Database Firewall

Database Firewall #

Syntax	Description	Type
SHOW DATABASE FIREWALL STRATEGIES	View database firewall strategies	RQL
CREATE DATABASE FIREWALL STRATEGY	Create a database firewall strategy	RDL
ALTER DATABASE FIREWALL STRATEGY	Modify a database firewall strategy	RDL
DROP DATABASE FIREWALL STRATEGY	Delete a database firewall strategy	RDL

1. View Database Firewall Strategies #

 SHOW DATABASE FIREWALL STRATEGIES

Example

View all database firewall strategies

 SHOW DATABASE FIREWALL STRATEGIES
 +---------------+----------------+---------------------+-----------------+---------------+
 | strategy_name | algorithm_type | algorithm_type_name | algorithm_props | objects       |
 +---------------+----------------+---------------------+-----------------+---------------+
 | risk_dml      | matching       | risk_dml            |                 | sharding_db.* |
 | risk_dml      | action         | block               |                 | sharding_db.* |
 +---------------+----------------+---------------------+-----------------+---------------+

View a specific database firewall strategy

SHOW DATABASE FIREWALL STRATEGY risk_dml;
+---------------+----------------+---------------------+-----------------+---------------+
| strategy_name | algorithm_type | algorithm_type_name | algorithm_props | objects       |
+---------------+----------------+---------------------+-----------------+---------------+
| risk_dml      | matching       | risk_dml            |                 | sharding_db.* |
| risk_dml      | action         | block               |                 | sharding_db.* |
+---------------+----------------+---------------------+-----------------+---------------+

Output Explanation

Column	Description
strategy_name	Strategy name
algorithm_type	Algorithm type
algorithm_type_name	Algorithm name
algorithm_props	Algorithm parameters
objects	Effective objects

2. Create Database Firewall Strategy #

CREATE DATABASE FIREWALL STRATEGY database_firewall_rule ON db.table (MATCHING_ALGORITHMS(TYPE(NAME=" ")),ACTION_ALGORITHMS(TYPE(NAME=" ")))

Example

Create a single-scenario database firewall strategy

CREATE DATABASE FIREWALL STRATEGY join_query  ON sharding_db.*(
MATCHING_ALGORITHMS(
TYPE(NAME="JOIN_QUERY",PROPERTIES("max-allowed-join-table-count"=2))
),
ACTION_ALGORITHMS(
TYPE(NAME="BLOCK")
));

Create a combined-scenario database firewall strategy

CREATE DATABASE FIREWALL STRATEGY sharding_whitelist ON sharding_db.t_order(
MATCHING_ALGORITHMS(
TYPE(NAME="SHARDING"),
TYPE(NAME="USERNAME",PROPERTIES("whitelist"="root"))
),
ACTION_ALGORITHMS(
TYPE(NAME="BLOCK")
));

Parameter Explanation

db.table: Specifies the object to take effect on. This is optional configuration. If not configured, it defaults to * . * for all objects to take effect.

Refer to Built-in Algorithms for related algorithms.

3. Modify Database Firewall Strategy #

ALTER DATABASE FIREWALL STRATEGY database_firewall_rule ON db.table (MATCHING_ALGORITHMS(TYPE(NAME=" ")),ACTION_ALGORITHMS(TYPE(NAME=" ")))

Example

Modify a database firewall strategy

 ALTER DATABASE FIREWALL STRATEGY join_query (
 MATCHING_ALGORITHMS(
 TYPE(NAME="JOIN_QUERY",PROPERTIES("max-allowed-join-table-count"=2))
 ),
 ACTION_ALGORITHMS(
 TYPE(NAME="BLOCK")
 ));

Parameter Explanation

db.table: Specifies the object to take effect on. This is optional configuration. If not configured, it defaults to * . * for all objects to take effect.

Refer to Built-in Algorithms for related algorithms.

4. Delete Database Firewall Strategy #

 DROP DATABASE FIREWALL STRATEGY  database_firewall_rule1,database_firewall_rule2

Example

Delete a single database firewall strategy

 DROP DATABASE FIREWALL STRATEGY join_query;

Delete multiple database firewall strategies

 DROP DATABASE FIREWALL STRATEGY join_query1,join_query2;

Parameter Explanation

Refer to Built-in Algorithms for related algorithms.