All Products
Search

This Product

    ApsaraMQ for RocketMQ:Configure IP address whitelists

    Document Center

    ApsaraMQ for RocketMQ:Configure IP address whitelists

    Last Updated:Mar 11, 2026

    IP address whitelists specify whether clients can access ApsaraMQ for RocketMQ instances. You can configure an IP address whitelist for an instance to allow only clients in specific CIDR blocks to access the instance.

    By default, the whitelist contains 0.0.0.0/0, which allows connections from all IP addresses. After you add specific entries, the instance accepts connections only from those IP addresses.

    The following entry types are supported:

    Entry typeExample
    Public IP address203.0.113.1
    Internal IP address192.168.1.100
    CIDR block10.0.0.0/24
    Important

    Removing an entry immediately blocks the corresponding client. Before you modify the whitelist, make sure your own IP address remains in the list to avoid locking yourself out.

    Prerequisites

    Before you begin, make sure that you have:

    • An ApsaraMQ for RocketMQ instance

    • Permissions to manage access control settings for the instance

    Add IP addresses or CIDR blocks

    1. Log on to the ApsaraMQ for RocketMQ console. In the left-side navigation pane, click Instances.

    2. In the top navigation bar, select a region, such as China (Hangzhou). On the Instances page, click the name of the instance that you want to manage.

    3. In the left-side navigation pane, click Access Control.

    4. On the Access Control page, click the IP Address Whitelist tab, and then click Add IP Address.

    5. In the Add IP Address panel, enter the IP addresses or CIDR blocks and click OK.

      Note

      Separate multiple entries with semicolons (;) or commas (,).

    View the IP address whitelist

    1. Log on to the ApsaraMQ for RocketMQ console. In the left-side navigation pane, click Instances.

    2. In the top navigation bar, select a region, such as China (Hangzhou). On the Instances page, click the name of the instance that you want to manage.

    3. In the left-side navigation pane, click Access Control.

    4. On the Access Control page, click the IP Address Whitelist tab to view all entries.

    Delete an IP address or CIDR block

    Important

    After you delete an entry, clients with that IP address or CIDR block can no longer access the instance. Make sure no active clients depend on the entry before you proceed.

    1. On the Access Control page, click the IP Address Whitelist tab.

    2. Find the entry that you want to remove and click Delete in the Actions column.

    3. In the Confirm Deletion dialog box, click OK.

    Related API operations

    Use the following API operations to manage IP address whitelists programmatically:

    API operationDescription
    CreateInstanceIpWhitelistAdd entries to a whitelist
    ListInstanceIpWhitelistQuery whitelist entries
    DeleteInstanceIpWhitelistRemove entries from a whitelist