All Products
Search

This Product

    Lindorm:Configure whitelists

    Document Center

    Lindorm:Configure whitelists

    Last Updated:Nov 30, 2023

    By default, a Lindorm instance cannot be accessed by any device to ensure the security and stability of Lindorm. Therefore, you must configure a whitelist for an Lindorm instance in advance to allow specific devices to access the instance. The security of Lindorm instances can be enhanced if whitelists are properly configured. We recommend that you update the whitelists on a regular basis.

    Before you begin

    Before you configure an IP whitelist for a Lindorm instance, obtain the IP addresses of the clients from which you want to allow access to the instance based on the locations on which the clients are deployed.

    Client location

    Network type

    How to obtain the IP address of a client

    (Recommended) Elastic Compute Service (ECS) instance

    VPC

    Check the IP address of the ECS instance. For more information, see How do I query the IP addresses of ECS instances?

    Note

    Make sure that the ECS instance and the Lindorm instance are within the same VPC.

    On-premises device

    Internet

    Select one of the following methods based on the operating system of the on-premises device:

    • Linux operating system: Run the curl ipinfo.io |grep ip command on the on-premises device to obtain its public IP address.

    • Windows: Visit this website on the on-premises device to obtain its public IP address.

    Procedure

    Warning

    If you add the IP address 0.0.0.0/0 to the whitelist, the Lindorm instance can be accessed from all IP addresses, which imposes security risks for Lindorm. Therefore, do not add the IP address 0.0.0.0/0 to the whitelist.

    1. Log on to the Lindorm console.

    2. In the upper-left corner of the page, select the region where the instance is deployed.

    3. On the Instances page, click the ID of the instance that you want to manage or click Manage in the Actions column corresponding to the instance.

    4. In the left-side navigation pane, click Access Control.

    5. On the page that appears, click Create Whitelist.

    6. On the Create Whitelist dialog box, configure Whitelist Name and Whitelist.

      Important

      • A whitelist name can contain only letters, digits, and underscores (_).

      • You can specify IP addresses or Classless Inter-Domain Routing (CIDR) blocks in the following formats:

        • A single IP address in the 192.0.XX.XX format.

        • A CIDR block that specifies IP address ranges. For more information about CIDR, see What is CIDR? For example, you can add 192.0.XX.XX/24 to the whitelist. The suffix /24 indicates that the network prefix of the CIDR block is 24 bits in length. The value of the suffix ranges from 1 to 32.

      • Separate multiple IP addresses or CIDR blocks with commas (,).

      • If you add 127.0.0.1 to the whitelist, all IP addresses are prohibited from accessing the Lindorm instance.

    7. Click OK.

      After a whitelist is configured, you can click Modify Group in the Actions column corresponding to the whitelist to modify the IP addresses or CIDR blocks in the whitelist. You can create multiple whitelists to manage access from different IP addresses and CIDR blocks.