This is a mirror of official site: http://jasper-net.blogspot.com/

Block IP Addresses to SQL Server using a Logon Trigger

Posted by jasper22 at 15:01 | Wednesday, October 13, 2010
We were testing a scenario and wanted to block SQL Server connection through certain IP addresses. Here’s how we solved the requirement using a Logon Trigger

CREATE TRIGGER AllowLocalOnly
ON ALL SERVER
FOR LOGON
AS
BEGIN
DECLARE @IP Varchar(500)
SET @IP = EVENTDATA().value
('(/EVENT_INSTANCE/ClientHost)[1]', 'varchar(500)')
IF @IP
IN ('172.16.255.11', '172.20.254.1', '172.26.254.12')
BEGIN
Print 'There I caught you ' + @IP
ROLLBACK TRANSACTION
END
END
GO
If the user tries to login through any of these I.P. addresses, the Logon trigger will fire after the authentication phase of logging, but before the user session is actually established, and rollback the transaction. This will restrict Login to SQL Server.

If there is an attempt to login from any of these I.P. Addresses, you can find out by searching the SQL Server error log for something similar to – ‘There I caught you 172.16.255.11 ’. Although I haven’t tried but you can also send an email instead of just printing the error in the error log.

Note: Logon Triggers are available only from SQL Server 2005 SP2 onwards.

Read more: SQL Server curry

Posted via email from .NET Info

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)