Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Firewall whitelist having isssues #2534

Closed
s4sukan opened this issue Feb 18, 2020 · 2 comments
Closed

Firewall whitelist having isssues #2534

s4sukan opened this issue Feb 18, 2020 · 2 comments

Comments

@s4sukan
Copy link

s4sukan commented Feb 18, 2020

Finally, we have the most awaited feature for firewall whitelisting. I'm trying to test before enabling it in production. active flag is being set as 0 in runtime_mysql_firewall_whitelist_rules table even though it's loaded.

Config

MySQL [(none)]> select * from mysql_firewall_whitelist_users;
+--------+----------+----------------+------------+---------+
| active | username | client_address | mode       | comment |
+--------+----------+----------------+------------+---------+
| 1      | appuser  | 127.0.0.1      | PROTECTING | testing |
+--------+----------+----------------+------------+---------+

MySQL [(none)]> select * from mysql_firewall_whitelist_rules;
+--------+----------+----------------+------------+--------+--------------------+---------+
| active | username | client_address | schemaname | flagIN | digest             | comment |
+--------+----------+----------------+------------+--------+--------------------+---------+
| 1      | appuser  | 127.0.0.1      |            |        | 0x37B5362567EE37EF |         |
+--------+----------+----------------+------------+--------+--------------------+---------+

MySQL [(none)]> load mysql firewall to run;
Query OK, 0 rows affected (0.000 sec)

MySQL [(none)]> select * from runtime_mysql_firewall_whitelist_rules;
+--------+----------+----------------+------------+--------+--------------------+---------+
| active | username | client_address | schemaname | flagIN | digest             | comment |
+--------+----------+----------------+------------+--------+--------------------+---------+
| 0      | appuser  | 127.0.0.1      |            | 0      | 0x37B5362567EE37EF |         |
+--------+----------+----------------+------------+--------+--------------------+---------+

MySQL [(none)]> select * from runtime_global_variables where variable_name like '%fire%';
+-----------------------------------+-----------------------------+
| variable_name                     | variable_value              |
+-----------------------------------+-----------------------------+
| mysql-firewall_whitelist_enabled  | 1                           |
| mysql-firewall_whitelist_errormsg | Firewall blocked this query |
+-----------------------------------+-----------------------------+

 mysql -u appuser -p -h127.0.0.1 -P6033 -e "Select 1"
Enter password:
ERROR 1148 (42000) at line 1: Firewall blocked this query

2020-02-18 11:38:42 Query_Processor.cpp:2071:process_mysql_query(): [WARNING] Firewall blocked query with digest 0x37B5362567EE37EF from user [email protected]
@renecannao
Copy link
Contributor

Verified

This was referenced Feb 22, 2020
Merged
Merged
@renecannao
Copy link
Contributor

Closing as fixed in 2.0.10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@renecannao @s4sukan