Securing MongoDB with a Firewall

According to the MongoDB documentation, you should ensure only trusted hosts have access to MongoDB to reduce the risk exposure of the entire MongoDB system.

With HeatShield, you can easily restrict access to your MongoDB server so it can only be accessed from IP addresses that need to communicate with it.

For example, if you access your MongoDB server from multiple web servers, you can create a ruleset in HeatShield to open the MongoDB port on your database server to only your web servers.

Similarly, if you need to access MongoDB from your office as well, you can use HeatShield to allow access from your office's IP address.

Limiting MongoDB to a Set of IP Addresses

To use HeatShield to limit access to your MongoDB server, you can create a new ruleset that contains only the rules related to MongoDB. If you have multiple MongoDB servers, you can apply this ruleset to each MongoDB server.

First, connect your database server to HeatShield and upgrade it to use custom rulesets.

Then, open your Rulesets page and click Create Ruleset.

Next, name your ruleset and click Create Ruleset.

Now, create a new firewall rule by selecting the policy, the destination, and the source.

Set the Policy to Allow.

Select Custom from the Destination dropdown and enter TCP 27017 as the MongoDB port.

Select Custom from the Source dropdown and enter the first IP address you want to allow access to MongoDB. This could be, for example, the IP address of one of your web servers or your office IP address. Click Add.

Repeat this step for each additional IP address you want to allow access to MongoDB.

You must also repeat this process for each of the remaining MongoDB ports: 27018, 27019, and 28017.

Your final ruleset will look similar to this example:

Applying the MongoDB Ruleset

To apply your new MongoDB ruleset to your database server, open the server in HeatShield.

Select your MongoDB ruleset from the drop-down list and click Apply Ruleset.

Your new ruleset will be applied.

If you use separate database servers, you can restrict access to your database servers even further by removing the HTTP/HTTPS ruleset from them.

Last updated: September 01, 2016

Still Have Questions?

Don't hesitate to contact us if you can't find the answers to your questions.