine:Configure a whitelist

    Last Updated:Jan 09, 2026

    Improve the security of your instance by configuring a public IP address whitelist. This list restricts access to specific IP addresses or CIDR blocks. To configure the whitelist, you must add the public IP address of each device that needs to access the instance.

    Prerequisites

    Limits

    • Microservices Registry does not support private network whitelists. You can add a maximum of 1,000 entries to the public IP address whitelist.

    • Regularly review and update the whitelist to maintain access for authorized devices.

    • For instances without authentication, the CIDR block prefix length must be greater than 16. This is to prevent the use of overly broad IP ranges that create security risks.

    Procedure

    1. Log on to the MSE console, and select a region in the top navigation bar.

    2. In the left-side navigation pane, choose Microservices Registry > Instances.

    3. On the Instances page, click the name of the instance.

    4. On the Basic Information page, click the 编辑图标 icon next to Public IP Address Whitelist.

    5. In the Public IP Address Whitelist dialog box, enter the CIDR blocks for the public IP addresses that you want to grant access to, and click OK.

      • If the whitelist is empty, the instance is accessible from any IP address.

        Important

        If you are configuring a whitelist for a Nacos instance, an empty whitelist exposes the instance to the Internet. If authentication is not enabled for the Nacos engine, this can expose sensitive data. Before you clear the whitelist, confirm this is your intended configuration. We recommend enabling authentication before you clear the whitelist. For more information about how to enable authentication, see Access authentication by the Nacos client.

      • If you specify public IP addresses, only the specified IP addresses or CIDR blocks can access the instance.

        The whitelist accepts IP addresses in CIDR notation (for example, X.X.X.X/X). The /X represents the prefix length. If you set the whitelist to 127.0.0.1/32, access from all public IP addresses is denied.

        You can add multiple public IP addresses or CIDR blocks. Separate entries with commas. The prefix length must be an integer from 1 to 32, and the host bits in the address must be 0.

    How to find your public IP address

    • curl ipinfo.io

    • curl ip.cn

    • curl cip.cc

    • curl ifconfig.me

    • curl myip.ipip.net