{
  "id": "block-public-endpoints",
  "title": "Block public endpoints",
  "url": "https://redis.io/docs/latest/operate/rc/security/database-security/block-public-endpoints/",
  "summary": "Learn how to block the public endpoints of your databases.",
  "tags": [
    "docs",
    "operate",
    "rc"
  ],
  "last_updated": "2026-04-01T08:10:08-05:00",
  "page_type": "content",
  "content_hash": "8ee1d2933f1e6811ddb3729959fa1ed8f56928af86b05351a1258f41835ffe42",
  "sections": [
    {
      "id": "overview",
      "title": "Overview",
      "role": "overview",
      "text": "By default, you can connect to Redis Cloud databases through the database's public endpoint, or through the database's private endpoint with a private connectivity method. \n\nPublic endpoints are accessible from the public internet and don't require a private connectivity method. While this makes Redis Cloud databases convenient to use, it also exposes the databases to potential unauthorized access or brute force attacks, even with a database password in place. Some organizations may want to block public access to their databases to comply with security policies or to better meet stringent compliance standards.\n\nUsers with Redis Cloud Pro databases can choose to block public endpoints for all databases in their subscription.\n\n\nAfter you block your database's public endpoint, any connection from an IP address that is not part of the private address space defined in [RFC 1918](https://datatracker.ietf.org/doc/html/rfc1918#section-3) will be rejected. Ensure that all connections to your database are made through a private connectivity method before blocking the public endpoint."
    },
    {
      "id": "block-public-endpoints",
      "title": "Block public endpoints",
      "role": "content",
      "text": "You can block public endpoints for a [new subscription](#new-subscription) or an [existing subscription](#existing-subscription)."
    },
    {
      "id": "new-subscription",
      "title": "New subscription",
      "role": "content",
      "text": "To block the public endpoints when you [create a new Pro subscription]():\n\n1. Follow the instructions to [create a Pro database with custom settings](). \n1. On the **Setup** tab, go to **Advanced options > Security** to select persistent storage encryption options. \n1. Select **Block public endpoint** to block the public endpoint for all databases on the subscription. \n1. Select **Continue** to go to the [Sizing tab](). Follow the instructions to provision your database(s).\n\nAfter you block the public endpoints for a new subscription, you will need to set up a [private connectivity method](#private-connectivity-methods) to connect to your databases."
    },
    {
      "id": "existing-subscription",
      "title": "Existing subscription",
      "role": "content",
      "text": "For existing subscriptions, we recommend setting up a [private connectivity method](#private-connectivity-methods) to connect to your databases before blocking the private endpoint and migrating all connections to the private endpoint. \n\nTo block the public endpoints of an existing Pro subscription:\n\n1. From the [Redis Cloud console](https://cloud.redis.io/), select the **Subscriptions** menu and then select your subscription from the list. \n1. Open the **Security** tab to view security settings.\n1. In the **Endpoint** section, select **Edit**.\n1. Select **Block public endpoint**.\n1. Select **Save** to save your changes.\n1. A window will appear asking you to confirm that blocking the public endpoint will reject clients connecting to the public endpoint. Select **I understand** and then **Block** to confirm.\n\nAfter your changes are saved, any incoming connections to the public endpoint of your database will be rejected, and only connections through a private connectivity method will be allowed."
    },
    {
      "id": "turn-on-passwordless-authentication-for-the-default-user",
      "title": "Turn on passwordless authentication for the default user",
      "role": "content",
      "text": "If you have blocked the public endpoint for your Redis Cloud Pro subscription, you can turn on passwordless authentication for the [default user]() for any database in that subscription.\n\nTo turn on passwordless authentication:\n\n1. From the database **Configuration** tab, select **Edit**.\n1. In the **Security** section, select **Use passwordless auth** to turn on passwordless authentication.\n    \n1. Select **Save database** to save your changes."
    },
    {
      "id": "private-connectivity-methods",
      "title": "Private connectivity methods",
      "role": "content",
      "text": "Redis Cloud supports the following private connectivity options:\n- [VPC peering]()\n- [Google Cloud Private Service Connect]() _(Google Cloud only)_\n- [AWS Transit Gateway]() or [AWS PrivateLink]() _(AWS only)_"
    }
  ],
  "examples": []
}