All Products
Search

This Product

    Hologres:IP whitelist

    Document Center

    Hologres:IP whitelist

    Last Updated:Jun 18, 2026

    You can enhance the security and stability of your Hologres instance by configuring an IP address whitelist in HoloWeb. This topic describes the configuration process.

    Usage notes

    Before you configure an IP address whitelist in HoloWeb, note the following:

    • The IP address whitelist feature is available only for Hologres V0.10.14 and later, excluding V2.0.4 to V2.0.5. You can check your instance version on the instance details page in the Hologres console or by executing theselect hg_version() statement. If your instance version is earlier than V0.10.14, you can request an upgrade by joining the Hologres DingTalk group. For more information, see How to get more online support?.

    • After you purchase a Hologres instance, if no IP address whitelist is configured, the instance accepts connections from all IP addresses by default.

    • Only a superuser can configure an IP address whitelist.

    • Whitelist settings apply only to new connections. Existing connections are not automatically disconnected when the whitelist configuration is modified. If you need to release the connections, see Release connections.

    • When you configure a data connection in HoloWeb, you must set the logon method to password-free logon to configure an IP address whitelist for the connection. For instructions on how to connect to a Hologres instance, see Connect to a Hologres instance. Click Test Connectivity to verify the network connection.

    • After you configure an IP address whitelist, DataStudio can no longer access the instance. To ensure normal access, you must add its corresponding group to the IP address whitelist by following the instructions in IP address whitelist.

    • If a connected Realtime Compute for Apache Flink project cannot access your instance, you must add its IP addresses and CIDR blocks to the database's IP address whitelist. For information about how to obtain the IP addresses and CIDR blocks for your Realtime Compute for Apache Flink project, see How do I configure a whitelist?.

    • You cannot configure an IP address whitelist on a read-only secondary instance. You must configure it on the primary instance. The read-only secondary instance and the primary instance share the same IP address whitelist configuration.

    • The IP address whitelist of the PostgreSQL database also controls access to HoloWeb features such as instance connection, the SQL editor, and user management. To use these features, add the required IP addresses to the PostgreSQL IP address whitelist as needed.

    • To connect to Hologres from servers deployed outside the Alibaba Cloud network, such as servers hosted on AWS or other third-party cloud platforms, use the public network endpoint. No dedicated leased line or VPN connection is required. To establish a connection, perform the following steps:

      1. Enable public network access for your Hologres instance. On the instance details page, go to the Network Information section and verify that the Internet network type is enabled.

      2. Obtain the public network endpoint and port from the Network Information section on the instance details page.

      3. Add the outbound (egress) IP address of your overseas server to the Hologres IP address whitelist. Make sure you add the outbound IP address of the server, not its private IP address.

      4. Connect to the Hologres instance by using the PostgreSQL protocol. Use your AccessKey ID as the username and your AccessKey secret as the password.

    Add an IP whitelist

    1. Log on to the Hologres console. In the top navigation bar, select a region.

    2. In the navigation pane on the left, click Go to HoloWeb to open the HoloWeb development interface.

    3. In HoloWeb, go to Security Center. In the navigation pane on the left, click IP address whitelist.

    4. In the upper-right corner of the page, click Add IP Address to Whitelist and configure the following parameters.

      Parameter

      Description

      Group

      A custom name for the group.

      If you set the logon method for the connection to password-free logon, you must also add the DataWorks Data Integration resource group to the IP address whitelist. Otherwise, you cannot use its features. Select the corresponding group name from the group drop-down list.

      Accessible databases

      Select the databases to which the whitelist applies. To include all user-created databases in the current instance (excluding system databases), select ALL.

      Users allowed

      Select the users to whom the whitelist applies. To include all users of the current instance, select ALL.

      IP address

      The IP addresses to add to the whitelist. Note the following formats:

      • To allow all IP addresses, enter ALL.

      • To specify a single IP address, enter it directly. Example: 192.168.0.1.

      • To specify a CIDR block, use CIDR notation. Example: 192.168.0.0/24 allows access from IP addresses in the range of 192.168.0.1 to 192.168.0.255.

      • To specify multiple IP addresses or CIDR blocks, enter each one on a new line.

    5. Click OK to save the configuration. Once configured, the whitelist allows access only from the specified IP addresses.

    Edit an IP whitelist

    You can modify an existing IP address whitelist. Currently, you can only change the IP addresses. To change the database or user restrictions, you must create a new whitelist.

    Note

    Only a superuser can edit an IP address whitelist.

    1. In HoloWeb, go to Security Center. In the navigation pane on the left, click IP address whitelist.

    2. On the IP address whitelist management page, find the whitelist you want to modify and click Edit in the Actions column.

    3. In the Edit IP Whitelist panel, modify the IP address information. For more information about how to configure IP addresses, see Add an IP address whitelist.

    4. Click OK to save the configuration.

    Delete an IP whitelist

    You can delete an IP address whitelist if it is no longer needed. If you delete all IP address whitelists, the instance reverts to its default state and accepts connections from any IP address.

    Note

    Only a superuser can delete an IP address whitelist.

    1. In HoloWeb, go to Security Center. In the navigation pane on the left, click IP address whitelist.

    2. On the IP address whitelist management page, find the whitelist you want to delete and click Delete in the Actions column.

    3. In the confirmation message that appears, click OK.

    FAQ

    An error occurs when I configure an IP address whitelist.

    • Symptom: An error occurs when you try to configure an IP address whitelist for an instance. The error message is:

      ERROR: commit ddl phase1 failed: DDLWrite is not allowed on replica

    • Cause: You are trying to configure the IP address whitelist on a read-only secondary instance, which is not supported.

    • Solution: Configure the IP address whitelist on the primary instance. The primary instance and its read-only secondary instances share the same whitelist configuration.