All Products
Search

This Product

    Management Console:Configure a local firewall or proxy to access Alibaba Cloud services

    Document Center

    Management Console:Configure a local firewall or proxy to access Alibaba Cloud services

    Last Updated:Sep 10, 2025

    In an enterprise IT environment, network access may be strongly restricted by firewall or proxy policies. To ensure stable access to Alibaba Cloud services, such as the Alibaba Cloud official website, console, API operations, and SDKs, you must add specific Alibaba Cloud domain names to the whitelist of the network access control list. This topic lists the necessary domain names and configuration guidelines to prevent service interruptions caused by network restrictions.

    Usage notes

    • Configure a domain name

      Make sure to use a fully qualified domain name (FQDN), not an IP address. This prevents dynamic changes of IP addresses caused by traffic scheduling or switchover. We recommend using wildcards (such as *.aliyun.com) to simplify configuration and override future subdomains.

    • Open a specified port

      Alibaba Cloud services mainly communicate through HTTPS (TCP 443 port). Make sure that your firewall or proxy policies allow traffic on this port.

    • Follow the principle of least privilege

      Add only the domain names you need to the whitelist, to avoid unauthorized access.

    • Regular audit and update

      Periodically review network access logs to identify and add domain names that were missed in the policy. Also, watch for official updates from Alibaba Cloud about whitelist configuration adjustments.

    Core domain names

    Note

    In the firewall or proxy server, open TCP port access for HTTPS (443) for the following domain names. If you want to access some domain names over HTTP, open TCP port 80 for those domain names.

    CDN and static resources

    Load CSS and JS files, images, frontend SDKs, and video resources of Alibaba Cloud sites. 

    *.alicdn.com
*.tbcdn.cn
alicdn.com
tbcdn.cn
cloud.video.taobao.com
*.insights.1688.com
insights.1688.com
retcode.taobao.com
webapi.amap.com

    Alibaba Cloud core services

    Access the Alibaba Cloud official website, console, make payments, and call API service endpoints. 

    *.alibabacloud.com
*.aliyun.com
*.aliyuncs.com
alibabacloud.com
aliyun.com
aliyuncs.com
ynuf.alipay.com

    Monitoring and analysis

    Perform traffic log entry and security detection for frontend pages. 

    *.mmstat.com
mmstat.com
ynuf.aliapp.org
fourier.alibaba.com
sgynuf.alibaba.com
sg-wum.alibaba.com
s1fckjo.alibaba.com
fourier.taobao.com

    FAQ

    Why won't the page load or function properly?

    1. On the page where the problem occurs, press the F12 to open the browser developer tool and switch to the Network tab.

    2. Refresh the page to find requests with a status of blocked or failed.

    3. Add the blocked domain names to the whitelist.

    Why is API or SDK access failing?

    • View blocking logs on the egress agent or firewall.

    • Check whether the preceding domain name or service endpoint in the region is hit, and release the data as needed.

    Why did DNS resolution fail?

    • Check whether the enterprise DNS can resolve the domain name.

    • If necessary, allow the external DNS resolution path or configure internal forwarding.

    Why should I do if I get an HTTPS decryption error?

    • Check whether the firewall performs SSL/TLS decryption on the Alibaba Cloud domain name.

    • Add the problematic domain name to the decryption-exempt list, or strengthen the certificate trust chain.