← HeatShield Docs

Securing Redis with a Firewall

According to the Redis documentation, Redis is designed to only be accessed by trusted clients. That means it is not safe to leave Redis exposed without a firewall. If you leave Redis publicly accessible, your data and infrastructure will be at risk of compromise.

With HeatShield, you can restrict access to your Redis server so it can only be accessed from the IP addresses that need to communicate with it.

For example, if you access your Redis server from multiple web servers, you can create a ruleset in HeatShield to open the Redis port on your Redis server to only your web servers.

Limiting Redis to a Set of IP Addresses

To use HeatShield to limit access to your Redis server, you can create a new ruleset that contains only the rules related to Redis. If you have multiple Redis servers, you can apply this ruleset to each Redis server.

First, connect your server to HeatShield and upgrade it to use custom rulesets.

Then, open your Rulesets page and click Create Ruleset.

Next, name your ruleset and click Create Ruleset.

Now, create a new firewall rule by selecting the policy, the destination, and the source.

Set the Policy to Allow.

Select Custom from the Destination dropdown and enter TCP 6379 as the Redis port.

Select Custom from the Source dropdown and enter the first IP address you want to allow access to Redis. For example, this could be the IP address of one of your web servers. Click Add.

Repeat this step for each additional IP address you want to allow access to Redis. You'll have a list similar to this example:

Applying the Redis Ruleset

To apply your new Redis ruleset to your database server, open the server in HeatShield.

Select your Redis Server ruleset from the drop-down list and click Apply Ruleset.

Your new ruleset will be applied.

If you run Redis instances on their own servers, you should also remove the HTTP/HTTPS ruleset from those servers.

Advanced security for your WordPress sites