All Products
Search

This Product

    ApsaraDB for SelectDB:Configure a whitelist

    Document Center

    ApsaraDB for SelectDB:Configure a whitelist

    Last Updated:Feb 04, 2026

    To ensure the security and stability of ApsaraDB for SelectDB databases, the system blocks all IP addresses from accessing ApsaraDB for SelectDB instances by default. Before using an ApsaraDB for SelectDB instance, add the IP addresses or CIDR blocks that need to access the instance to its whitelist.

    Usage notes

    • IP addresses in a whitelist can access your instance. To ensure a high level of access security, maintain the whitelist regularly.

    • The default whitelist group (default) cannot be deleted. You can only modify or delete IP addresses within it. This group initially contains only the IP address 127.0.0.1.

    • Whitelist count:

      • An instance can have a maximum of 200 IP addresses and CIDR blocks in its whitelists.

      • A single whitelist group can contain a maximum of 50 IP addresses and CIDR blocks.

    • Changes to a whitelist, such as adding, modifying, or deleting IP addresses or CIDR blocks, take about one minute to take effect.

    Important

    • Adding 0.0.0.0/0 to a whitelist allows all IP addresses to access the instance. This action creates a high security risk and can lead to unauthorized access. Use this setting with caution.

    • After you configure a whitelist, IP addresses in the whitelist can access related APIs for the ApsaraDB for SelectDB instance. For more information, see OPENAPI OVERVIEW.

    Instance impact

    Configuring a whitelist does not affect the normal operation of an ApsaraDB for SelectDB instance.

    Procedure

    1. Log on to the ApsaraDB for SelectDB console.

    2. In the upper-left corner of the page, select the region where the instance is located.

    3. On the Instance List page, click the ID of the target instance in the Instance ID column.

    4. On the Instance Details page, click Data Security in the navigation pane on the left.

    5. On the whitelist group page, click Modify in the Actions column for the default group.

      Note

      Alternatively, click Create Whitelist Group. In the Create Whitelist Group panel, set Group Name and Whitelist.

    6. In the Modify Whitelist Group panel, add IP addresses or CIDR blocks.

      Note

      The IP address of a machine within a corporate office network often changes. The displayed IP address may not be the correct one. You can use a professional IP lookup service to determine the originating IP address. For example, see whatsmyip.

    7. Click OK.

      After the IP addresses or CIDR blocks are added, you can view them on the whitelist group page.

    What to do next