Versions available for this page: CUBRID 8.4.0 |
To limit the brokers and the CSQL interpreters connecting to the database server, set yes for the access_ip_control parameter in the cubrid.conf file, and input a path of the file in which the list of IP addresses allowed to access theaccess_ip_control_file parameter value is written. You should enter the file path as the absolute path. If you enter the relative path, the system will search the file under the $CUBRID/conf directory in Linux and under the %CUBRID%\conf directory in Windows.
Configure the cubrid.conf file as follows:
The format of the access_ip_control_file file is as follows:
To configure settings for several database servers, it is possible to specify additional [@<db_name>] and <ip_addr>.
If a value for access_ip_control is set to yes and a value for access_ip_control_file is not specified, the server will block an access from all IPs and only allow the access from the localhost. If the analysis of access_ip_control_file fails due to an incorrect format while the server is running, the server will not run.
The following is an example of access_ip_control_file.
For the above example, the dbname1 database allows the access from the IP of 10.10.10.10 or IPs s starting with 10.156. The dbname2 database allows the access from all IPs. The dbname3 database allows the access from the IP of 192.168.1.15.
For the database which has already been running, you can modify the configuration file or check the currently applied status of configuration by using the following commands.
To change the contents of access_ip_control_file and apply it to the server, use the following command.
cubrid server acl reload <database_name>
To display the IP configuration for the server which is running, use the following command.
cubrid server acl status <database_name>
If you access the database server through an IP that is not allowed, the following server error logs will be created in a server error log file.
Time: 10/29/10 17:32:42.360 - ERROR *** ERROR CODE = -1022, Tran = 0, CLIENT = (unknown):(unknown)(-1), EID = 2
Address(10.24.18.66) is not authorized.
Note For more information on how to limit an access to the broker server, see Broker Server Access Limitation.