All Products
Search

This Product

    Simple Message Queue (formerly MNS):Access control

    Document Center

    Simple Message Queue (formerly MNS):Access control

    Last Updated:Feb 28, 2026

    Simple Message Queue (SMQ, formerly MNS) access control restricts which clients can reach your service over public endpoints. You can limit public access to specific IP addresses or CIDR blocks, or block all public access and require connections through a virtual private cloud (VPC).

    Access control operates in two modes:

    • Disable public endpoint: Block all public access. Clients can only reach SMQ through a VPC.

    • Enable public endpoint with an IP address whitelist: Only clients whose IP addresses or Classless Inter-Domain Routing (CIDR) blocks appear in the whitelist can access SMQ over public endpoints. VPC access is not affected.

    Supported regions

    Access control is available in the following regions:

    • China (Beijing)

    • China (Shanghai)

    • China (Guangzhou)

    Prerequisites

    Before you begin, make sure that you have:

    • An Alibaba Cloud account

    • Access to the SMQ console

    • The IP addresses or CIDR blocks to whitelist (if restricting public access)

    Create an IP address whitelist

    1. Log on to the SMQ console. In the left-side navigation pane, click Access Control.

    2. In the top navigation bar, select a region. Example: China (Beijing).

    3. On the Access Control page, click Create an IP address whitelist on the Public Endpoint tab.

    4. In the Create an IP address whitelist panel, enter one or more IP addresses or CIDR blocks, then click OK.

      Note

      Separate multiple IP addresses or CIDR blocks with semicolons (;) or commas (,).

    View the IP address whitelist

    1. On the Access Control page, click the Public Endpoint tab.

    2. Review the allowed IP addresses and CIDR blocks in the IP Address Whitelist list.

    Delete an entry from the IP address whitelist

    1. On the Access Control page, click the Public Endpoint tab.

    2. In the IP Address Whitelist list, find the IP address or CIDR block to remove and click Delete in the Actions column.

    3. In the Delete IP Whitelist dialog box, click OK.

      Important

      After deletion, clients using the removed IP address or CIDR block can no longer access SMQ service. Proceed with caution.

    Disable public endpoint access

    Disable public access entirely to restrict all connections to VPC only.

    1. On the Access Control page, click the Public Endpoint tab.

    2. Turn off Allow Access next to Access Control.

    3. In the Are you sure you want to deny all accesses from the public IP address? dialog box, read the warning and click OK.

      Important

      When Allow Access is off, all requests from public endpoints are blocked and an error code is returned. Proceed with caution.