All Products
Search

This Product

    API Gateway:Configure gateway IP blacklists and whitelists

    Document Center

    API Gateway:Configure gateway IP blacklists and whitelists

    Last Updated:Dec 04, 2025

    IP blacklists and whitelists are a security protection feature of Cloud-native API Gateway. A blacklist denies requests from specific IP addresses, and a whitelist allows requests only from specific IP addresses. To provide fine-grained access control, Cloud-native API Gateway supports IP blacklists and whitelists at the global, domain name, and routing levels. This topic describes how to configure a blacklist or whitelist for a Cloud-native API Gateway instance.

    1. Log on to the API Gateway console.

    2. In the left-side navigation pane, click Cloud-native API Gateway > Instance. In the top navigation bar, select a region.

    3. On the Instance page, click the name of the target gateway instance.

    4. In the navigation pane on the left, click Security Management > Blacklist/Whitelist.

    5. In the upper-left corner of the page, click Create. On the Create page, configure the parameters and then click Save.

      Parameter

      Description

      Enable

      Specifies whether to enable the blacklist or whitelist.

      Name

      Enter a name for the IP access control policy.

      Remarks

      Enter remarks for the IP access control policy.

      Type

      Select the type of IP access control.

      • Whitelist (Allows Access from Specific IP Addresses): Allows access only from trusted source IP addresses.

      • Blacklist (Denies Access from Specific IP Addresses): Blocks access from specific source IP addresses.

      Effective Level

      The network level where the access control policy takes effect. The following options are available: Application Layer (HTTP/HTTPS) and Transport Layer (TCP/UDP).

      • Application Layer (HTTP/HTTPS): This is the default level. The gateway allows a client to establish a connection. It then determines whether to allow or block traffic based on the IP information in the request.

      • Transport Layer (TCP/UDP): The gateway checks the client IP address when the TCP connection is established. It immediately denies connection requests from invalid IP addresses. The application-layer processing does not proceed.

      Granularity

      The scope where the IP access control policy takes effect.

      • Global: The policy applies to the gateway instance.

      • Domain Name: The policy applies to a specific domain name.

      • Routes: The policy applies to a specific route.

        Note

        • For whitelists, the effective scope is the intersection of the whitelist configurations.

        • For blacklists, the effective scope is the union of the blacklist configurations.

      IP Address/CIDR Block

      Enter the source IP addresses or CIDR blocks.