[MXS-2414] Throttle connection attempts Created: 2019-04-02 Updated: 2023-01-03 Resolved: 2019-04-30 |
|
| Status: | Closed |
| Project: | MariaDB MaxScale |
| Component/s: | Core |
| Affects Version/s: | 2.3.4 |
| Fix Version/s: | 2.4.0 |
| Type: | New Feature | Priority: | Major |
| Reporter: | Hartmut Holzgraefe | Assignee: | markus makela |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||||||
| Description |
|
A client repeatedly trying to connect with a nonexisting default database given can lead to a denial-of-service effect. As the client authenticates correctly, and only fails when trying to use the database given on connect, this is not caught by the server mechanism that blocks out hosts after too many failed connection attempts, as the actual connect and authentication phase were completed successfully. Feature request: provide some kind of throttle mechanism for incoming client connections, similar to query throttling in the Throttle filter, either globally for a given router, or on a per-host basis. |
| Comments |
| Comment by markus makela [ 2019-04-18 ] |
|
MaxScale should already treat the two authentication failures similarly so just adding a way to "ban" connections from certain hosts for a period of time would solve it. |
| Comment by markus makela [ 2019-04-30 ] |
|
Added temporary blocking of hosts when too many authentication errors occur. |