In order to create a cluster, we need to allow the incoming connections from other machines. Hence, we added bind=all
in our configuration. That meant literally any machine from the Internet can attempt a connection to our server which is prone to Distributed Denial of Service (DDOS) attack.
To protect the RethinkDB cluster, the best thing to do is to use put the entire RethinkDB machine into one protected network by using a firewall to prevent any such connection. However, this is not optimal and possible for every infrastructure for budget or maintenance reasons.
We can protect RethinkDB in the following ways:
Using transport layer security (successor of SSL)
Binding the web port
Let's look over each of them in detail.