Updated on 2024-03-15 GMT+08:00

Access Control

Scenario

Access control allows you to whitelist certain IP addresses to allow them to access a listener or blacklist certain IP addresses to deny them to access a listener.

You can modify or disable the access control option as needed.

Once a whitelist is added, only IP addresses in the whitelist can access the listener. After a blacklist is added, IP addresses in the blacklist cannot access the listener.

Constraints

  • Access control does not restrict the ping command. You can still ping endpoints from the blacklisted IP addresses.

    If a whitelist is configured for a listener but IP addresses that are not in the whitelist can access the endpoints associated with the listener, one possible reason is that a persistent connection is established between the client and the endpoints. To deny such IP addresses from accessing the listener, the persistent connection needs to be disconnected.

  • You can add up to 20 CIDR blocks at a time and 200 CIDR blocks in total to an IP address group. Each CIDR block must be unique.
  • An IP address group can be configured for an access control policy of up to 10 listeners.
  • Access control policies take effect only for new connections, but not for connections that have been established.

Prerequisites

If you want to use a whitelist or blacklist for access control, you must select an IP address group. If do not have an IP address group, create one by referring to Creating an IP Address Group.

The IP address group must be in the Running state.

Configuring Access Control

  1. Log in to the management console.
  2. Click in the upper left corner and choose Networking > Global Accelerator.

    The Global Accelerator page is displayed.

  3. Search for the global accelerator by name or ID.
  4. Click the name of the global accelerator to go to the details page.
  5. Click Listeners.
  1. Click the name of the target listener.
  2. On the Basic Information page, click Configure on the right of Access Control.
  3. Configure the parameters. For details, see Table 1.
    Table 1 Parameters for configuring access control

    Parameter

    Description

    Access Control

    If you have set Access Control to Whitelist or Blacklist, you can enable or disable access control.

    • Only after you enable access control, the whitelist or blacklist takes effect.
    • If you disable access control, the whitelist or blacklist does not take effect.

    Access Control

    Specifies how access to the listener is controlled. Three options are available:

    • Whitelist: Only IP addresses in the IP address group can access the listener.
    • Blacklist: IP addresses in the IP address group are not allowed to access the listener.

    IP Address Group

    CIDR blocks that are added to the whitelist or blacklist for access control.

  4. Click OK.