Skip to Main Content

Possible to white-list certain client hosts for repeated connections?

icelavaOct 15 2019 — edited Oct 15 2019

Last week while troubleshooting a .NET Core application service leaking blank TCP connections in Linux, we found during a stress test that the app service - as a client to MySQL hosted in AWS RDS - could get blocked from making more connections to the database server with the exception


Host '<IP ADDR>' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'.

There is some documentation on how to alleviate this problem at which suggests what seems like a global solution of setting max_connect_errors to a much larger tolerance value.

I believe this problem is separate from another issue of MySQL database server rejecting connections simply because it has exceeded the max_connections limit (fixed to 66 for an AWS t2.micro instance size) and exception message becomes

Too many connections

The latter problem we constrained it by defining a MaximumPoolSize that won't exceed the hard limit of the RDS database server.

The former problem though, the suggested follow-up is to execute a FLUSH HOSTS command which appears to be an all-or-nothing approach to clear the entire Performance.host_cache table.

Is there a way to record the IP addresses of our app servers into some whitelist table, so that even if there might appear some spike in interrupted TCP connection attempts, it will still allow connections from those source IP addresses, thereby avoiding a manual action of logging into the database server to clear out the host_cache table just for the sake on one entry?

Post Details
Added on Oct 15 2019
1 comment