How to secure memcached?

security memcached

Just block the memcached port in firewall and allow access only from the database server. This should give you some protection. Also you can bring up a SSL tunnel between the mysql and memcached server and make the memcached-mysql data flow through it only.

For the SSL tunnel you can use IPSEC, to set it up you can follow the tutorial at http://wiki.debian.org/IPsec or http://lartc.org/howto/lartc.ipsec.tunnel.html

For blocking the port for all ip's except one you can issue an iptables command like:

iptables -A INPUT -s 2.2.2.2/32 -p tcp --destination-port 11211 -j ALLOW
iptables -A INPUT -s 0.0.0.0/0 -p tcp --destination-port 11211 -j DROP

or:

iptables -A INPUT -s !2.2.2.2/32 -p tcp --destination-port 11211 -j DROP

Also as I understand your webserver and memcached server are on the same machine? If so then it is your webserver that will communicate with memcached rather then the mysql server. It will just either get the data from cache or if it's not present in the cache will get it from the mysql server. In this case it's just enough to bind memcached to localhost so only your webserver can access memcached using php, ruby, python or any other language code, this should as safe as it can be.

Related

Fail to mount image files in windows server 2012
Ram recommendations vs SQL DB size
Server freeze - how to debug
HTTP/1.1 Status Codes 400 and 417, cannot choose which
Flash Backed Write Cache (FBWC) without capacitor pack
Install xdebug for php 5.3.17 on centos 6.3 (final)
TCP connection stuck in SYN_RECV state despite ACK received, Linux 2.6.18, embedded, ARM
Is this IPv4 and subnet combination public or private? [duplicate]
If a managed network switch were to overheat, would you consider it no longer reliable?
How to 'undeclare' a custom function in a loop
Auto restart server if virtual memory is too low
Delete files from command line using smb:// URL