How to fix MariaDB 1130 Host is not allowed to connect to this MySQL server?

Create or extend the user grant for the correct host: '%' matches any host. Prefer specific IPs or subnets in production to limit attack surface.

1130

MariaDBERRORCommonAccess ControlHIGH confidence

Host is not allowed to connect to this MySQL server

Q: How to fix MariaDB 1130 Host is not allowed to connect to this MySQL server?

Enable skip-name-resolve and use IP-based grants: skip-name-resolve disables reverse DNS lookups, speeding up connection setup and avoiding hostname mismatch errors.

Production Risk

HIGH — blocks all connections from ungranted hosts.

What this means

Error 1130 (SQLSTATE HY000) is raised when a client's host does not match any host entry in the mysql.user table for the given username. The server rejects the connection before authentication even begins.

Why it happens

1User account was created with 'user'@'localhost' but the client is connecting from a different IP
2User account uses a specific IP (e.g. 'user'@'192.168.1.10') that does not match the actual client IP
3DNS reverse-lookup failure causes the resolved hostname to differ from the grant
4skip-name-resolve is enabled but the grant uses a hostname instead of an IP

How to reproduce

A client connecting from a host not listed in the user's grant.

trigger — this will error

-- From a remote machine:
mysql -h db.example.com -u appuser -p
-- appuser only has a grant for 'appuser'@'localhost'

expected output

ERROR 1130 (HY000): Host '203.0.113.45' is not allowed to connect to this MySQL server

Fix 1

Create or extend the user grant for the correct host

WHEN When the client host is known and the connection is intentional.

Create or extend the user grant for the correct host

-- Grant access from a specific IP:
CREATE USER 'appuser'@'203.0.113.45' IDENTIFIED BY 'secret';
GRANT SELECT, INSERT, UPDATE, DELETE ON myapp.* TO 'appuser'@'203.0.113.45';

-- Or use a wildcard for any host (use with care):
CREATE USER 'appuser'@'%' IDENTIFIED BY 'secret';
GRANT SELECT, INSERT ON myapp.* TO 'appuser'@'%';
FLUSH PRIVILEGES;

Why this works

'%' matches any host. Prefer specific IPs or subnets in production to limit attack surface.

Fix 2

Enable skip-name-resolve and use IP-based grants

WHEN When DNS lookups are slow or unreliable.

Enable skip-name-resolve and use IP-based grants

-- In my.cnf / server.cnf:
-- [mysqld]
-- skip-name-resolve

-- All grants must then use IP addresses, not hostnames.

Why this works

skip-name-resolve disables reverse DNS lookups, speeding up connection setup and avoiding hostname mismatch errors.

What not to do

✕ Grant '%' from any host in production without network-level controls

Exposes the database to the public internet; combine with firewall rules if '%' is necessary.

Sources

Official documentation ↗

MariaDB Server error code 1130 / ER_HOST_NOT_PRIVILEGED

MariaDB Remote Client Access ↗MariaDB skip-name-resolve ↗

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformMariaDB Error Codes

Code1130

ClassAccess Control

SeverityERROR

TierCommon

ConfidenceHIGH