Restrict instance access to specific IP addresses or CIDR blocks by configuring a whitelist.
Public IP address whitelist
Prerequisites
You have created an instance and enabled public access.
Procedure
-
Go to the Instances page of Microservices Engine and select the target instance's region from the top menu bar.
-
On the Instances page, click the ID of the target instance.
-
On the Basic Information page, click the edit icon
next to Public Whitelist Settings. -
In the Public Whitelist Settings dialog box, enter the allowed IP addresses, and then click OK.
-
Use CIDR notation (X.X.X.X/X). The prefix length must be 16 or greater (for example, 192.168.0.0/16 or 192.168.100.0/24).
-
Separate multiple CIDR blocks with a comma (,).
-
Setting the whitelist to 127.0.0.1/32 denies access from all IP addresses.
-
Maximum: 1,000 entries.
-
An empty whitelist allows access from any IP address, risking data exposure.
ImportantWithout authentication enabled on the Nacos engine, this exposes sensitive data. Enable Nacos client authentication before clearing the whitelist.
-
Private network whitelist
Prerequisites
-
You have created an instance.
-
Nacos Enterprise Edition with engine version 3.0.1.1 or later.
Procedure
-
Go to the Instances page of Microservices Engine and select the target instance's region from the top menu bar.
-
On the Instances page, click the ID of the target instance.
-
On the Basic Information page, in the Whitelist settings section, click the Internal Network tab, and then click Edit the internal whitelist.
-
In the Internal Network Whitelist Settings dialog box, enter the allowed IP addresses, and then click OK.
-
Enter IP addresses in CIDR block format (X.X.X.X/X), where /X is the prefix length.
-
Separate multiple CIDR blocks with a comma (,).
-
Setting the whitelist to 127.0.0.1/32 denies access from all IP addresses.
-
An empty whitelist allows access from any private network address.
-
Maximum: 1,000 entries.
-