接上一篇:企业实战_22_MyCatSQL拦截
https://blog.csdn.net/weixin_40816738/article/details/100073474
文章目录
- 1. SQL防火墙_白名单配置
- 2. 白名单测试
- 3. SQL防火墙_黑名单配置
- 4. SQL防火墙_黑名单测试
SQL防火墙:包括2个标签<whitehost></whitehost><blacklist></blacklist>
- 白名单:白名单设置允许访问的ip 和 用户
- 黑名单:配置黑名单的列表,配置mycat对那些操作进行限制
1. SQL防火墙_白名单配置
# 配置白名单
# 只允许192.168.92.104服务器并且是app_imooc用户的访问mycat
vim /app/mycat/conf/server.xml
<firewall><whitehost><host host="192.168.92.104" user="app_imooc"></host></whitehost></firewall>
注释:防火墙标签要在user标签前面
2. 白名单测试
使用app_imooc用户在192.168.92.101服务器登录mycat测试
[root@node1 ~]# mysql -uapp_imooc -p -h192.168.92.101 -P8066
Enter password:
ERROR 1045 (HY000): Access denied for user 'app_imooc' with host '192.168.92.101'
[root@node1 ~]#
使用app_imooc用户在192.168.92.104服务器登录mycat测试
[root@node4 ~]# mysql -uapp_imooc -p -h192.168.92.101 -P8066
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.6.29-mycat-1.6.5-release-20180122220033 MyCat Server (OpenCloundDB)Copyright (c) 2000, 2021, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql>
3. SQL防火墙_黑名单配置
# 配置黑名单
# 不允许删除不写where条件
vim /app/mycat/conf/server.xml 添加内容而下
<!-- sql防火墙 配置 --><firewall><whitehost><!-- 设置允许访问的用户和服务器主机 --><host host="192.168.43.101" user="app_imooc"></host></whitehost><!-- 是否开启黑名单校验 --><blacklist check="true"><!-- 设置mycat对那些操作进行限制 --><property name="deleteWhereNoneCheck">true</property></blacklist></firewall>
4. SQL防火墙_黑名单测试
# 重启启动mycat
mycat stop
mycat start# 使用app_imooc用户在192.168.92.104服务器登录mycat测试
[root@node4 ~]# mysql -uapp_imooc -p -h192.168.92.101 -P8066
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.29-mycat-1.6.5-release-20180122220033 MyCat Server (OpenCloundDB)Copyright (c) 2000, 2021, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> use imooc_db;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -ADatabase changed
mysql> delete from order_master;
ERROR 3012 (HY000): The statement is unsafe SQL, reject for user 'app_imooc'
mysql> 
从上图可以得出结论,黑名单生效了
下一篇:企业实战_24_MyCat实现读写分离
https://gblfy.blog.csdn.net/article/details/100103666
