Firewall rules can be used to control the list of IP addresses that are allowed to connect to your database deployments. This functionality is only available for database deployments open to the internet.
For Redis™* deployments open to the Internet firewall rules are mandatory. If you wish to open your Redis™ deployments to the internet you can use 0.0.0.0/0 (Although this is not recommended for Security reasons)
CIDR is the short for Classless Inter-Domain Routing, an IP addressing scheme. A CIDR IP address looks like a normal IP address except that it ends with a slash followed by a number, called the IP network prefix. CIDR addresses reduce the size of routing tables and make more IP addresses available within organizations.
For example, we could express the idea that the IP address 192.168.0.11 is associated with the netmask 255.255.255.0 by using the CIDR notation of 192.168.0.11/24. This means that the first 24 bits of the IP address given are considered significant for the network routing.
Firewall rules in Redis™ are added by specifying IP CIDRs. These can be added at the cluster level or account level.
Firewall rules can be added at the deployment level. These rules will only be applied on a per-deployment basis.
Navigate to the details page and click on the Firewall Rules option
Please note that the Firewall Rules functionality is only available for deployments that are open to the internet
Once the modal is opened up, you can add Firewall Rules in the form of IP CIDRs. Only these IPs will be allowed access to the deployment.
0.0.0.0/0 not recommended
Please note that opening your Redis™ deployment to the internet is not suggested. If you want, you can still add 0.0.0.0/0 to the rules list
After you have entered the list of IP CIDRs that will be allowed access to the deployment, click on Configure. This will push the rules to the deployment and apply them
Make sure that you update all apps using this deployment to reflect the new access rules
You can also set up Account Level Firewall Rules. These will be pushed to all deployments in your account irrespective of database type.
The advantage of using Account level rules is that you don’t have to repeat the same firewall rules per deployment.
To get started, go to Settings > Global rules > Firewall rules
Similar to adding IP CIDRs for deployment level, we can add IP CIDRs for account level as well
Once all your IP CIDRs have been added, click the Save button to save the firewall rules.
Note that these rules have still not applied yet. To do so, go to your Redis™ deployment(s), open the Firewall Modal and press Configure to push the rules to the deployment.
If you have a lot of deployments, you will have to individually go to each deployment and configure the account level rules
Once the Firewall Rules have been applied, you should see a green check on the Firewall Rules option on the Cluster Details page.
* Redis is a trademark of Redis Labs Ltd. Any rights therein are reserved to Redis Labs Ltd. Any use by ScaleGrid is for referential purposes only and does not indicate any sponsorship, endorsement or affiliation between Redis and ScaleGrid.
Updated about a year ago