Guide for letting memcached only listen on localhost

Are you concerned about the security while using memcached on your server with Railgun? There is a solution by letting memcached only listen on localhost i.e. 127.0.0.1 IP. Doing so, remote access is not possible with the memcached setup on your server. This will make your system one step ahead to security. This can be done with few numbers of steps.

Requirements

• Root/Sudo Access to the Server

Procedure

1. Log in to the server using root user or sudo user.
2. Check the default port to which memcached is listening
   cat /etc/sysconfig/memcached
   
   In our case, it is listening to 11211 Port
3. Check on what interfaces memcached is available.
   netstat -utanp | grep memcache
   or check using Port 11211 from memcached config
   netstat -an | grep ":11211"
   
   With default config, it must be listening to all the local as well as remote connections.
4. Restrict memcached to listen on localhost only i.e. 127.0.0.1 IP by editing Memcached config located at /etc/sysconfig/memcached
   Edit the config file and change the last line with the OPTIONS variable to the following and save it
   OPTIONS="-l 127.0.0.1"
5. Restart Memcached
   service memcached restart
6. Restart Railgun if you are using it
   service railgun restart
7. Now, check on what interfaces memcached is available. You’ll notice it only listens on localhost (127.0.0.1).
   netstat -utanp | grep memcache
   or check using Port 11211 from memcached config
   netstat -an | grep ":11211"
   

With this, we have restricted memcached to listen on localhost.