How do I allow connection to Redis only from a specific IP address ??
2,006 views
Skip to first unread message
S A
Mar 31, 2021, 12:45:20 PM3/31/21
to Redis DB
Hello,
I want to allow connections to the redis-server only from the localhost of the redis-server itself (192.168.10.1) and another server (192.168.10.2).
I wondered if I should set the each IP address in "bind" parameter in redis.conf as shown below, but it doesn't work correctly.
As the result, it can connect to redis-server from anywhere (even from a server other than 192.168.10.1 or 192.168.10.2).
============================================================
bind 127.0.0.1 192.168.10.1 192.168.10.2
============================================================
I've tried both protected-mode yes or no, but the results are the same.
Even if I try to set bind in two lines as shown below, it doesn't work correctly.
============================================================
bind 192.168.10.1 192.168.10.2
bind 127.0.0.1
============================================================
I think it's basic, but I don't know the cause.
I changed the "bind" settings and verified it many times, but I don't understand and I would like someone to help me.
<Environmental information>
Redis-server OS: CentOS 7.6
Redis version: 6.0.11
Best regards,
Greg Andrews
Apr 1, 2021, 9:42:01 PM4/1/21
to Redis DB
Redis ACLs seem to control access per username/password, but I can't see where they control per the IP address that the connection came from. I get the impression that Redis doesn't have the particular feature you're looking for.
I think you'll have to control access to Redis through the CentOS kernel packet handling rules. These are named 'iptables' in the Linux distros I'm familiar with. I've seen something suggesting Firewalld may be the customary network firewall software on CentOS 7.6.
Marcelo Zimbres Silva
Apr 2, 2021, 2:35:48 AM4/2/21
to redi...@googlegroups.com
On Wed, 31 Mar 2021 at 18:45, S A <satosh...@gmail.com> wrote:
>
> Hello,
>
> I want to allow connections to the redis-server only from the localhost of the redis-server itself (192.168.10.1) and another server (192.168.10.2).
>
> I wondered if I should set the each IP address in "bind" parameter in redis.conf as shown below, but it doesn't work correctly.
You can't bind on a remote IP address. Also, controlling incoming and
>
> Hello,
>
> I want to allow connections to the redis-server only from the localhost of the redis-server itself (192.168.10.1) and another server (192.168.10.2).
>
> I wondered if I should set the each IP address in "bind" parameter in redis.conf as shown below, but it doesn't work correctly.
outgoing traffic based on IP address is not redis responsibility.
In addition to what Greg suggested, you could also use systemd access
lists http://0pointer.net/blog/ip-accounting-and-access-lists-with-systemd.html
Marcelo
Reply all
Reply to author
Forward
0 new messages