Client Error Limit

‘Client Error Limit’ is a feature that limits the number of connection errors that can be initiated from a particular address before denying future connections from that address.

Feature is controlled by variables:

  • mysql-client_host_error_counts: Determines the number of errors than a client address needs to reach before getting banned for future connections.
  • mysql-client_host_cache_size: Determines the size of the cache being used for keeping track of the client addresses that have had any connection errors.
  • Command ‘PROXYSQL FLUSH MYSQL CLIENT HOSTS‘: Clears the client host cache.

By default mysql-client_host_error_counts and mysql-client_host_cache_size have both a value of ‘0’. For enabling the feature it’s enough to set the value for mysql-client_host_cache_size above this default one. When enabled, the expected behavior for the cache is the following:

When a new connection arrives, the cache checks for knowing if the client address has reached the
maximum errors; if the limit has been reached, an error is printed in ProxySQL log advertising the
event. If the limit is not reached, the connection tries to be performed, the situation has now two
possible outcomes:

   a) The connection fails, the client address is added to the cache if it wasn't present, otherwise,
   its error count is increased. If the cache was full, the oldest entry will be replaced with one
   holding this client address.
   b) The connection succeeds, if the client address was present in the cache, it's removed from it.

In order to inspect the current contents of the client_host_cache two stats tables can be queried:

  • stats.stats_mysql_client_host_cache
  • stats.stats_mysql_client_host_cache_reset

The details of contents of these tables can be checked in stats documentation. As in other tables, querying stats.stats_mysql_client_host_cache_reset performs a reset of the current values held by the cache.