Documentation Home
Security in MySQL
Related Documentation Download this Excerpt
PDF (US Ltr) - 1.0Mb
PDF (A4) - 1.0Mb
HTML Download (TGZ) - 229.7Kb
HTML Download (Zip) - 238.5Kb


Security in MySQL  /  ...  /  MySQL Enterprise Firewall System Variables

7.5.4.3 MySQL Enterprise Firewall System Variables

MySQL Enterprise Firewall supports the following system variables. Use them to configure firewall operation. These variables are unavailable unless the firewall is installed (see Section 7.5.2, “Installing or Uninstalling MySQL Enterprise Firewall”).

  • mysql_firewall_max_query_size

    Property Value
    Command-Line Format --mysql-firewall-max-query-size=size
    Introduced 5.6.24
    Removed 5.6.26
    System Variable mysql_firewall_max_query_size
    Scope Global
    Dynamic No
    Type Integer
    Default Value 4096
    Minimum Value 0
    Maximum Value 4294967295

    The maximum size of a normalized statement that can be inserted in the MySQL Enterprise Firewall cache. Normalized statements longer than this size are truncated. Truncated statements are discarded if the firewall mode for the current user is RECORDING and rejected if the mode is PROTECTING.

    mysql_firewall_max_query_size was removed in MySQL 5.6.26. max_digest_length should be set large enough to avoid statement truncation.

  • mysql_firewall_mode

    Property Value
    Command-Line Format --mysql-firewall-mode={OFF|ON}
    Introduced 5.6.24
    System Variable mysql_firewall_mode
    Scope Global
    Dynamic Yes
    Type Boolean
    Default Value ON

    Whether MySQL Enterprise Firewall is enabled (the default) or disabled.

  • mysql_firewall_trace

    Property Value
    Command-Line Format --mysql-firewall-trace={OFF|ON}
    Introduced 5.6.24
    System Variable mysql_firewall_trace
    Scope Global
    Dynamic Yes
    Type Boolean
    Default Value OFF

    Whether the MySQL Enterprise Firewall trace is enabled or disabled (the default). When enabled, mysql_firewall_trace has this effect:

    • In MySQL 5.6.24, the firewall writes a file named firewall_trace.txt in the data directory.

    • In MySQL 5.6.25 and higher, for PROTECTING mode, the firewall writes rejected statements to the error log.


User Comments
User comments in this section are, as the name implies, provided by MySQL users. The MySQL documentation team is not responsible for, nor do they endorse, any of the information provided here.
Sign Up Login You must be logged in to post a comment.