Bug #83972 Please add black list
Submitted: 25 Nov 2016 22:59 Modified: 27 Nov 2016 12:18
Reporter: Shinya Sugiyama Email Updates:
Status: Open Impact on me:
None 
Category:MySQL Server: Security: Firewall Severity:S4 (Feature request)
Version:any OS:Any
Assigned to: CPU Architecture:Any

[25 Nov 2016 22:59] Shinya Sugiyama 
Description:
Please add black list mode for MySQL Enterprise Firewall.
Current MySQL Enterprise Firewall Version support only White list mode; however, it sometime require frequent learning and updating white list.

If user want to block only some amount of specified query, black list might be more helpful.

http://dev.mysql.com/doc/refman/5.7/en/firewall.html

How to repeat:
This is not a bug.

Suggested fix:
If it not so difficult, adding flag for choosing whitelist or black list.

Firewall OFF = 0
White List mode = 1
Black List Mode = 2
[26 Nov 2016 3:58] MySQL Verification Team 
is it feasible to use the query rewriter plugin to rewrite 'bad' queries as a workaround?

https://dev.mysql.com/doc/refman/5.7/en/rewriter-query-rewrite-plugin-usage.html
[27 Nov 2016 12:18] Shinya Sugiyama 
Hi Shane,

Thank you. Yes, I think it is one of good option.
I would like to monitor, following status variables too.

mysql> show status like '%fire%';
+----------------------------+-------+
| Variable_name              | Value |
+----------------------------+-------+
| Firewall_access_denied     | 0     |
| Firewall_access_granted    | 0     |
| Firewall_access_suspicious | 0     |
| Firewall_cached_entries    | 0     |
+----------------------------+-------+
4 rows in set (0.01 sec)

Best Regards
Shinya