All Products
Search

This Product

    ApsaraDB for HBase:Configure a whitelist

    Document Center

    ApsaraDB for HBase:Configure a whitelist

    Last Updated:Mar 28, 2026

    By default, a newly created ApsaraDB for HBase cluster is inaccessible. To allow client access, add the client's IP address to the cluster's IP address whitelist, or associate the cluster with the Elastic Compute Service (ECS) security groups that your clients belong to.

    Prerequisites

    Before you begin, ensure that you have:

    • An ApsaraDB for HBase cluster

    Choose a method

    MethodBest for
    IP address whitelistAllowing access from specific IP addresses or CIDR blocks
    ECS security groupsAllowing access from multiple ECS instances without managing individual IP addresses

    Add an IP address whitelist

    1. Log on to the ApsaraDB for HBase console.

    2. In the top navigation bar, select the region where your cluster is deployed.

    3. On the Clusters page, find the cluster and click its ID.

    4. In the left-side navigation pane, click Access Control.

    5. On the Whitelist Setting tab, click Modify Whitelist.

      Access control

    6. In the Modify Whitelist dialog box, enter the IP addresses or CIDR blocks to allow, then click OK.

    Important

    Keep the following in mind when configuring the whitelist:

    • The default whitelist contains only 127.0.0.1, which blocks all external clients. Replace it with the IP addresses of your clients.

    • Do not enter 0.0.0.0 or 0.0.0.0/0. These values allow access from all IP addresses and pose a high security risk.

    • To access open source components over the internet, enter the public IP address of your client.

    Add ECS security groups as whitelists

    Associating security groups with your cluster allows all ECS instances in those groups to connect, without requiring you to manage individual IP addresses. For more information about security groups, see Overview.

    Note

    The ECS instances in the specified security groups must have the same network type as the cluster. If the cluster is deployed in a virtual private cloud (VPC), the ECS instances must be in the same VPC.

    1. Log on to the ApsaraDB for HBase console.

    2. In the top navigation bar, select the region where your cluster is deployed.

    3. On the Clusters page, find the cluster and click its ID.

    4. In the left-side navigation pane, click Access Control.

    5. On the Security Group tab, click Add Security Group.

      Click the Security Group tab

    6. In the Join Security Group dialog box, select the security groups to add, then click OK.