edit-icon download-icon

Set IP whitelists

Last Updated: Dec 14, 2017

Background

To guarantee database security and stability, you must add IP addresses or IP address segments used for database access to the whitelist of the target instance before using ApsaraDB for Memcache. Correct use of the whitelist improves access security protection for ApsaraDB for Memcache. We recommend that the whitelist be regularly maintained. This document describes mainly procedure for setting the whitelist.

Notes:

  • The ECS and Memcache instances you want to add to the whitelist must be in the same region.

  • If an application needs to access multiple ApsaraDB for Memcache instances on the same ECS server, you can bind an IP address with multiple Memcache instances.

Procedure

  1. Log on to the Memcache console.

  2. On the Instance List page, locate the target instance.

  3. Click the instance ID or Operation bar > Manage option to enter the Instance Information page.

  4. Select Security Settings from the left-side navigation pane and click Modify in the default whitelist group.

    Note: If you want to use the custom group, please click Clear in the default whitelist group to delete the IP address 127.0.0.1 from the default group, and then click Add Whitelist Group to create a custom group. The remaining procedure are similar to the following steps.

  5. In the Modify Whitelist Group window, enter Group Name and In-group Whitelist IP address list, and click OK.

    Notes:

    • Be sure to remove 0.0.0.0/0 when you modify the whitelist. As 0.0.0.0/0 allows access from all IP addresses, and it may cause serious security issues.

    • The setting in the following figure is incorrect, as 0.0.0.0/0 includes 1.1.1.1 (covering all other IP addresses), so it has the same effect as the setting of 0.0.0.0/0.

    ipwhite1.png

    Parameter descriptions:

    • Group name: The group name contains 2 to 32 characters which consist of lowercase letters, digits, or underscores. The group name must start with a lowercase letter and end with a letter or digit. When you have successfully created a whitelist group, its name can no longer be modified.

    • In-group whitelist: Enter the IP address or IP segment that can access the Memcache instance. To allow all IP addresses to access the database, set the whitelist to 0.0.0.0/0. To disable database access from all IP addresses, set the whitelist to 127.0.0.1.

      • If you enter an IP segment, e.g. 10.10.10.0/24, it indicates that all IP addresses in the 10.10.10.X segment can access this Memcache instance.

      • If you must add multiple IP addresses, please use an English comma to separate them, and no space is allowed before or after the comma.

      • You can add 1000 IP addresses to each whitelist group.

Thank you! We've received your feedback.