Query Firewall Rules make it possible to add and prioritize rules that prevent certain queries from reaching your database servers. You could use these rules to block malicious queries, prevent data deletion, modification or even prevent mass data theft.
Query Firewall Rules are specified in the same manner as cache rules by using Regular Expressions on SQL strings. A rule like ".*drop.*" will block any query that includes the keyword "drop".
Keep in mind that you can add rules per database but NOT per database user. The rules can include any valid REGEX with strings to specify the database name, table name, column name and/or values but it will not pick up the user name from which the connection has been initiated.
For example:
The firewall rule for a logical database, 'main_db' :
'select customer_name, customer_phone from main_db.customer_master where customer_id = ?'
This rule blocks all users from running the above query to fetch data from the database 'main_db' and the table 'customer_master'. In other words, using a REGEX pattern on a query, you cannot selectively allow one or more users from a group to access the database while blocking the rest.
You can blacklist a group of query patterns or a unique query to the firewall from the Analytics screen.
Before you add and configure firewall rules, make sure you have configured users and logical DB as described in Managing Users & DBs.
Follow these steps to configure a Query Firewall Rule:
- On the ScaleArc dashboard, click CLUSTERS > Settings > Security.
-
The query Firewall Rules screen lists one or more databases and the patterns associated with them.
-
Click on the Gear (edit) icon to open the database and its list of rules then configure as follows:
Field Description Default/User input ON/OFF button Enable or disable a firewall rule for the cluster. Default is ON. Database Lists all the databases for the cluster. Pattern Stats Lists all the firewall rules for the database selected.
Gear icon Opens the edit screen. Click on the edit icon next to a database to see its list of rules. Add Pattern button. Allows you to add a pattern to the firewall. Click on the Add Pattern button. Enable/Disable Enables or disables a rule. Enable/disable a firewall rule for a database. Delete The red Delete icon removes the rule. Click the Delete icon to remove a rule. - To add a pattern, click the Add Pattern button.
- Enter the order number and the pattern. Check the Enable checkbox to enable the firewall rule.
- Click Save to commit the new rule you created or click Back to exit the screen without saving changes.