[SERVER-5267] Ability to block specific IPs from connecting Created: 09/Mar/12 Updated: 02/Apr/18 Resolved: 01/Mar/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.0.3 |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Jared D. Cottrell | Assignee: | Spencer Jackson |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Participants: | |||||||||
| Description |
|
It would be useful to be able to cut off specific IPs in an emergency when certain clients are bringing the server to its knees, whether maliciously or, more commonly, unwittingly. This should be able to be done without restarting the server. |
| Comments |
| Comment by Spencer Jackson [ 01/Mar/18 ] |
|
While the earlier advice regarding firewalls remains valid, there are now features in MongoDB which achieves this goal. If a set of clients need to be forbidden, an IP restriction can be attached to a role or user which the clients are using. This will prevent the client from being able to authenticate new connections. If existing operations executed by the client need to be terminated, the clients' logical sessions may be killed. |
| Comment by Scott Hernandez (Inactive) [ 09/Mar/12 ] |
|
This can be done by the host system (via a firewall rule for example) now. There is no host/user acl currently so that would be needed first. |