Securing PostgreSQL with a Firewall

With HeatShield, you can restrict access to your PostgreSQL database server so it can only be accessed from the IP addresses that need to communicate with it.

For example, if you access your PostgreSQL server from multiple web servers, you can create a ruleset in HeatShield to open the PostgreSQL port on your database server to only your web servers.

Similarly, if you need to access PostgreSQL from your office as well, you can use HeatShield to allow access from your office's IP address.

Limiting PostgreSQL to a Set of IP Addresses

To use HeatShield to limit access to your PostgreSQL server, you can create a new ruleset that contains only the rules related to PostgreSQL. If you have multiple PostgreSQL servers, you can apply this ruleset to each PostgreSQL server.

First, connect your database server to HeatShield and upgrade it to use custom rulesets.

Then, open your Rulesets page and click Create Ruleset.

Next, name your ruleset and click Create Ruleset.

Now, create a new firewall rule by selecting the policy, the destination, and the source.

Set the Policy to Allow.

Select Custom from the Destination dropdown and enter TCP 5432 as the PostgreSQL port.

Select Custom from the Source dropdown and enter the first IP address you want to allow access to PostgreSQL. This could be, for example, the IP address of one of your web servers or your office IP address. Click Add.

Repeat this step for each additional IP address you want to allow access to PostgreSQL. You'll have a list similar to this example:

Applying the PostgreSQL Database Ruleset

To apply your new PostgreSQL ruleset to your database server, open the server in HeatShield.

Select your PostgreSQL Database ruleset from the drop-down list and click Apply Ruleset.

Your new ruleset will be applied.

If you use separate database servers, you can restrict access to your database servers even further by removing the HTTP/HTTPS ruleset from them.

Last updated: August 31, 2016

Still Have Questions?

Don't hesitate to contact us if you can't find the answers to your questions.