Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-4191

Restrict the REST API user's authentication to specific IP's only like MariaDB



    • New Feature
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • None
    • Icebox
    • REST-API
    • None


      As per the security reasons, we want to restrict the --type=admin users remotely only to the specific ips and we want to restrict only the admin users only as we don't want to run any admin commands by mistakenly.

      Can you please implement the maxscale users to restrict to local host or specific host only like mariadb? the restriction should work for GUI too, if we restrict admin user localhost then it should not login through GUI as well.

      and also can we change the parameter to allow multiple values with comma separated?
      admin_host = localhost,192,169.101.10, testmax102

      EX1: admin user should access only localhost like mariadb root localhost.

      EX2: if user test_admin_user has --type=admin then it should restrict to specific ip's like test_admin_user@'', test_admin_user@'' and test_admin_user@'' then the user should only work from these ip's only like mariadb, how we restrict to only specific server IP's.

      EX3: if user test_read_only user has --type=basic, as its a read only user then the user can work from any where like mariadb test_read_only@'%' access.

      NOTE: We don't need to change anything for AD user(PAM USER). Please keep as it is for AD, there wont be any changes required for AD user. anyhow that we will restrict using "admin_pam_readonly_service" option in the maxscale.conf file. so it will be act as a read only for all the PAM users.




            toddstoffel Todd Stoffel
            naresh.chandra@copart.com Naresh Chandra
            0 Vote for this issue
            1 Start watching this issue



              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.