Background Information #
Configuring a database firewall in YAML format allows for a quick understanding of the dependencies between database firewall rules. DBPlusEngine will automatically create objects based on the YAML configuration, reducing unnecessary coding work for users.
Parameter Explanation #
databaseFirewall:
strategies: # Strategies
risk_dml: # Strategy name
matchingAlgorithmNames: # Matching algorithm list
- risk_dml_algorithm
actionAlgorithmNames: # Action algorithm list
- log_action
- block_action
objects: # Effective objects list
- sharding_db.*
matchingAlgorithms: # Matching algorithm configuration
risk_dml_algorithm:
type: RISK_DML
props:
full-table-update: true
full-table-delete: true
actionAlgorithms: # Matching algorithm configuration
block_action:
type: BLOCK
log_action:
type: LOG
props:
log-level: ERROR
For details on algorithm types, please refer to the Built-in Database Firewall Algorithm List.
Operating Steps #
- Configure database firewall rules in YAML files, including data sources, database firewall rules, global properties, and other configuration items.
- Create objects based on the configuration information in the YAML file.
Configuration Example #
Here’s an example of data desensitization YAML configuration:
dataSources:
unique_ds:
dataSourceClassName: com.zaxxer.hikari.HikariDataSource
driverClassName: com.mysql.jdbc.Driver
jdbcUrl: jdbc:mysql://localhost:3306/demo_ds?serverTimezone=UTC&useSSL=false&useUnicode=true&characterEncoding=UTF-8
username: root
password:
rules:
- DATABASEFIREWALL
strategies:
risk_dml:
matchingAlgorithmNames:
- risk_dml_algorithm
actionAlgorithmNames:
- log_action
- block_action
objects:
- sharding_db.*
matchingAlgorithms:
risk_dml_algorithm:
type: RISK_DML
props:
full-table-update: true
full-table-delete: true
actionAlgorithms:
block_action:
type: BLOCK
log_action:
type: LOG
props:
log-level: ERROR