DocsICP FilingConsole
官方文档
首页

Configure a whitelist

更新时间:
复制 MD 格式
产品详情
我的收藏

To ensure the security and stability of your ApsaraDB for ClickHouse database, the system blocks all IP addresses from accessing ApsaraDB for ClickHouse clusters by default. Before you start using an ApsaraDB for ClickHouse cluster, you must add the IP address or CIDR block of your client to the whitelist of ApsaraDB for ClickHouse. This topic describes how to configure a whitelist.

Prerequisites

You have an ApsaraDB for ClickHouse cluster that is in the Running state. For more information, see Create a cluster.

Precautions

  • A whitelist provides strong access security for your ApsaraDB for ClickHouse cluster. We recommend maintaining the whitelist regularly.

  • To ensure data security, ApsaraDB for ClickHouse prohibits setting a whitelist to 0.0.0.0 or 0.0.0.0/0.

  • The default whitelist group (default) contains only 127.0.0.1, which blocks all other IP addresses from accessing the ApsaraDB for ClickHouse cluster. It cannot be deleted, but can only be modified or cleared.

  • Do not modify or delete system-generated groups to avoid affecting the functionality of related products.

    For example, dms is the whitelist group for Data Management Service (DMS).

  • An ApsaraDB for ClickHouse cluster supports a maximum of 200 IP addresses in total across all whitelist groups, with a limit of 50 IP addresses per group.

Configure a whitelist

  1. Log on to the ApsaraDB for ClickHouse console.

  2. In the top-left corner of the page, select your cluster's region.

  3. On the Clusters page, select the tab for your instance type, such as Instance list , and then click the ID of your target cluster.

  4. In the left-side navigation pane, click Data Security.

  5. Click Create Whitelist Group.

  6. Set the following parameters as prompted.

    Parameter

    Description

    Example

    Group Name

    The name of the whitelist group. The name must meet the following requirements:

    • Consists of lowercase letters, digits, or underscores (_).

    • Starts with a lowercase letter and ends with a lowercase letter or a digit.

    • Is 2 to 32 characters in length.

    test

    IP Addresses

    The IP addresses in the whitelist. The IP addresses must meet the following requirements:

    • An IP address. For example, 192.168.0.1 allows the IP address 192.168.0.1 to access ApsaraDB for ClickHouse.

    • A CIDR block, such as 192.168.0.0/24, allows IP addresses from 192.168.0.1 to 192.168.0.255 to access ApsaraDB for ClickHouse.

    Note

    • To add multiple IP addresses or CIDR blocks, separate them with a comma (,).

    • A setting of 127.0.0.1 blocks all IP addresses from accessing the ApsaraDB for ClickHouse cluster.

    • To ensure data security, do not set the whitelist to 0.0.0.0 or 0.0.0.0/0.

    192.168.xx.xx
    Note

    When you create a new ApsaraDB for ClickHouse cluster, the system automatically adds a whitelist group named dms to the ApsaraDB for ClickHouse cluster and adds the IP addresses of DMS servers to this group. If the IP addresses are not automatically added, you must add them manually. For a list of DMS IP addresses for different regions, see List of DMS CIDR blocks.

  7. Click OK.

Previous:Security managementNext:IP whitelist template