All Products
Search
Document Center

Error 1045 (HY000) or 2801 (HY000): IP address not in the whitelist

Last Updated: Jun 20, 2019

Symptom

When you connect to an RDS instance, one of the following two errors is reported:

  • ERROR 1045 (HY000): #28000ip not in whitelist

  • ERROR 2801 (HY000): #RDS00ip not in whitelist, client ip is XXX

Cause and Solution

  • The IP address whitelist for the RDS instance contains only the default IP address 127.0.0.1, which indicates that no devices are allowed to connect to the RDS instance. In this case, you need to add the IP address of the device to the whitelist. For detailed steps, see Set the whitelist

  • The whitelist follows the 0.0.0.0 format.

    The valid format is 0.0.0.0/0, which indicates that all devices are allowed to connect to the RDS instance. Exercise caution when you use this format.

  • If the whitelist is set to the enhanced security mode, take these steps:

    • If you want to establish a connection via a VPC by using the private IP address of the ECS instance, make sure that this private IP address is added to the VPC group.

    • If you want to establish a connection via a classic network by using the private IP address of the ECS instance, make sure that this private IP address is added to the classic network group.

    • If you want to establish a connection via the Internet, make sure that the public IP address of the device is added to the classic network group.

      The VPC group is unsuitable for communication via the Internet.

  • The public IP address of the device in the whitelist is not the real outbound IP address. The following are possible reasons:

    • The public IP address is not fixed and may change.

    • The IP address query tool or website yields inaccurate results.

    For detailed solutions, see locate the local IP address.