To access the Kibana console over the Internet or an internal network, you must add
the IP address of your host to a whitelist.
Go to the access configuration page
- Log on to the Alibaba Cloud Elasticsearch console.
- In the top navigation bar, select the region where your cluster resides.
- In the left-side navigation pane, click Elasticsearch Clusters. On the page that appears, find the target cluster and click its ID in the Cluster ID/Name column.
- In the left-side navigation pane, click Data Visualization.
- In the Kibana section of the page that appears, click Edit Configuration.
You can then view the Network Access Configuration section on the Kibana Configuration page.
- In the Network Access Configuration section, you can perform the following operations:

- Configure an IP address whitelist for access to the Kibana console over the Internet
Add the public IP address of your host to the IP address whitelist for access to the
Kibana console over the Internet. Then, you can use this host to access the Kibana
console. By default, 0.0.0.0/0 is added to the whitelist. This indicates that requests
from all IPv4 addresses are allowed.
Notice After the IP address whitelist for access to the Kibana console over the Internet
is configured, you can use the Kibana console to access only services in virtual private
clouds (VPCs). You cannot use the Kibana console to access Internet services such
as Baidu Maps and AMAP.
- Configure an IP address whitelist for access to the Kibana console over an internal network
Add the private IP address of your host to the IP address whitelist for access to
the Kibana console over an internal network. Then, you can use this host to access
the Kibana console. You can configure the whitelist only after you enable the Private
Network Access feature. This feature is disabled by default.
Configure an IP address whitelist for access to the Kibana console over the Internet
- In the Network Access Configuration section of the Kibana Configuration page, check whether Public Network Access is turned on (indicated by the color green).
Notice
By default, Public Network Access is turned on.
If Public Network Access is turned off, you cannot log on to the Kibana console over the Internet.
- If yes, go to the next step.
- If no, click Public Network Access to turn it on.
- Click Update next to Kibana Whitelist.
- Enter the IP address that you want to add in the text box.
You can add IP addresses or Classless Inter-Domain Routing (CIDR) blocks. Enter IP
addresses in the 192.168.0.1
format and CIDR blocks in the 192.168.0.0/24
format. Separate multiple IP addresses and CIDR blocks with commas (,). You can enter
127.0.0.1
to deny requests from all IPv4 addresses or enter 0.0.0.0/0
to allow requests from all IPv4 addresses.
If your Elasticsearch cluster is deployed in the China (Hangzhou) region, you can
add IPv6 addresses to the whitelist in the 2401:b180:1000:24::5
format or CIDR blocks in the 2401:b180:1000::/48
format. You can enter ::1
to deny requests from all IPv6 addresses or ::/0
to allow requests from all IPv6 addresses.
- Click OK.
Configure an IP address whitelist for access to the Kibana console over an internal
network
- In the Network Access Configuration section of the Kibana Configuration page, check whether Private Network Access is turned on (indicated by the color green).
Notice
By default, Private Network Access is turned off (indicated by the color gray).
If Private Network Access is turned off, you cannot log on to the Kibana console over an internal network.
- If yes, go to the next step.
- If no, click Private Network Access to turn it on.
- Click Update next to Private Network Whitelist.
- Enter the IP address that you want to add in the text box.
You can add IP addresses or CIDR blocks. Enter IP addresses in the 192.168.0.1
format and CIDR blocks in the 192.168.0.0/24
format. Separate multiple IP addresses and CIDR blocks with commas (,). You can enter
127.0.0.1
to deny requests from all IPv4 addresses or enter 0.0.0.0/0
to allow requests from all IPv4 addresses.
- Click OK.