All Products
Search

This Product

    API Gateway:Set gateway IP blacklist and whitelist

    Document Center

    API Gateway:Set gateway IP blacklist and whitelist

    Last Updated:Dec 03, 2025

    Gateway IP blacklists and whitelists are a security protection feature of AI Gateway. You can configure these lists to deny or allow access requests from specific IP addresses. For fine-grained access control, AI Gateway supports IP blacklists and whitelists at the global, domain, and route levels. This topic describes how to set up blacklists and whitelists for AI Gateway.

    Procedure

    1. Log on to the AI Gateway console.

    2. In the navigation pane on the left, choose Instance. In the top menu bar, select a region.

    3. On the Instance page, click the target instance ID.

    4. In the navigation pane on the left, click Security Management > Blacklist/Whitelist.

    5. In the upper-left corner of the page, click Create. On the Create page, configure the parameters, and then click Save.

      Parameter

      Description

      Enable

      Specifies whether to enable the blacklist/whitelist configuration.

      Name

      A custom name for the IP access control policy.

      Remarks

      You can add a remark for IP access control.

      Type

      Select the type of IP access control policy as needed.

      • Whitelist (Allows Access from Specific IP Addresses): Only trusted source IP addresses are allowed to access the gateway.

      • Blacklist (Denies Access from Specific IP Addresses): Blocks source IP addresses of unfriendly access to the gateway.

      Effective Level

      Specifies the network layer where the access control policy is enforced in the gateway. The following options are available: Application Layer (HTTP/HTTPS) and Transport Layer (TCP/UDP).

      • Application Layer (HTTP/HTTPS): (Default) The gateway allows clients to establish a connection, and then allows or blocks traffic based on the IP information in the request.

      • Transport Layer (TCP/UDP): The gateway checks the client IP address during the TCP connection setup. It directly denies connection requests from unauthorized IP addresses and does not proceed with application-layer processing.

      Granularity

      The scope of the IP access control policy.

      • Global: Applies to the gateway instance.

      • Domain Name: Applies to a specific domain name.

        Note

        For whitelists, the effective scope is the intersection of the whitelist configurations.

        For blacklists, the effective scope is the union of the blacklist configurations.

      IP Address/CIDR Block

      Enter the source IP addresses or CIDR blocks for the access control policy.