Securing MySQL with a Firewall

As with any database, you should restrict access to your MySQL server so it can only be accessed from IP addresses that need to communicate with it.

For example, if you access your MySQL server from multiple web servers, you can create a ruleset in HeatShield to open the MySQL port on your database server to only your web servers.

Similarly, if you need to access MySQL from your office as well, you can use HeatShield to allow access from your office's IP address.

Limiting MySQL to a Set of IP Addresses

To use HeatShield to limit access to your MySQL server, you can create a new ruleset that contains only the rules related to MySQL. If you have multiple MySQL servers, you can apply this ruleset to each MySQL server.

First, connect your database server to HeatShield and upgrade it to use custom rulesets.

Then, open your Rulesets page and click Create Ruleset.

Next, name your ruleset and click Create Ruleset.

HeatShield already has the default MySQL port (3306) in its list of destinations, so create a new rule by setting the Policy to Allow and the Destination to MySQL.

Select Custom from the Source dropdown and enter the first IP address you want to allow access to MySQL. This could be, for example, the IP address of one of your web servers or your office IP address. Click Add.

Repeat this step for each additional IP address you want to allow access to MySQL. You'll have a list similar to this example:

Changing the MySQL Port

If you customized your server to listen for MySQL on a nonstandard port, you can easily create a ruleset to allow access to this port.

First, open your Rulesets page in HeatShield and click Create Ruleset.

Next, name your ruleset and click Create Ruleset.

Now, create a new MySQL rule by selecting the policy, the destination, and the source.

Since you'll only be customizing the destination, set the Policy to Allow and the Source to Any.

Select Custom from the Destination dropdown and enter your new MySQL port. Click Add.

Applying the MySQL Database Ruleset

To apply your new MySQL ruleset to your database server, open the server in HeatShield.

Select your MySQL Database ruleset from the drop-down list and click Apply Ruleset.

Your new ruleset will be applied.

If you use separate database servers, you can restrict access to your database servers even further by removing the HTTP/HTTPS ruleset from them.

Last updated: October 19, 2016

Still Have Questions?

Don't hesitate to contact us if you can't find the answers to your questions.