redis で because protected mode is enabled が出た場合の対処


redis サーバに接続した際に

(error) DENIED Redis is running in protected mode because protected mode is enabled, no bind address was specified, no authentication password is requested to clients. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from
the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then
restarting the server. 3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 4) Setup a bind address or an authentication password. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.

と出た場合は、エラーメッセージにある通り

  1. ローカルホストから接続して、CONFIG SET protected-mode no コマンドを実行するか
  2. 設定ファイルに protected-mode no を追加するか
  3. コマンドラインオプションに --protected-mode no を指定するか
  4. Setup bind address (設定ファイルの bind 設定?)か、パスワード認証を行うか

のいずれかを実行しないと、操作ができなくなっている。

Redis 3.2 で実装されたセキュリティ機能らしく、redis は基本的に無防備でパスワード認証を使う以外はパケットフィルタでアクセス制限を設定する必要があったが、少しだけ改善されたということか。

Protected mode
Unfortunately many users fail to protect Redis instances from being accessed from external networks. Many instances are simply left exposed on the internet with public IPs. For this reasons since version 3.2.0, when Redis is executed with the default configuration (binding all the interfaces) and without any password in order to access it, it enters a special mode called protected mode. In this mode Redis only replies to queries from the loopback interfaces, and reply to other clients connecting from other addresses with an error, explaining what is happening and how to configure Redis properly.
We expect protected mode to seriously decrease the security issues caused by unprotected Redis instances executed without proper administration, however the system administrator can still ignore the error given by Redis and just disable protected mode or manually bind all the interfaces.