Hi, Might be possible to implement something using iptables and owner match, for example
iptables -N memcache iptables -P memcache DROP iptables -A memcache -p tcp --dport 11211 -m owner --uid-owner client1 -j ACCEPT iptables -A memcache -p tcp --dport 11212 -m owner --uid-owner client2 -j ACCEPT iptables -A OUTPUT -p tcp -d <memcache-net>/255.255.255.xx -j memcache You would also need to add rules for UDP if you're going to use that. Perhaps not the best or most secure solution given the fact that it might be easy to forget to protect all ports and memcache servers from all webserver frontends/client accessible machines. Some sort of basic authentication would really help with this kind of scenario. //Mikael Krystian wrote: [snip] > I guess I didn't mention that I need memcached because of problem with > php session between Load Balanced webservers. > We run few testing web servers which share storage and database. Our > Load Balancer use round-robin to webserver, what cause that websites > with php sessions need to recreate sessions, and slow down access to > website even > 60 sec. > I can use sticky connections but then the load is not balanced. > I think that I can use memcached, but seems that I will have problem to > implement it in secure way. Each client run in chroot enviroment under > the some one user name. > Memcached should help me to sync sessions between servers, remove need > of recreating sessions between servers. > > Regards, > Hans >
signature.asc
Description: OpenPGP digital signature
