I spent to day adding new web servers to my employers co-located cabinet, our older ones just weren’t cutting it any more – mainly because they did not have enough memory. Most of the stuff that we run is back-ended by an MySQL database running on a nice fat machine with lots of disks all setup in a RAID-10 configuration, behind our firewall. The web servers are hosted on their own DMZ and connect to the MySQL server via IP through the firewall.
So, for the 100th time, I was writing SQL of the sort:
grant all privileges on wp_mainsite to 'wbusr_mainsite'@'10.0.%' identified by 'Secret';
This works fine, but what if you want to use CIDR to specify a smaller sub-net. I found numerous references to the fact that you can simply use the / notation, as in /12 for the number of network bits. The MySQL documentation, comprehensive as it is, simply does not seem to say how you can do this, other than that you can. After tinkering for a bit, I realized that the only way to achieve this is to use the full sub-net mask in dotted decimal format. So lets say you have a /30 sub-net, starting at 10.1.1.0. To grant this access to the MySQL database you need to specify the grant statement as follows:
grant all privileges on wp_mainsite to 'wbusr_mainsite'@'10.1.1.0/255.255.252' identified by 'Secret';
This achieves what you would like and any machine (or person) using those credentials from an IP on your 10.1.1.0/30 network will have access to the wp_mainsite database.
Don’t just blindly copy this code, you probably don’t want to give a typical web application all privileges on a database, so figure out what your specific needs are and work with that. For more information see the MySQL handbook for the syntax of the grant statement.
