[MXS-1551] Ip white list for proxy Created: 2017-11-29 Updated: 2018-03-26 Resolved: 2018-03-26 |
|
| Status: | Closed |
| Project: | MariaDB MaxScale |
| Component/s: | mariadbmon |
| Affects Version/s: | None |
| Fix Version/s: | 2.2.0 |
| Type: | New Feature | Priority: | Major |
| Reporter: | dapeng huang | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||||||
| Description |
|
Current MaxScale's Authentication mechanism has a limit, MaxScale's host should be added to every {Username, Password}tuple, as descriped in the Configuration Docments; If there is a ip white list mechanism, put MaxScale's host in the white list, Server Authentication skip those host in the list will let MaxScale be much easier to use, especially in cloud environment; Proposal: |
| Comments |
| Comment by markus makela [ 2017-11-29 ] |
|
Fixed in 10.3 when PROXY protocol is added. |
| Comment by markus makela [ 2017-11-29 ] |
|
dapeng Can you check if the PROXY protocol ( |
| Comment by dapeng huang [ 2017-11-29 ] |
|
thanks it exactly what we need, but if MySQLMon can add host to @@GLOBAL.proxy_protocol_networks could be better, cause we may dynamically add or remove mxs nodes for a mysql cluster; |
| Comment by markus makela [ 2017-11-29 ] |
|
That's a slightly dangerous thing from a security perspective as it depends only on the authentication of the monitor user but it should be doable. This assumes that the MaxScale user has the permissions to add itself into the list of allowed proxied networks. |
| Comment by markus makela [ 2018-03-26 ] |
|
Closing this as Done since 2.2 implemented PROXY Protocol support. If you want MaxScale to automatically add itself to the list of proxied hosts, please open a separate feature request for it. |