All Products
Search

This Product

    ApsaraMQ for Kafka:Whitelist management

    Document Center

    ApsaraMQ for Kafka:Whitelist management

    Last Updated:Dec 07, 2025

    Message Queue for Confluent supports configuring public IP address whitelists, allowing clients from specific IP address ranges to connect to Message Queue for Confluent instances.

    Function introduction

    Message Queue for Confluent supports configuring IP address whitelists for specified services of an instance.

    If the whitelist is empty, IP addresses from all network segments are allowed to access.

    If an IP address whitelist is configured, only clients within the whitelist range are allowed to access the Message Queue for Confluent instance.

    Notes

    • You can configure IP address whitelists for a Message Queue for Confluent instance only after public network access is enabled for the instance.

    • Services that support whitelist configuration include the following: CONNECTOR, CONTROL_CENTER, KAFKA, and SCHEMA_REGISTRY.

    • After you remove an IP address from the whitelist, the corresponding client will not be able to connect to the specified service of the Message Queue for Confluent instance. Please operate with caution.

    Add IP address whitelists

    1. Log on to the ApsaraMQ for Confluent console. In the left-side navigation pane, click Instances.

    2. On the Instances page, click the name of the instance that you want to manage.

    3. On the Instance Details page, click Whitelist Management in the left operation bar.

    4. Click the tab of the service that you want to configure, and then select one of the following methods to add a whitelist.

      Add a single entry

      1. On the Whitelist Management page, click Add Whitelist IP.

      2. In the Add Whitelist IP panel, configure the following parameters, and then click OK.

        • Policy Name: Enter a policy name.

        • Whitelist IP: Enter a single IP address or an IP address range.

      Add multiple entries at a time

      1. On the Whitelist Management page, click Add Multiple Whitelists.

      2. In the Add Multiple Whitelists panel, enter the configuration content in the following format, and then click OK.

        • Each entry occupies one line, separated by a carriage return.

        • The IP address/IP address range and policy name in each entry are separated by a VERTICAL LINE (|), for example, 192.168.1.0/24|Policy Name.

        • You can add up to 50 entries at a time.

    View whitelist lists

    On the Whitelist Management page, click the tab of the service that you want to view to see the whitelist list for that service.

    Delete IP address whitelists

    1. On the Whitelist Management page, click the tab of the service that you want to configure.

    2. In the policy list, find the whitelist policy that you want to delete, and click Delete in the Operation column.

    3. In the Delete dialog box, click Confirm.

    References

    For more information, see Access links and ports.