All Products
Search
Document Center

API Gateway:Configure gateway IP blacklists and whitelists

Last Updated:May 27, 2026

Cloud-native API Gateway supports IP blacklists and whitelists at the gateway, domain, and route levels to control which source IP addresses can access your services.

  1. Log on to the API Gateway console.

  2. In the left-side navigation pane, click Cloud-native API Gateway > Instance. In the top navigation bar, select a region.

  3. On the Instance page, click the name of the target instance.

  4. In the left-side navigation pane, click Security Management > Blacklist/Whitelist.

  5. Click Create. On the Create page, configure the following parameters and click Save.

    Parameter

    Description

    Enable

    Enable or disable the policy.

    Name

    A custom name for the policy.

    Remarks

    A description of the policy.

    Type

    The policy type.

    • Whitelist (Allows Access from Specific IP Addresses): Only listed IP addresses are allowed access.

    • Blacklist (Denies Access from Specific IP Addresses): Listed IP addresses are blocked.

    Effective Level

    The network layer at which the policy takes effect.

    • Application Layer (HTTP/HTTPS) (default): The gateway establishes a connection first, then inspects the request IP to allow or block traffic.

    • Transport Layer (TCP/UDP): The gateway checks the client IP during TCP handshake and rejects unauthorized connections before traffic reaches the application layer.

    Granularity

    The resource scope to which the policy applies.

    • Global: Applies to the gateway instance.

    • Domain Name: Applies to traffic for a specified domain name.

    • Routes: Applies to traffic for a specified route.

      Note
      • Whitelist: effective scope is the intersection — an IP must match all applicable whitelist policies to be allowed.

      • Blacklist: effective scope is the union — an IP is blocked if it matches any applicable blacklist policy.

    IP Address/CIDR Block

    Source IP addresses or CIDR blocks to allow or block.