MySQL Error 1130 ER_HOST_NOT_PRIVILEGED: Host Not Allowed to Connect - Full Fix Guide

What is MySQL Error 1130 ER_HOST_NOT_PRIVILEGED?

MySQL raises Error 1130 with the message "Host '%s' is not allowed to connect to this MySQL server" when the server denies a network request from a client host. The privilege tables in the mysql database do not contain a matching user@host entry, so authentication never starts.

This error surfaces during initial TCP handshake, often surprising administrators because credentials look correct.

Fixing it is crucial because no SQL code runs until connectivity is restored.

When Does Error 1130 Appear?

The error appears immediately after a client issues the CONNECT packet. It is common after new server installs, IP changes, cloud migrations, or tighter firewall rules. Remote GUI tools, CLI clients, application pools, and CI pipelines can all trigger the message.

Why Is Fixing It Important?

Production services halt if they cannot reach MySQL.

Solving Error 1130 quickly restores application uptime, prevents data-access failures, and avoids cascading outages.

What Causes This Error?

Lack of a proper GRANT entry for the connecting host is the primary cause. MySQL scans the user table by host pattern; if no row matches, it refuses the connection.

Misconfigured bind-address, skip-networking, or firewall filtering can also block the host, producing the same error even if privileges exist.

How to Fix MySQL Error 1130 ER_HOST_NOT_PRIVILEGED

First confirm the client IP shown in the error.

Then log in locally as root or another privileged account and create or update a GRANT rule that whitelists that IP or subnet. Flush privileges so changes take effect immediately.

If a GRANT rule already exists, inspect bind-address, skip-networking, and firewalls. Ensure mysqld listens on 0.0.0.0 (or specific public IP) and that port 3306 is open.

Common Scenarios and Solutions

New Cloud VM: Cloud providers often assign dynamic public IPs.

Use a '%'wildcard or correct the IP in GRANT statements.

Docker Containers: Containers use internal networks. Expose port 3306 and grant to '172.%' or use host networking.

Office VPN: VPN subnets differ from on-prem ones. Add an extra GRANT for the VPN range.

Best Practices to Avoid This Error

Maintain a documented list of approved hosts and automate GRANT scripts in deployment pipelines. Monitor connection errors in MySQL error logs and alert on spikes.

Use host wildcards sparingly and prefer least privilege.

Galaxy users can save audited GRANT scripts in a shared Collection, ensuring team-wide visibility and fast rollbacks.

Related Errors and Solutions

Error 1045 (28000) - access denied: Triggered when a user matches but the password is wrong. Reset the password or update the client credentials.

Error 2003 (HY000) - can't connect to MySQL server: Indicates network reachability issues such as closed port 3306 or wrong hostname.

.