Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proxysql firewall support #144

Open
atimonin opened this issue Mar 24, 2023 · 1 comment
Open

proxysql firewall support #144

atimonin opened this issue Mar 24, 2023 · 1 comment

Comments

@atimonin
Copy link

New feature neeeded for firewall management in proxysql:
https://mydbops.wordpress.com/2020/04/21/building-a-mysql-firewall-with-proxysql/

SUMMARY

At least I need now modules to manage mysql_firewall_whitelist_users and mysql_firewall_whitelist_rules

ISSUE TYPE
  • Feature Idea
    I think this should be a separate module, but maybe it's possible to implement it in proxysql_mysql_users
COMPONENT NAME
ADDITIONAL INFORMATION





















 















@markuman












 








Copy link
 

 







Member






















I think this should be a separate module, but maybe it's possible to implement it in proxysql_mysql_users




It is impossible to integrate it into proxysql_mysql_users module imo.

I also think it must be result in three new modules. Everything else will be very complicated.


mysql_firewall_whitelist_rules


CREATE TABLE mysql_firewall_whitelist_rules (
    active INT CHECK (active IN (0,1)) NOT NULL DEFAULT 1,
    username VARCHAR NOT NULL,
    client_address VARCHAR NOT NULL,
    schemaname VARCHAR NOT NULL,
    flagIN INT NOT NULL DEFAULT 0,
    digest VARCHAR NOT NULL,
    comment VARCHAR NOT NULL,
    PRIMARY KEY (username, client_address, schemaname, flagIN, digest) )


mysql_firewall_whitelist_sqli_fingerprints


CREATE TABLE mysql_firewall_whitelist_sqli_fingerprints (
    active INT CHECK (active IN (0,1)) NOT NULL DEFAULT 1,
    fingerprint VARCHAR NOT NULL,
    PRIMARY KEY (fingerprint) )


mysql_firewall_whitelist_users


CREATE TABLE mysql_firewall_whitelist_users (
    active INT CHECK (active IN (0,1)) NOT NULL DEFAULT 1,
    username VARCHAR NOT NULL,
    client_address VARCHAR NOT NULL,
    mode VARCHAR CHECK (mode IN ('OFF','DETECTING','PROTECTING')) NOT NULL DEFAULT ('OFF'),
    comment VARCHAR NOT NULL,
    PRIMARY KEY (username, client_address) )




What's your usecase?

I've tried firewalling a nextcloud application in the past. But it's nearly impossible.

This will only work properly if


    

  • Your application consists only very few queries
    • 

  • You've got unit- and integrationtests that 100% covers all needed and available queries, so you've got a realistic chance to collect all necessary queries.

      

    • when you're using an ORM, the change that you reach 100% decreases massively
      • 

    

    • 

  • You got a lot of man-power, time and perseverance.
    • 



@atimonin do you have some time to implement and contribute those modules?

































 














 










Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment









 







Assignees



No one assigned







Labels




None yet










Projects







None yet


 







Milestone


No milestone












Development



No branches or pull requests


 











2 participants





@atimonin
 
@markuman