[SERVER-5267] Ability to block specific IPs from connecting Created: 09/Mar/12  Updated: 02/Apr/18  Resolved: 01/Mar/18

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.0.3
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: Jared D. Cottrell Assignee: Spencer Jackson
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-15461 Mechanism to allow restricting auth b... Closed
Participants:

 Description   

It would be useful to be able to cut off specific IPs in an emergency when certain clients are bringing the server to its knees, whether maliciously or, more commonly, unwittingly.

This should be able to be done without restarting the server.



 Comments   
Comment by Spencer Jackson [ 01/Mar/18 ]

While the earlier advice regarding firewalls remains valid, there are now features in MongoDB which achieves this goal. If a set of clients need to be forbidden, an IP restriction can be attached to a role or user which the clients are using. This will prevent the client from being able to authenticate new connections. If existing operations executed by the client need to be terminated, the clients' logical sessions may be killed.

Comment by Scott Hernandez (Inactive) [ 09/Mar/12 ]

This can be done by the host system (via a firewall rule for example) now. There is no host/user acl currently so that would be needed first.

Generated at Thu Feb 08 03:08:23 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.