This topic describes how to configure a whitelist in the ApsaraDB for ClickHouse console.

Background information

After an ApsaraDB for ClickHouse cluster is created, you must configure a whitelist for the cluster to allow external devices to access the cluster. The default whitelist contains only default IP address, which indicates that no devices are allowed to access the cluster.

Whitelists help enhance access security of ApsaraDB for ClickHouse clusters. We recommend that you maintain whitelists on a regular basis. The configurations of whitelists do not affect the normal operating of ApsaraDB for ClickHouse clusters.


  1. Use an Alibaba Cloud account to log on to the ApsaraDB for ClickHouse console.
  2. In the upper-left corner of the page, select the region where the cluster for which you want to configure a whitelist is deployed.
  3. On the Clusters page, click the ID of the cluster.
  4. In the left-side navigation pane, click Data Security.
  5. Click Create Whitelist Group to create a custom group.
    • You can specify a specific IP address. For example, you can enter, which allows access from to the cluster.
    • If you enter a CIDR block such as, access from IP addresses in the 10.10.10.X format to the cluster is allowed.
    • If you enter more than one IP address or CIDR block, you must separate the IP addresses or CIDR blocks with commas (,). Do not add spaces before or after the commas. Example:,
    • To ensure data security, do not enter IP address or CIDR block
    • After the whitelist is configured, the whitelist configurations take effect in 1 minute.
  6. To modify the created whitelist, click Modify in the Actions column that corresponds to the whitelist. In the Modify Whitelist Group panel, modify the whitelist group. Click OK.