All Products
Search
Document Center

ApsaraDB for SelectDB:Configure an IP address whitelist

Last Updated:Aug 28, 2024

To ensure the security and stability of ApsaraDB for SelectDB instances, the system rejects requests from all IP addresses to access ApsaraDB for SelectDB instances by default. Before you use an ApsaraDB for SelectDB instance, you must add the IP addresses or CIDR blocks of a client to the whitelist of the ApsaraDB for SelectDB instance.

Prerequisites

An ApsaraDB for SelectDB instance is created. For more information, see Create an instance.

Usage notes

  • You can configure a whitelist for an ApsaraDB for SelectDB instance to protect the instance security at a higher level. We recommend that you maintain the whitelist on a regular basis.

  • When you configure a whitelist for an ApsaraDB for SelectDB instance, the ApsaraDB for SelectDB instance runs as expected.

  • If you add 0.0.0.0/0 to a whitelist of an ApsaraDB for SelectDB instance, all IP addresses are allowed to access the instance. This operation poses security risks. Proceed with caution.

  • ApsaraDB for SelectDB provides a whitelist named default. You cannot delete the whitelist. You can only modify or clear the settings of the whitelist.

  • The default whitelist contains only the IP address 127.0.0.1 and rejects requests from all IP addresses to access the ApsaraDB for SelectDB instance.

  • Each whitelist of an ApsaraDB for SelectDB instance can contain up to 1,000 IP addresses or CIDR blocks.

  • It takes about 1 minute to add IP addresses or CIDR blocks to a whitelist, remove IP addresses or CIDR blocks from a whitelist, or modify IP addresses or CIDR blocks in a whitelist.

Procedure

  1. Log on to the ApsaraDB for SelectDB console.

  2. In the top navigation bar, select the region in which the ApsaraDB for SelectDB instance resides.

  3. In the left-side navigation pane, click Instances. On the Instances page, find the ApsaraDB for SelectDB instance that you want to manage and click its ID. The Instance Details page appears.

  4. In the left-side navigation pane of the Instance Details page, click Data Security.

  5. On the Data Security page, find the default whitelist and click Modify in the Actions column.

    Note

    Alternatively, you can click Create Whitelist. In the Create Whitelist panel, configure the Whitelist Name and Whitelist parameters.

  6. In the Modify Whitelist panel, add IP addresses or CIDR blocks to the whitelist.

  7. Click OK.

    After the IP addresses or CIDR blocks are added to the whitelist, you can view the IP addresses or CIDR blocks that you added on the Data Security page.