How Do I Check Whether a Back-to-Origin IP Address Has Been Whitelisted on My Origin Server?
Check servers and security devices to ensure that they have whitelisted the back-to-origin IP addresses and will not limit or block access traffic. For example:
- If your origin servers are HUAWEI CLOUD servers, configure ACLs and security groups to permit the back-to-origin IP addresses.
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner of the page and choose Networking > Virtual Private Cloud.
- Add a security group rule to allow access from the back-to-origin IP address.
- In the navigation pane on the left, choose Access Control > Security Groups.
- On the Security Group page, locate the target security group and click Manage Rule in the Operation column to switch to the page for managing inbound and outbound rules.
- On the Inbound Rules tab, click Add Rule. In the displayed dialog box, set required parameters to add an inbound rule.
Click + to add more inbound rules.
Parameter
Description
Protocol & Port
Specifies the protocol and port for which a security group rule takes effect.
Source
Select IP address and enter the back-to-origin IP address.
- Click OK.
- Add an ACL rule to allow access from the back-to-origin IP address.
- In the navigation pane on the left, choose Access Control > Network ACLs.
- Locate the target network ACL on the Network ACLs page, and click the network ACL name to switch to the details page.
- On the Inbound Rules tab, click Add Rule. In the displayed dialog box, set required parameters to add an inbound rule.
You can click + to add more inbound rules.
Parameter
Description
Action
Select Permit.
Protocol
Specifies the protocol supported by the network ACL. This parameter is mandatory. You can select a value from the drop-down list. The value can be TCP, UDP, ICMP, or ANY. If ICMP or ANY is selected, you do not need to specify port information.
Source
Set this parameter to the back-to-origin IP address.
Source Port Range
Specifies the source port number or port number range. The value ranges from 0 to 65535. To specify a range, enter two port numbers connected by a hyphen (-). The range cannot start with 0, for example, 1-100.
This parameter is mandatory if you set Protocol to TCP or UDP.
Destination
Specifies the destination IP address to which the traffic is permitted.
The default value is 0.0.0.0/0, indicating that traffic can be sent to all IP addresses.
For example:
xxx.xxx.xxx.xxx/32 (an IP address)
xxx.xxx.xxx.0/24 (a subnet)
0.0.0.0/0 (any IP address)
Destination Port Range
Specifies the destination port number or port number range. The value ranges from 0 to 65535. To specify a range, enter two port numbers connected by a hyphen (-). The range cannot start with 0, for example, 1-100.
This parameter is mandatory if you set Protocol to TCP or UDP.
- Click OK.
- If your origin servers already have their own security policies, ensure that they have taken effect. Some custom security policies may take effect only after a restart.
Access Configuration FAQs
- Can I Connect My Service System to AAD If It Is Not Running on HUAWEI CLOUD?
- How Do I Check Whether a Protected Domain Name Is Correctly Configured After I Connect It to AAD?
- What Can I Do When Message "Invalid request" Is Displayed When I Upload an HTTPS/WebSockets Certificate?
- How Do I Convert a Non-PEM Certificate into a PEM One?
- How Do I Enable Both AAD and WAF?
- How Do I Connect My Service System to AAD?
- How Is CNAME-based Access Implemented?
- How Does AAD Distribute Traffic When There Are Multiple Origin Servers?
- How Do I Check Whether a Back-to-Origin IP Address Has Been Whitelisted on My Origin Server?
- How Do I Change the Exposed IP Address of an Origin Server?
- How Do I Query the Back-to-Origin IP Address Range?
- Can I Migrate Enterprise Project Resources After Adding the Protected Domain Name?
- Can I Build My Own Anti-DDoS System Using HUAWEI CLOUD ECSs?
- How Do the AAD Blacklist and Whitelist Protect Customer's Servers?
- Do I Still Need to Configure the Blacklist and Whitelist in WAF Protection Policies After Configuring Them in DDoS Protection Policies?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore