1 Reply Latest reply on Oct 15, 2019 11:43 AM by Dave Stokes-MySQL Community Team-Oracle

    Possible to white-list certain client hosts for repeated connections?

    icelava

      Last week while troubleshooting a .NET Core application service leaking blank TCP connections in Linux, we found during a stress test that the app service - as a client to MySQL hosted in AWS RDS - could get blocked from making more connections to the database server with the exception

       

      MySql.Data.MySqlClient.MySqlException

      Host '<IP ADDR>' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'.

       

      There is some documentation on how to alleviate this problem at https://dev.mysql.com/doc/refman/8.0/en/blocked-host.html which suggests what seems like a global solution of setting max_connect_errors to a much larger tolerance value.

       

      I believe this problem is separate from another issue of MySQL database server rejecting connections simply because it has exceeded the max_connections limit (fixed to 66 for an AWS t2.micro instance size) and exception message becomes

       

      Too many connections

       

      The latter problem we constrained it by defining a MaximumPoolSize that won't exceed the hard limit of the RDS database server.

       

      The former problem though, the suggested follow-up is to execute a FLUSH HOSTS command which appears to be an all-or-nothing approach to clear the entire Performance.host_cache table.

       

      Is there a way to record the IP addresses of our app servers into some whitelist table, so that even if there might appear some spike in interrupted TCP connection attempts, it will still allow connections from those source IP addresses, thereby avoiding a manual action of logging into the database server to clear out the host_cache table just for the sake on one entry?