To guarantee secure access to a Container Registry Enterprise Edition instance over
the public network, you must configure a whitelist for the public network.
Prerequisites
After a Container Registry Enterprise Edition instance is created, it is inaccessible
over the public network by default. Therefore, you must enable access over the public
network before configuring the whitelist for the public network.
Note After you enable access over the public network, the Classless Inter-Domain Routing
(CIDR) block 127.0.0.1/32 is automatically added to the whitelist.

Procedure
- Log on to the Container Registry console. In the top navigation bar, select the target region.
- In the left-side navigation pane, choose .
- On the Instances page, click the Container Registry Enterprise Edition instance to be configured.
- In the left-side navigation pane, choose .
Note If you want to configure access control for Helm charts, choose .
- On the Internet tab, click Add Internet Whitelist.
- In the Add Internet Whitelist dialog box that appears, enter the CIDR block that is allowed to access the Container
Registry Enterprise Edition instance and its description.
- Click OK.
After the CIDR block is added, Elastic Compute Service (ECS) instances in the CIDR
block can access the Container Registry Enterprise Edition instance.
Notice If you want to allow all ECS instances on the public network to access the Container
Registry Enterprise Edition instance, enable access over the public network but delete
all items from the whitelist. If you do so, the Container Registry Enterprise Edition
instance is completely exposed to the public network and may be attacked. Perform
this operation with caution.