B.5.2.6 ホスト 'host_name' は拒否されました

次のエラーが発生する場合は、mysqld が途中で中断された多数の接続要求を特定のホストから受け取ったことを意味します。

Host 'host_name' is blocked because of many connection errors.
Unblock with 'mysqladmin flush-hosts'

max_connect_errors システム変数の値は、連続して接続要求が中断された場合にそれを許可する回数を決定します。(セクション5.1.4「サーバーシステム変数」を参照してください。)接続が成功せずに max_connect_errors 回要求が失敗すると、mysqld は何らかの問題があると見なし (たとえば、何者かが侵入しようとしている)、FLUSH HOSTS ステートメントを発行するか、mysqladmin flush-hosts コマンドを実行するまで、そのホストが接続できないようにします。

デフォルトでは、mysqld は接続エラーが 100 回発生したあとにホストをブロックします (MySQL 5.6.6 より前では 10 回)。この値を調整するには、サーバーの起動時に max_connect_errors を設定します。

shell> mysqld_safe --max_connect_errors=10000 &


mysql> SET GLOBAL max_connect_errors=10000;

特定のホストで「ホスト 'host_name' は拒否されました」というエラーメッセージが表示される場合は、そのホストからの TCP/IP 接続に問題がないことを最初に確認してください。ネットワークに問題がある場合は、max_connect_errors 変数の値を増やしても意味はありません。

Download this Manual
EPUB - 7.5Mb
HTML Download (TGZ) - 7.1Mb
HTML Download (Zip) - 7.2Mb
User Comments
  Posted by Okan Cimen on May 17, 2002
I am running 3.23.49-nt on Win2K advanced server
w/ 2GB of RAM. When I set max_connections
parameter to 1000, connection time takes too
much. Keep it as low as you can
  Posted by Roel van der Made on August 19, 2004
The setting of 10000 on our Debian GNU/Linux environment (4 MySQL 4.0.20 servers with 4GB ram and dual Xeon 2.8 procs) worked out very well. So the previous poster's comment does certainly not affect all platforms.
I also think the default setting of 10 is a bit low, 1000 would be more likely..

  Posted by Gavin Hamill on August 31, 2004
This section of the manual is regarding max_connect_errors, and NOT max_connections - the previous two 'tips' are in the wrong section.

  Posted by Jason Miller on September 3, 2004
We ran into this problem because we use "nagios" as an availabilty monitor for our MySQL server. We were unaware of the custom nagios plugin to check mysql so we were doing a simple TCP/IP connection to the MySQL server to verify that it would receive the connection. This would eventually trigger this max-errors problem for us. However, it would only trigger it when there was no other activity on the MySQL server, making me believe that this max-errors number applies to consecutive bad connections, not bad connections intermingled with good ones.

We were not seeing any errors in the mysqld.log that led us to determine that our nagios check was the cause; luckily we realized it eventually.
  Posted by Gunnar Gunnarsson on September 29, 2004
A very useful link in relation to blocked hosts:
  Posted by Kovin Chan on October 5, 2004
I got a host to be connection blocked by server, however, those errors were not displayed in mysql error log, even log_warning is ON, wonder that should not be normal.
  Posted by Christian Hammers on November 23, 2004
Regarding the error log, mysqld prints errors to stderr which gets into
the mysql.err logfile. If you rotate that away all further messages will never show up as flush-logs does not reopen stderr!
(This does not apply to Debian Sarge and newer versions as they are patched to log error messages to syslog via a pipe to "logger")
  Posted by Joshua Franklin on December 1, 2006
We had the same problem with Nagios so I opened a bug:
  Posted by Priyanke de Siva on December 3, 2014
Hello All,

I was looking for a way to block hosts (for sometime) based on authentication failure counts (i.e. block bad attempts for a few minutes/hours and release automatically).

About a year ago I wrote something to block hackers to my SIP server which has proved successful.

Hence, I adapted it to MySQL.

The code/explanation is at http://www.abelcanada.com/securemysql.php for anybody who it interested.

This model can be adapted for any software which is used for IP (or any other) login and parameters can be changed to suite each individual requirement.

This complements IPTABLES, but is a better solution as it blocks the IP as a service, rather than global.


Sign Up Login You must be logged in to post a comment.