Running the command redis-server
it returns:
The server is now ready to accept connections on port 6379
Trying to connect in my browser localhost:6379 I get this message:
Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.
Can anyone help me fix this error please?
Redis has low security on its own, so it's important to set up a firewall. Setting up a proper firewall configuration will prevent any unauthorized incoming traffic. Some commands are considered dangerous and could be run by mistake or by an unauthorized user.
Security modelRedis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket.
What Is Redis Protected Mode? Redis protected mode is a security feature that prevents the Redis server from responding to queries outside the loopback interfaces. The Redis server will return an error to any client connecting outside loopback addresses in protected mode.
Redis AUTH command is used to authenticate to the server with the given password. If the password matches the password in the configuration file, the server replies with the OK status code and starts accepting commands. Otherwise, an error is returned and the clients needs to try a new password.
You'll need to use a Redis client to connect to Redis, not your browser. Look at this page for a few https://redis.io/clients, or use redis-cli
, or even just plain Telnet.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With