The Redis port is open to the outside and no authentication option is configured, and unauthorized users can get all the information in the database directly, causing serious information disclosure.
Security is set up by two methods:
Method One:
You can modify the bound IP, port, and specified visitor IP
Depending on the actual situation to set, you can also directly on the server firewall settings.
Method Two:
Set access password
Find the "requirepass" field in redis.conf, uncomment it and fill in the password you need.
Note: Modifying Redis configuration requires a restart of Redis to take effect.
Here's a second way to set it up.
CD/OPT/REDISCP redis.conf redis.conf.$ (date +%f). Bakgrep "Requirepass" Redis.confecho "Requirepass Lvniankeji" > > redis.confgrep "Requirepass" redis.conf
Close service redis-cli shutdown# #带有密码的redis关闭redis-cli-a lvniankeji shutdown if not the default port, you can specify the port: Redis-cli-p 6379 Shutdown Start Command Redis-server conf/redis.conf
Restart:
Redis-cli-p 6379-a Lvniankeji Shutdown Netstat-lntup | grep Redis/application/redis/bin/redis-server/application/redis/conf/redis.confnetstat-lntup | grep Redis
Certification Method 1
[[email protected] conf]# redis-cli 127.0.0.1:6379> SEt Gao Deng (error) Noauth authentication required.127.0.0.1:6379 > Auth lvniankejiok127.0.0.1:6379> SEt Gao dengok127.0.0.1:6379> get Gao "Deng" 127.0.0.1:6379>
Certification Method 2
[[email protected] conf]# redis-cli-a lvniankeji127.0.0.1:6379> set Gao aok127.0.0.1:6379> get Gao "a" 127.0.0.1:63 79>
# # #redis绑定IP
1. A more secure approach is to use a binding IP to control.
Bind 127.0.0.1
Indicates that access is only allowed through the 127.0.0.1 IP address. In fact, only oneself can access himself, other machines can not access him.
# # #redis权限方式,
# #第一个是屏蔽set command; the second one is to change the get command to GGG
#rename-command Set "" Echo ' Rename-command set "" ' >> Redis.confecho ' rename-command get GGG ' >> redis.conf### # #重启才能生效 [[email protected] conf]# redis-cli 127.0.0.1:6379> set oo oo (error) ERR unknown command ' set ' 127.0.0.1:6379&G T 127.0.0.1:6379> get (Error) ERR unknown command ' get ' 127.0.0.1:6379> GGG (Error) Noauth authentication required .127.0.0.1:6379> GGG id01 (Error) Noauth authentication required.127.0.0.1:6379> Auth lvniankejiok127.0.0.1:6379 > GGG id01 "Xiaogao" 127.0.0.1:6379>
Block a command, or you can rename a command
This article is from the "Struggle Bar" blog, please be sure to keep this source http://lvnian.blog.51cto.com/7155281/1712209
Redis's Security Certifications