Help Center> Anti-DDoS Service> FAQs> AAD FAQs> Access Configuration> How Do I Check Whether a Back-to-Origin IP Address Has Been Whitelisted on My Origin Server?
Updated on 2023-09-14 GMT+08:00
View PDF

How Do I Check Whether a Back-to-Origin IP Address Has Been Whitelisted on My Origin Server?

Check servers and security devices to ensure that they have whitelisted the back-to-origin IP addresses and will not limit or block access traffic. For example:

  • If your origin servers are HUAWEI CLOUD servers, configure ACLs and security groups to permit the back-to-origin IP addresses.
    1. Log in to the management console.
    2. Click in the upper left corner of the management console and select a region or project.
    3. Click in the upper left corner of the page and choose Networking > Virtual Private Cloud.
    4. Add a security group rule to allow access from the back-to-origin IP address.
      1. In the navigation pane on the left, choose Access Control > Security Groups.
      2. On the Security Group page, locate the target security group and click Manage Rule in the Operation column to switch to the page for managing inbound and outbound rules.
      3. On the Inbound Rules tab, click Add Rule. In the displayed dialog box, set required parameters to add an inbound rule.

        Click + to add more inbound rules.

        Parameter

        Description

        Protocol & Port

        Specifies the protocol and port for which a security group rule takes effect.

        Source

        Select IP address and enter the back-to-origin IP address.
      4. Click OK.
    5. Add an ACL rule to allow access from the back-to-origin IP address.
      1. In the navigation pane on the left, choose Access Control > Network ACLs.
      2. Locate the target network ACL on the Network ACLs page, and click the network ACL name to switch to the details page.
      3. On the Inbound Rules tab, click Add Rule. In the displayed dialog box, set required parameters to add an inbound rule.

        You can click + to add more inbound rules.

        Parameter

        Description

        Action

        Select Permit.

        Protocol

        Specifies the protocol supported by the network ACL. This parameter is mandatory. You can select a value from the drop-down list. The value can be TCP, UDP, ICMP, or ANY. If ICMP or ANY is selected, you do not need to specify port information.

        Source

        Set this parameter to the back-to-origin IP address.

        Source Port Range

        Specifies the source port number or port number range. The value ranges from 0 to 65535. To specify a range, enter two port numbers connected by a hyphen (-). The range cannot start with 0, for example, 1-100.

        This parameter is mandatory if you set Protocol to TCP or UDP.

        Destination

        Specifies the destination IP address to which the traffic is permitted.

        The default value is 0.0.0.0/0, indicating that traffic can be sent to all IP addresses.

        For example:

        xxx.xxx.xxx.xxx/32 (an IP address)

        xxx.xxx.xxx.0/24 (a subnet)

        0.0.0.0/0 (any IP address)

        Destination Port Range

        Specifies the destination port number or port number range. The value ranges from 0 to 65535. To specify a range, enter two port numbers connected by a hyphen (-). The range cannot start with 0, for example, 1-100.

        This parameter is mandatory if you set Protocol to TCP or UDP.

      4. Click OK.
  • If your origin servers already have their own security policies, ensure that they have taken effect. Some custom security policies may take effect only after a restart.
Parent topic: Access Configuration

Access Configuration FAQs

more