MXS-2513 Deprecate firewall and masking filters
This commit is contained in:
Johan Wikman
@ -3,54 +3,24 @@
|
||||
Table of Contents
|
||||
=================
|
||||
|
||||
* [Overview](#overview)
|
||||
* [Configuration](#configuration)
|
||||
* [Filter Parameters](#filter-parameters)
|
||||
* [rules](#rules)
|
||||
* [action](#action)
|
||||
* [log_match](#log_match)
|
||||
* [log_no_match](#log_no_match)
|
||||
* [Rule syntax](#rule-syntax)
|
||||
* [Mandatory rule parameters](#mandatory-rule-parameters)
|
||||
* [wildcard](#wildcard)
|
||||
* [Example](#example)
|
||||
* [columns](#columns)
|
||||
* [Example](#example-1)
|
||||
* [function](#function)
|
||||
* [Example](#example-2)
|
||||
* [not_function](#not_function)
|
||||
* [Example](#example-3)
|
||||
* [uses_function](#uses_function)
|
||||
* [Example](#example-4)
|
||||
* [function and columns](#function-and-columns)
|
||||
* [Example](#example-5)
|
||||
* [not_function and columns](#not_function-and-columns)
|
||||
* [Example](#example-6)
|
||||
* [regex](#regex)
|
||||
* [Example](#example-7)
|
||||
* [limit_queries](#limit_queries)
|
||||
* [Example](#example-8)
|
||||
* [no_where_clause](#no_where_clause)
|
||||
* [Example](#example-9)
|
||||
* [Optional rule parameters](#optional-rule-parameters)
|
||||
* [at_times](#at_times)
|
||||
* [on_queries](#on_queries)
|
||||
* [Applying rules to users](#applying-rules-to-users)
|
||||
* [Module commands](#module-commands)
|
||||
* [dbfwfilter::rules/reload [FILE]](#dbfwfilterrulesreload-file)
|
||||
* [dbfwfilter::rules](#dbfwfilterrules)
|
||||
* [Use Cases](#use-cases)
|
||||
* [Use Case 1 - Prevent rapid execution of specific queries](#use-case-1---prevent-rapid-execution-of-specific-queries)
|
||||
* [Use Case 2 - Only allow deletes with a where clause](#use-case-2---only-allow-deletes-with-a-where-clause)
|
||||
[TOC]
|
||||
|
||||
## Overview
|
||||
|
||||
The database firewall filter has been deprecated in MaxScale 2.4 and
|
||||
it will be removed in a future version of MaxScale. We advise against
|
||||
using it.
|
||||
|
||||
The Database Firewall filter is used to block queries that match a set of
|
||||
rules. It can be used to prevent harmful queries from reaching the backend
|
||||
database instances or to limit access to the database based on a more flexible
|
||||
set of rules compared to the traditional GRANT-based privilege system. Currently
|
||||
the filter does not support multi-statements.
|
||||
|
||||
Note that the firewall filter should be viewed as a best-effort solution
|
||||
intended for protecting against accidental misuse rather than malicious
|
||||
attacks.
|
||||
|
||||
## Configuration
|
||||
|
||||
The Database Firewall filter only requires minimal configuration in the
|
||||
|
||||
@ -9,6 +9,10 @@ Table of Contents
|
||||
|
||||
## Overview
|
||||
|
||||
The masking filter has been deprecated in MaxScale 2.4 and
|
||||
it will be removed in a future version of MaxScale. We advise against
|
||||
using it.
|
||||
|
||||
With the _masking_ filter it is possible to obfuscate the returned
|
||||
value of a particular column.
|
||||
|
||||
@ -41,6 +45,10 @@ the _ssn_ would be masked, as in
|
||||
...
|
||||
```
|
||||
|
||||
Note that the masking filter should be viewed as a best-effort solution
|
||||
intended for protecting against accidental misuse rather than malicious
|
||||
attacks.
|
||||
|
||||
## Security
|
||||
|
||||
From MaxScale 2.3 onwards, the masking filter will reject statements
|
||||
|
||||
Reference in New Issue
Block a user