1.1 KiB
1.1 KiB
| title | impact | impactDescription | tags | description | alwaysApply |
|---|---|---|---|---|---|
| Secure Network Access | HIGH | Reduces attack surface and prevents unauthorized access | security, network, firewall, bind, tls | Secure Network Access | true |
Secure Network Access
Restrict network access to Redis to only trusted sources.
Correct: Bind to specific interfaces.
# redis.conf
bind 127.0.0.1 192.168.1.100
protected-mode yes
Correct: Use firewall rules.
# Allow only application servers
iptables -A INPUT -p tcp --dport 6379 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 6379 -j DROP
Incorrect: Exposing Redis to the internet.
# Bad: Binds to all interfaces
bind 0.0.0.0
protected-mode no
Security checklist:
- Use TLS for connections
- Bind to specific interfaces, not
0.0.0.0 - Use firewall rules to restrict access
- Disable dangerous commands in production
# Disable dangerous commands
rename-command FLUSHALL ""
rename-command DEBUG ""
rename-command CONFIG ""
Reference: Redis Security