Alibaba Cloud provides a secured cloud environment, where suspicious actions are monitored and blocked in real time. In cases where you use a third party CDN or security vendor’s product to forward requests or perform security scan, Alibaba Cloud Security may regard these behaviors as suspicious. Consequently, access exceptions may result from attack behaviors that contain source IP address in the forwarded requests or unpermitted operations from security scan.

Considering the necessity of such products, Alibaba Cloud allows CDN and security vendors (applicant) to apply for permissions to add the IP addresses of their products to the global whitelist of Alibaba Cloud Security basic protection. The relevant procedure is as follows.

Note If you only want to configure a whitelist for all of your ECS instances, see Configure an access whitelist in Security Control.
To make an application, the applicant must write an official letter that contains the following information:
  • A list of the IP addresses to be added to the whitelist. In case of numerous IP addresses, an official link to these IP addresses can be provided and sent as an email attachment.
  • Usage descriptions of these IP addresses.
  • Commitment of adherence to relevant laws, regulations, and Alibaba Cloud’s relevant regulations. The applicant must commit to not mounting any type of attack against Alibaba Cloud’s users. If the added IP addresses are deemed as security threats to Alibaba Cloud’s users or are allegedly used to commit law violations and patent infringements, the applicant is fully liable for the resulting impact. The applicant stands liable to compensate Alibaba Cloud for any losses.
  • Contact information (telephone number is recommended).
  • The applicant’s corporate seal.

The applicant, on behalf of the vendor’s company, must send the electronic copy of the company’s business license and the official letter through email to the following addresses:

  • To: dachao.xdc@alibaba-inc.com
  • Cc: yemin.ym@alibaba-inc.com

Authorization

Upon receiving an application, Alibaba Cloud sends an initial, non-automatic reply to the applicant within two working days for review purposes. Alibaba Cloud has the right to request the applicant to clarify any doubts in regard to the application materials during the application review process. The review may take several working days. When the review is completed, Alibaba Cloud notifies the applicant of the result.

The applicant accepts that Alibaba Cloud can clean the whitelist periodically in accordance with the specified policy. The applicant is required to notify Alibaba Cloud of any adjustments or changes to the IP addresses of relevant products. If Alibaba Cloud determines that the added IP addresses cause security threats to Alibaba Cloud users, Alibaba Cloud will remove these IP addresses permanently and reserves the right to hold the applicant legally accountable.