MySQL插件之连接控制插件(Connection-Control)
⽬录
插件介绍
MySQL 5.7.17 以后提供了Connection-Control插件⽤来控制客户端在登录操作连续失败⼀定次数后的响应的延迟。该插件可有效的防⽌客户端暴⼒登录的风险(攻击)。该插件包含以下2个组件
CONNECTION_CONTROL:⽤来控制登录失败的次数及延迟响应时间
CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS:该表将登录失败的操作记录⾄IS库中
插件安装
-- 配置⽂件增加以下配置
[mysqld]
plugin-load-add = connection_control.so
connection-control = FORCE
connection-control-failed-login-attempts = FORCE
connection_control_min_connection_delay = 1000
connection_control_max_connection_delay = 86400
connection_control_failed_connections_threshold = 3
-- 插件动态安装启⽤
mysql> INSTALL PLUGIN CONNECTION_CONTROL SONAME 'connection_control.so';
mysql> INSTALL PLUGIN CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS SONAME 'connection_control.so';
-- 验证是否正常安装
mysql> SELECT PLUGIN_NAME, PLUGIN_STATUS
安装mysql失败FROM INFORMATION_SCHEMA.PLUGINS
WHERE PLUGIN_NAME LIKE 'connection%';
mysql> SHOW PLUGINS;
插件配置
-- 查看默认相关变量
mysql> show variables like 'connection_control%';
+-------------------------------------------------+------------+
| Variable_name | Value |
+-------------------------------------------------+------------+
| connection_control_failed_connections_threshold | 3 |
| connection_control_max_connection_delay | 2147483647 |
| connection_control_min_connection_delay | 1000 |
+-------------------------------------------------+------------+
-
- 定制化配置
mysql> SET GLOBAL connection_control_failed_connections_threshold = 3;
mysql> SET GLOBAL connection_control_min_connection_delay = 1000;
mysql> SET GLOBAL connection_control_max_connection_delay = 86400;
-- 查看修改后的配置
mysql> show variables like 'connection_control%';
+-------------------------------------------------+-------+
| Variable_name | Value |
+-------------------------------------------------+-------+
| connection_control_failed_connections_threshold | 3 |
| connection_control_max_connection_delay | 86400 |
| connection_control_min_connection_delay | 1000 |
+-------------------------------------------------+-------+
connection_control_failed_connections_threshold
失败尝试的次数,默认为3,表⽰当连接失败3次后启⽤连接控制,0表⽰不开启
connection_control_max_connection_delay
响应延迟的最⼤时间,默认约25天
connection_control_min_connection_delay
响应延迟的最⼩时间,默认1000微秒,1秒
-- 该表记录登录失败的⽤户及失败次数,当⽤户登录成功后,登录失败的记录则会被删除。
-- 重新配置connection_control_failed_connections_threshold变量,该表记录会被删除(重置)
-- 如果使⽤不存在的⽤户登录,则该表记录⽤户名为空,但会记录具体登录的IP
use information_schema;
select * from connection_control_failed_login_attempts;
-- 连接控制的使⽤次数(可⽤户判断是否存在暴⼒登录尝试)
-- 重新配置connection_control_failed_connections_threshold变量,该表记录会被删除(重置) mysql> show global status like 'Connection_control_delay_generated';
+------------------------------------+-------+
| Variable_name | Value |
+------------------------------------+-------+
| Connection_control_delay_generated | 5 |
+------------------------------------+-------+
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论