When securing Memcache for your Drupal installation, the first challenge is locating the correct configuration file. The file location varies significantly between Linux distributions:
# Debian/Ubuntu:
/etc/memcached.conf
# RHEL/CentOS:
/etc/sysconfig/memcached
# Arch Linux:
/etc/conf.d/memcached
# Custom installations may use:
/usr/local/etc/memcached.conf
Try these commands to locate your active configuration:
# Check running process arguments
ps aux | grep memcached
# Search common locations
sudo find / -name "*memcache*" -type f
If no configuration exists, you can safely create one. Here's a secure baseline configuration for Drupal:
# /etc/memcached.conf
# Listen only on localhost by default
-l 127.0.0.1
# Memory allocation (adjust for your server)
-m 64
# Maximum connections
-c 1024
# Disable UDP protocol (security best practice)
-U 0
# Verbose logging for troubleshooting
-vv
When Drupal and Memcache run on separate servers, bind to a specific interface:
# Replace with your internal network IP
-l 192.168.1.100
# Then restrict access with iptables:
sudo iptables -A INPUT -p tcp --dport 11211 -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 11211 -j DROP
After modifying the configuration, restart Memcache and verify:
# Ubuntu/Debian
sudo systemctl restart memcached
# Check listening ports
netstat -tulnp | grep memcached
# Test connectivity
telnet 127.0.0.1 11211
stats
In your Drupal settings.php, add these security-conscious configurations:
$conf['memcache_servers'] = ['127.0.0.1:11211' => 'default'];
$conf['memcache_key_prefix'] = 'your_unique_prefix_';
$conf['memcache_options'] = [
Memcached::OPT_BINARY_PROTOCOL => TRUE,
Memcached::OPT_TCP_NODELAY => TRUE,
Memcached::OPT_RETRY_TIMEOUT => 2,
];
Implement these security monitoring practices:
# Regular log checks
grep -i "error\|warning\|failed" /var/log/memcached.log
# Automated monitoring script example:
#!/bin/bash
if ! nc -z 127.0.0.1 11211; then
echo "Memcache down!" | mail -s "Alert" admin@example.com
fi
For connection problems, check these diagnostic commands:
# Check if Memcache is running
sudo systemctl status memcached
# Check port accessibility
telnet your_server_ip 11211
# Verify Drupal can connect
drush eval "print_r(drupal_map_assoc(memcache_get_stats()));"
When securing Memcache for Drupal implementations, the configuration file location varies significantly between Linux distributions:
# For RHEL/CentOS systems:
/etc/sysconfig/memcached
# For Debian/Ubuntu systems:
/etc/memcached.conf
# For custom compiled installations:
/usr/local/etc/memcached.conf
If the configuration file doesn't exist in standard locations, you can safely create it. Here's a basic template for Debian-based systems:
# Example /etc/memcached.conf
# Listen on localhost only (recommended for security)
-l 127.0.0.1
# Standard Memcache port
-p 11211
# Memory allocation (adjust based on your needs)
-m 64
# Maximum number of simultaneous connections
-c 1024
If you're unsure where Memcache is loading its configuration from, try these diagnostic commands:
# Check running process parameters
ps aux | grep memcached
# For systemd services:
systemctl status memcached
journalctl -u memcached
# Check which configuration file was loaded (if any)
memcached -h | grep "config file"
For Drupal implementations, consider these additional security measures:
# In settings.php for Drupal
$settings['memcache']['servers'] = ['127.0.0.1:11211' => 'default'];
$settings['memcache']['key_prefix'] = 'your_unique_prefix_';
$settings['memcache']['stampede_protection'] = TRUE;
After making changes, verify your Memcache binding:
# Check listening ports
netstat -tulnp | grep memcached
# Should show: tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN
# Test connectivity
telnet 127.0.0.1 11211
stats
Beyond security, consider these performance tweaks for Drupal:
# In /etc/memcached.conf
# Adjust slab sizes based on your content
-I 1m
# Enable large memory pages
-L
# Increase item size limit
-P
For comprehensive documentation, refer to the official Memcached Wiki and Drupal Memcache documentation.