数据库防火墙 #
| 语法 | 描述 | 类型 |
|---|---|---|
| SHOW DATABASE FIREWALL STRATEGIES | 查看数据库防火墙策略 | RQL |
| CREATE DATABASE FIREWALL STRATEGY database_firewall_rule ON db.table (MATCHING_ALGORITHMS(TYPE(NAME=" “)),ACTION_ALGORITHMS(TYPE(NAME=” “)) [,ENABLED=true/false]) | 创建数据库防火墙策略 | RDL |
| ALTER DATABASE FIREWALL STRATEGY database_firewall_rule ON db.table (MATCHING_ALGORITHMS(TYPE(NAME=” “)),ACTION_ALGORITHMS(TYPE(NAME=” “)) [,ENABLED=true/false]) | 修改数据库防火墙策略 | RDL |
| DROP DATABASE FIREWALL STRATEGY database_firewall_rule1,database_firewall_rule2 | 删除数据库防火墙策略 | RDL |
| ENABLE DATABASE FIREWALL (STRATEGY strategyeName / STRATEGIES) | 启用数据库防火墙策略 | RDL |
| DISABLE DATABASE FIREWALL (STRATEGY strategyeName / STRATEGIES) | 禁用数据库防火墙策略 | RDL |
1. 查看数据库防火墙策略 #
SHOW DATABASE FIREWALL STRATEGIES
示例
查看所有数据库防火墙策略
SHOW DATABASE FIREWALL STRATEGIES
+---------------+----------------+---------------------+-----------------+---------------+---------+
| strategy_name | algorithm_type | algorithm_type_name | algorithm_props | objects | enabled |
+---------------+----------------+---------------------+-----------------+---------------+---------+
| risk_dml | matching | risk_dml | | sharding_db.* | true |
| risk_dml | action | block | | sharding_db.* | true |
+---------------+----------------+---------------------+-----------------+---------------+---------+
查看指定数据库防火墙策略
SHOW DATABASE FIREWALL STRATEGY risk_dml;
+---------------+----------------+---------------------+-----------------+---------------+---------+
| strategy_name | algorithm_type | algorithm_type_name | algorithm_props | objects | enabled |
+---------------+----------------+---------------------+-----------------+---------------+---------+
| risk_dml | matching | risk_dml | | sharding_db.* | true |
| risk_dml | action | block | | sharding_db.* | true |
+---------------+----------------+---------------------+-----------------+---------------+---------+
输出说明
| 列 | 说明 |
|---|---|
| strategy_name | 策略名称 |
| algorithm_type | 算法类型 |
| algorithm_type_name | 算法名称 |
| algorithm_props | 算法参数 |
| objects | 生效对象 |
| enabled | 是否启用 |
2. 创建数据库防火墙策略 #
CREATE DATABASE FIREWALL STRATEGY database_firewall_rule ON db.table (MATCHING_ALGORITHMS(TYPE(NAME=" ")),ACTION_ALGORITHMS(TYPE(NAME=" ")))
CREATE DATABASE FIREWALL STRATEGY database_firewall_rule ON db.table (MATCHING_ALGORITHMS(TYPE(NAME=" ")),ACTION_ALGORITHMS(TYPE(NAME=" ")), ENABLED=true)
示例
创建单场景数据库防火墙策略
CREATE DATABASE FIREWALL STRATEGY join_query ON sharding_db.*(
MATCHING_ALGORITHMS(
TYPE(NAME="JOIN_QUERY",PROPERTIES("max-allowed-join-table-count"=2))
),
ACTION_ALGORITHMS(
TYPE(NAME="BLOCK")
),
ENABLED=true);
创建组合场景数据库防火墙策略
CREATE DATABASE FIREWALL STRATEGY sharding_whitelist ON sharding_db.t_order(
MATCHING_ALGORITHMS(
TYPE(NAME="SHARDING"),
TYPE(NAME="USERNAME",PROPERTIES("whitelist"="root"))
),
ACTION_ALGORITHMS(
TYPE(NAME="BLOCK")
));
参数说明
db.table: 为指定生效的对象,是可选配置,如果不配置默认 . 全部对象生效
相关算法请参考内置算法
3. 修改数据库防火墙策略 #
ALTER DATABASE FIREWALL STRATEGY database_firewall_rule ON db.table (MATCHING_ALGORITHMS(TYPE(NAME=" ")),ACTION_ALGORITHMS(TYPE(NAME=" ")))
ALTER DATABASE FIREWALL STRATEGY database_firewall_rule ON db.table (MATCHING_ALGORITHMS(TYPE(NAME=" ")),ACTION_ALGORITHMS(TYPE(NAME=" ")), ENABLED=true)
示例
修改数据库防火墙策略
ALTER DATABASE FIREWALL STRATEGY join_query (
MATCHING_ALGORITHMS(
TYPE(NAME="JOIN_QUERY",PROPERTIES("max-allowed-join-table-count"=2))
),
ACTION_ALGORITHMS(
TYPE(NAME="BLOCK")
),
ENABLED=true);
参数说明
db.table: 为指定生效的对象,是可选配置,如果不配置默认为 . 全部对象生效
相关算法请参考内置算法
4. 删除数据库防火墙策略 #
DROP DATABASE FIREWALL STRATEGY database_firewall_rule1,database_firewall_rule2
示例
删除单个数据库防火墙策略
DROP DATABASE FIREWALL STRATEGY join_query;
删除多个数据库防火墙策略
DROP DATABASE FIREWALL STRATEGY join_query1,join_query2;
参数说明
相关算法请参考内置算法
5. 启用数据库防火墙 #
ENABLE DATABASE FIREWALL STRATEGY risk_dml;
ENABLE DATABASE FIREWALL STRATEGIES;
6. 禁用数据库防火墙 #
DISABLE DATABASE FIREWALL STRATEGY risk_dml;
DISABLE DATABASE FIREWALL STRATEGIES;