Commit Graph

212 Commits

Author SHA1 Message Date
a1e8287265 Add global to ccrfilter
The `global` parameter causes the time window defined by the `time`
parameter to be applied at the instance level instead of the session
level. This means that a write from one connection will cause all other
connections to use the master for a certain period of time.

Using a configurable time window for consistency is not good as it is not
absolute and cannot adjust to how servers behave.

One example that demonstrates this is when a slave is normally lagging
behind by less than a second but some event causes the lag to spike up to
several seconds. In this case the configured time window would no longer
guarantee consistency.

Another reason to avoid a "static" time window is the fact taht it
prevents load balancing in the cases where slaves catch up to the master
within time window. This happens when time is configured to a higher value
to avoid inconsistencies at all costs.

Added a test case that verified the feature works.
2019-11-04 08:32:17 +02:00
5a6d6733ae Fix qlafilter example config
`filebase` is a mandatory parameter.
2019-10-04 09:42:04 +03:00
59e7b2b09d Deprecate mqfilter 2019-06-26 10:08:15 +03:00
824a80e084 Update dbfwfilter and masking documentation 2019-06-24 10:37:15 +03:00
9f771ffc2b Revert "MXS-2513 Deprecate firewall and masking filters"
This reverts commit de3c5721e95d5d5be909a56faeb121ad09a2f6fe.
2019-06-24 10:21:01 +03:00
de3c5721e9 MXS-2513 Deprecate firewall and masking filters 2019-05-31 11:53:36 +03:00
0af1f6e690 Merge branch '2.3' into develop 2019-05-21 11:18:40 +03:00
bb706394f6 MXS-2473 Simplify regular expression settings documentation
The settings "match", "exclude" and "options" are now explained once
in the general documentation. The individual filter documentation refers
to the general explanation.
2019-05-20 11:18:03 +03:00
fb0745e3de Merge branch '2.3' into develop 2019-05-03 13:48:57 +03:00
279edce16e MXS-2457 Add treat_string_as_field to firewall
Necessary if the firewall should be able to block columns when
'ANSI_QUOTES' as enabled and " instead of backticks are used.

Without this, the following

    > set @@sql_mode='ANSI_QUOTES';
    > select "ssn" from person;

will not be blocked if the database firewall has been configured
to block the column ssn.
2019-05-03 13:38:12 +03:00
fe5160a714 MXS-2457 Add 'treat_string_arg_as_field' to DB Firewall 2019-05-03 13:38:12 +03:00
3a5a8b13b9 MXS-2457 Treat string args as fields
The masking filter will now consider all string arguments to
functions to be fields. This in order to prevent bypassing of
the masking with

    > set @@sql_mode='ANSI_QUOTES';
    > select concat("ssn") from masking;

This may lead to false positives, but no can do.
2019-05-03 13:38:12 +03:00
139651c092 MXS-2253 Runtime ttl changes are made in seconds
Internally durations are stored in milliseconds but runtime changes
using SQL are made in seconds. Consequently, the provided value must
be multiplied by 1000 before being stored.
2019-04-11 15:53:45 +03:00
2aa3515fc8 Merge commit '09cb4a885f88d30b5108d215dcdaa5163229a230' into develop 2019-04-04 14:34:17 +03:00
09cb4a885f Fix readconnroute name in examples 2019-04-03 12:57:05 +03:00
e659c6cc73 Merge branch '2.3' into develop 2019-04-01 13:24:30 +03:00
5346b24fa4 MXS-2393 Add parameter 'require_fully_parsed'
If set to true and if any of the other blocking related parameters
is true, then a statement that cannot be fully parsed will be blocked.

Default is true.
2019-04-01 10:52:52 +03:00
6bc2c54081 Merge commit 'a78f0fbe2537542dc7f3f0dd8b19b93ac8d9d7f8' into develop 2019-03-28 13:53:40 +02:00
8b4961261f MXS-2403 Update documentation 2019-03-25 15:26:17 +02:00
8b329f7f33 MXS-2403 Add 'check_subqueries' parameter
Only documentation and parameter handling.
2019-03-25 15:26:17 +02:00
ca8350ae35 MXS-2402 Document and handle 'check_unions' parameter
Only parameter handling, no actual functionality.
2019-03-25 15:24:35 +02:00
2ba7e63e7e Merge branch '2.3' into develop 2019-03-21 09:26:06 +02:00
76ac63096c MXS-2396 Add check_user_variables configuration parameter
The masking filter should check for things like

    set @ssn = (SELECT ssn FROM users WHERE id = 1);

so that

    select @ssn;

is not possible.
2019-03-20 15:11:58 +02:00
bd3d5bb010 MXS-2329 Use durations in throttle filter 2019-02-19 10:11:57 +02:00
f3acf77a9f MXS-2329 Use durations in ccrfilter
The time window of the ccrfilter is now specified as a duration.
Internally, the time window is still always handled as seconds.
2019-02-19 10:11:57 +02:00
2528c5fa4d MXS-2253 Make Cache use the new duration config type
Internally the Cache used seconds, so some changes were needed.
2019-02-14 10:57:55 +02:00
d44193bc9e Merge branch '2.2' into 2.3 2019-02-13 13:37:42 +02:00
6f2475b5fa MXS-2302: Document hintfilter behavior
Moved hintfilter documentation to the correct place and cleaned it
up. Added a note at the start of the syntax documentation about the
behavior of the hint parsing to warn users of possible unexpected
behavior. The hint parsing could really use some refactoring to make it
more manageable which is why the preliminary fix version of the bug will
be 2.4.
2019-02-11 03:18:38 +02:00
0859f3caff Merge branch '2.2' into 2.3 2019-01-07 10:33:34 +02:00
2172c4ca85 MXS-2048: Fix dbfwfilter module command documentation
Fixed the command names.
2019-01-06 13:17:32 +02:00
88f234fdcd MXS-2214: Fix object names in documentation
The object names now always use a valid and supported form.
2019-01-03 09:37:59 +02:00
1df42326d5 Clean up TopFilter documentation
Wrap lines, clean up headings and add table of contents.
2018-11-26 10:32:08 +02:00
ab7daa9327 Add table of contents to filter documentation
Only added the TOC to the longest files.
2018-11-26 10:32:08 +02:00
cdce11391a Add script template into Luafilter documentation
This makes copy-pasting it for testing a lot easier.
2018-11-13 16:48:03 +02:00
5b3a209643 Update the masking documentation 2018-11-09 12:05:13 +02:00
a883a4f3e0 Fix password documentation
The old parameter was used in some examples and no note about its removal
was in the parameter.
2018-11-06 15:09:14 +02:00
4d8a95d041 Merge commit '262f1d7e471bacca6b985ec3f2cd5cb76d6e2584' into 2.3 2018-10-26 12:44:57 +03:00
457d0c21dd Document error code and SQL state for blocked queries
If the dbfwfilter blocks a query a specific error is returned. This was
not documented and is needed to detect errors sent by the filter.
2018-10-18 02:02:14 +03:00
230345c98c Fix on_queries documentation
The combination of values was not documented.
2018-10-18 02:02:14 +03:00
6170a2193d Merge branch '2.2' into 2.3 2018-10-11 11:12:31 +03:00
0a04cb2d48 Clarify namedserverfilter documentation
The example configuration had wrong server names.
2018-10-09 13:42:56 +03:00
7c5d3a5e74 Update NamedServerFilter documentation and release notes 2018-10-03 13:50:04 +03:00
d0c5b2ff61 MXS-701: Amend binlogfilter documentation
Added clarifying comments and links to relevant documentation, fixed a
typo and changed some of the wording.
2018-09-26 11:26:37 +03:00
4ed0ef046e MXS-701: Update binlogfilter documentation
Rewrote most of the documentation.
2018-09-26 09:43:24 +03:00
9a6f1b2044 Merge branch '2.2' into develop 2018-08-28 16:06:23 +03:00
13c7072da1 Separate CCRFFilter hints section from the main overview
The text changed subjects rather abruptly. Having the hint part of it
gives some context and appears to make the text flow nicer.
2018-08-23 23:52:42 +03:00
d339b89990 MXS-1774 Make rejection of functions optional
It is now possible to prevent the masking filter from rejecting
statements using functions in conjunction with fields to be
masked. So now it is possible to not use the blanket rejection
of the masking filter and replace it with more detailed firewall
rules.
2018-07-06 11:20:31 +03:00
44ef4912e8 Merge branch '2.2' into develop 2018-07-03 21:13:41 +03:00
b0902402b6 MXS-1940 Turn cache filter non-experimental
Also change the following defaults:

- "selects": Was "verify_cacheable", is now "assume_cacheable"
- "cached_data": Was "shared", is now "thread_specific"
2018-07-02 08:44:39 +03:00
f6e01b4434 MXS-591 Fix documentation and change comment parameter type 2018-06-13 20:44:32 +03:00