I’ve got a small / medium sized VPS powered by WHM and running a few personal websites alongside a Magento powered web-store. Not being a real expert when it comes to server configuration details I’ve hired someone recently to oversee a memcached installation and which appears to work.
After some further reading on my own though I’ve stumbled upon a tutorial which mentioned that the related port (11211 in our case) has to be included / added to the TCP_IN” and “TCP_OUT” section of CSF which right now is clearly not the case in our installation.
Is this a real requirement? Can I feel free to add this related port and are there any advantages / disadvantages when doing this?
Some expert advise would be truly appreciated.
Thank you very much.
Actually, you do not want to open port 11211 in your firewall.
In your setup, memcached is running on the same machine, and localhost is rarely or never firewalled from itself since this causes the universe to implode. Thus processes on the same machine can talk to each other (e.g. PHP to memcached) without any other special firewall rules.
But, until very recently memcached had no built-in access control, and even if present it’s typically off by default, so anybody who can reach it on port 11211 can read or write anything to the cache. Definitely not what you want! Thus the firewall port needs to stay closed.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.