memc_cmds_allowed
The `memc_cmds_allowed` directive specifies a list of allowed memcached commands based on HTTP request types.
Description
The memc_cmds_allowed directive enables the configuration of allowable memcached commands for different HTTP methods when interfacing with a memcached server through the ngx_memc module. It takes one or more parameters that define the commands permitted during a request, providing enhanced security by restricting operations to only those specified. For instance, you can allow only GET, SET, and DELETE commands while disallowing others, depending on application requirements.
The directive can be specified at various levels within the NGINX configuration, including http, server, and location contexts. When the request is processed, the configuration utilizes the command checks defined by memc_cmds_allowed to determine if a specific operation is permissible. If a command not in the allowed list is requested, NGINX will return an error instead of attempting to communicate with the memcached server. This protects against unauthorized operations that could lead to potential data integrity issues.
In practice, the directive enhances server security by ensuring that only explicitly defined commands are executed, limiting the attack surface that could be exploited by attackers attempting unauthorized actions through HTTP requests.
Config Example
location /foo {
set $memc_key $arg_key;
memc_cmds_allowed get set delete;
memc_pass 127.0.0.1:11211;
}Ensure that the allowed commands match the HTTP methods used by your application to prevent unexpected errors.
Leaving memc_cmds_allowed unset will cause all commands to be disallowed, potentially leading to 403 Forbidden errors on basic operations.