Protect rails backend servers from direct connections
https://stackoverflow.com/questions/4132265
-
29-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
It is classical scheme of serving Rails application: frontend is Apache (nginx, etc) on 80 port, and backend : cluster of mongrel (thin, unicorn, etc) on some other ports (for example 3000,3001,3002...).
How make, that back-end servers allow only local (from frontend) connections?
Solution
If you use the connection by socket, you are sur to be only in local.
After you can say to some server to accept only 127.0.0.0 request. Byt example with thin
thin start -a 127.0.0.0
The -a options is :
-a, --address HOST bind to HOST address (default: 0.0.0.0)
A good practice too is to add some Firewall to avoid all connection by anywhere to your proxy port.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
