1. Protected Mode
There is such a configuration in the redis.conf configuration file:
protected-mode yes
There's a comment above that nicely explains what it does
Protected mode is a layer of security protection, in order to avoid that Redis instances left open on the internet are accessed and exploited.
When protected mode is on and the default user has no password, the server only accepts local connections from the IPv4 address (127.0.0.1), IPv6 address (::1) or Unix domain sockets.
By default protected mode is enabled. You should disable it only if you are sure you want clients from other hosts to connect to Redis even if no authentication is configured.
translate:
- Protected mode is a mechanism to prevent you from accessing redis on the Internet (external network).
- When protected mode is enabled and there is no password, the server only accepts local connections from IPv4 addresses (127.0.0.1), IPv6 addresses (::1), or Unix sockets. (no password + protected mode boot = local access)
- It is enabled by default. (If you want to access it from the outside, even without authentication (without setting a password, without binding an accessible ip), then make it no and be responsible for it!)
2. The bind command of related commands
bind 127.0.0.1-::1
This indicates that redis can only be accessed locally (running node)
If you change it to something else, such asbind * -::*orbind *0.0.0.0this will be accessible to the whole network~~~
If bind is an externally accessible setting, does protected mode work? !
3. The requirepass command of related commands
requirepass 123456
This indicates that when accessing redis, such as using redis-cli, you need to add-a 123456to authenticate.
If requirepass has password access set, then protected mode doesn't work either, it will think you are password protected!
4. Conditions for whether the protection mode is effective
4.1 Protected mode works
protected-mode yes #打开保护模式
# bind 127.0.0.1 -::1
# requirepass password //不设置密码 The above works:
bind 127.0.0.1 -::1 that it can only be accessed locally
# bind 127.0.0.1 -::1 out with a pound sign, which is equivalent to the whole network access; but the protected mode is turned on, which can ensure local access.
requirepass password //Set the password password, which can be accessed directly through -a password
# requirepass password //Comment out with a pound sign, which is equivalent to passwordless access; but the protected mode is turned on to ensure local access.
4.2 Protected mode does not work
doesn't work 1
protected-mode yes #打开保护模式 bind * -::* # 全网可访问(或者设置了别的ip) # requirepass password #密码访问
doesn't work 2
protected-mode yes #打开保护模式 #bind * -::* # 全网可访问 requirepass password #密码访问
doesn't work 3
protected-mode yes #打开保护模式 bind * -::* # 全网可访问 requirepass password #密码访问
5. Summary
1. If protected-mode yes + no bind x.x.x.x + no requirepass xxxx set a password, it works, and can only be accessed on a running machine;
- If
protected-mode yes+ (setbind x.x.x.xor setrequirepass xxxxpassword): as long as one of the latter two is enabled, it means that you have to rely on yourself bind or password to access, it will not work.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。