8.3 Set Maximum Connection Limits for Server and per User

Information

Limiting concurrent connections to a MariaDB server can be used to reduce risk of Denial of Service (DoS) attacks performed by exhausting connection resources.

Rationale:

Limiting the number of concurrent sessions at the server and per user level helps to reduce the risk of DoS attacks. MariaDB provides mechanisms to limit the number of simultaneous connections that can be made at the server level or by any given account.

Solution

To persist changes to global settings, you must set these variables within MariaDB configuration files.

To set the global default per-user connection limit, set the max_user_connections variable to a numeric value.

To set the maximum number of clients the server permits to simultaneously connect, set the max_connections variable to a numeric value.

You may also set these variables dynamically (and only temporarily) for a running instance of MariaDB by connecting as an administrator and utilizing the commands below.

SET GLOBAL max_user_connections=<desired numeric value>;
SET GLOBAL max_connections=<desired numeric value>;

Additionally, connections limits can be set distinctly for each user using CREATE or ALTER commands.
For example:

ALTER USER 'fred'@'localhost'
WITH MAX_CONNECTIONS_PER_HOUR 5
MAX_USER_CONNECTIONS 2;

Default Value:

The default value of max_connections is 151, max_user_connections is 0 (unlimited, thus limited by max_connections). By default, users are created without their own distinct connection limits.

See Also

https://workbench.cisecurity.org/benchmarks/16527

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5

Plugin: MySQLDB

Control ID: c361fd6a65b5cf3af75244aaba5702a76305a7118ed8600e6716071e843dd754