edit-icon download-icon

Set up a whitelist

Last Updated: May 13, 2018

You must set up the whitelist before starting an instance. Add IP addresses or IP segments that are allowed to access a database to ensure security and stability.

Background

There are three scenarios for accessing HybridDB for PostgreSQL databases:

  • Access from the Internet.
  • Access from the intranet. The network types of HybridDB for PostgreSQL and ECS instances must be identical.
  • Access from the intranet and Internet at the same time. The network types of HybridDB for PostgreSQL and ECS instances must be identical, and the access mode must be Safe Connection Mode.

Note: To set the network type, see Set the Network Type.

Procedure

  1. Log on to the HybridDB for PostgreSQL console.

  2. Select the region where the target instance is located.

  3. Click the ID of the instance to go to the Basic Information page of the instance.

  4. In the left-side navigation pane, click Security Controls.

  5. In the Whitelist Settings page, click Modify under the default whitelist group to go to the Modify Group page.

    Note: You can also click Clear under the default whitelist group to clear the IP addresses included, and then click Add Whitelist Group to create a custom group.

  6. Delete the default address 127.0.0.1 from the whitelist and then enter a custom whitelist. Parameters are described as follows:

    • Group Name: The group name contains 2 to 32 characters, and consists of lowercase letters, numbers, or underscores (_). The group name must start with a lowercase letter and end with a letter or number. The default group name cannot be modified or deleted.

    • Whitelist: Enter the IP addresses or IP segments that are allowed to access the database. IP addresses or IP segments are separated by commas (,).

      • The whitelist can contain IP addresses (for example, 10.10.10.1) or IP segments (for example, 10.10.10.0/24, which indicates that any IP address in the format of 10.10.10.X can access the database).

      • % or 0.0.0.0/0 indicates that any IP address is allowed to access the database.

        Note: We recommend that you not use this configuration unless necessary, because it can greatly reduce database security.

      • After an instance is created, the local loopback IP address 127.0.0.1 is added to the default whitelist, which prevents all external IP addresses from accessing the instance.

    • Choose an existing ECS IP Address: Click it to display all the ECS instances belonging to the same account. You can select ECS IP addresses to add the ECS instances to the whitelist.

  7. Click OK to add the whitelist.

Next

The whitelist provides an advanced access protection for HybridDB for PostgreSQL. So, we recommend that you maintain the whitelist on a regular basis.

During the subsequent operations, you can click Modify under the group name to modify an existing group, or click Delete to delete an existing custom group.

Thank you! We've received your feedback.