edit-icon download-icon

Set IP whitelists

Last Updated: Jan 11, 2018

Background

To guarantee database security and stability, you must add IP addresses or IP address segments used for database access to the whitelist of the target instance before using ApsaraDB for Redis. Correct usage of the whitelist improves access security protection for ApsaraDB for Redis. We recommend that the whitelist be regularly maintained.

Prerequisites

The whitelist feature works properly only with the support by a specific kernel version. If the instance version is not the latest, you are prompted a messsage, while you set up a whitelist. For instructions on minor version upgrade, see Upgrade minor versions.

Procedure

  1. Log on to the Redis console and find the target instance.

  2. Click the instance ID or Manage to go to the Instance Information page.

  3. Select Security Settings from the left-side navigation pane, and click Modify of the default whitelist group.

    Note: If you want to add a custom whitelist group to the Redis instance, you can click Add a Whitelist Group. The setting steps for a custom whitelist are similar to the following step.

  4. In the Modify Whitelist Group window, enter Group Name and Intra-group Whitelist, and click OK.

    Parameters description:

    • Group Name: It can contain 2 to 32 characters, including lowercase letters, digits, or underscores. The group name must start with a lowercase letter and end with a letter or digit. This name cannot be modified when the whitelist group is successfully created.

    • Whitelist: You can enter the custom IP addresses or IP segments that can access the Redis instance. To allow all IP addresses to access the database, set the whitelist to 0.0.0.0/0. To disable database access from all IP addresses, set the whitelist to 127.0.0.1.

      • If you enter an IP segment, such as 10.10.10.0/24, it indicates that any IP address in the format of 10.10.10.X can access the Redis instance.

      • To enter multiple IP addresses or IP segments, separate them by commas. Do not add blank spaces before or after the commas.

      • For one instance, up to 1,000 IP addresses or IP segments can be set.

Thank you! We've received your feedback.