All Products
Search

This Product

    PolarDB:Set a global IP address whitelist template

    Document Center

    PolarDB:Set a global IP address whitelist template

    Last Updated:Mar 30, 2026

    Global IP address whitelist templates let you define a shared set of IP addresses once and apply them across multiple PolarDB clusters. Any update to a template propagates to all associated clusters automatically, so you maintain one source of truth instead of updating each cluster's whitelist separately.

    This feature is supported by PolarDB for MySQL, PolarDB for PostgreSQL, and PolarDB PostgreSQL (Oracle-compatible).

    Limits

    • A cluster can only be associated with templates from the same region.

    • A single template can contain up to 1,000 IP addresses.

    • A cluster can be associated with multiple templates, and a template can be associated with multiple clusters.

    • Modifying a template updates the whitelist for all associated clusters.

    • Deleting a template removes the whitelist configurations from all associated clusters. To avoid losing database connectivity, disassociate all clusters from a template before deleting it.

    Create an IP address whitelist template

    1. Log on to the PolarDB console.

    2. In the upper-left corner, select the region where your cluster is deployed.

    3. In the left navigation pane, choose Template Management > IP Whitelist Template.

    4. Click Create IP Whitelist Template.

    5. Enter an IP Whitelist Template Name and the IP Addresses for the whitelist.

      Note

      The template name must meet the following requirements:

      • Consists of lowercase letters, digits, and underscores (_)

      • Starts with a letter and ends with a letter or a digit

      • Is 2 to 120 characters in length

    6. Click OK.

    Modify an IP address whitelist template

    Important

    Changes to a template apply immediately to all associated clusters. Before modifying a template, check which clusters are associated with it on the IP Whitelist Template page.

    1. Log on to the PolarDB console.

    2. In the upper-left corner, select the region where your cluster is deployed.

    3. In the left navigation pane, choose Template Management > IP Whitelist Template.

    4. Find the template and click Modify in the Actions column.

    5. Add or remove IP addresses as needed, then click OK.

    6. In the confirmation dialog box, click OK.

    Delete an IP address whitelist template

    Warning

    Deleting a template removes its whitelist configurations from all associated clusters, which may interrupt database connections. Before deleting, disassociate all clusters from the template first. To disassociate clusters, see Disassociate an IP address whitelist template.

    1. Log on to the PolarDB console.

    2. In the upper-left corner, select the region where your cluster is deployed.

    3. In the left navigation pane, choose Template Management > IP Whitelist Template.

    4. Find the template and click Delete in the Actions column.

    5. In the confirmation dialog box, click Delete.

    Associate an IP address whitelist template

    1. Log on to the PolarDB console.

    2. In the upper-left corner, select the region where your cluster is deployed.

    3. Find the target cluster and click its ID.

    4. In the left navigation pane, choose Configuration and Management > Cluster Whitelist.

    5. On the Cluster Whitelist page, click Associate IP Whitelist Template.

    6. In the Associate IP Whitelist Template dialog box, select the template and click OK.

    Disassociate an IP address whitelist template

    1. Log on to the PolarDB console.

    2. In the upper-left corner, select the region where your cluster is deployed.

    3. Find the target cluster and click its ID.

    4. In the left navigation pane, choose Configuration and Management > Cluster Whitelist.

    5. On the Cluster Whitelist page, find the template and click Disassociate in the Actions column.

    6. In the confirmation dialog box, click OK.

    FAQ

    How do I block a specific IP address from accessing a PolarDB for MySQL database?

    PolarDB for MySQL does not have an IP blacklist feature. Use one of the following approaches instead.

    Option 1: Use the whitelist to restrict access (recommended)

    Add only trusted IP addresses to the cluster's whitelist. Any IP not listed in a whitelist cannot establish a connection. This is the most effective method for broad access control.

    Option 2: Lock a user account for a specific IP address

    To block a specific user-IP combination — for example, test@'192.168.0.1' — lock the user account:

    -- 1. Create the user. You can explicitly create the user to lock it, even if it is not otherwise used.
CREATE USER 'test'@'192.168.0.1' IDENTIFIED BY 'xxxxx';

-- 2. Lock the account.
ALTER USER 'test'@'192.168.0.1' ACCOUNT LOCK;

    Any subsequent connection attempt from that user and IP returns:

    ERROR 3118 (HY000): Access denied for user 'test'@'192.168.0.1'. Account is locked.