6

I'm trying to configure Redis (redis.conf, bind parameter) to accept access only from certain ips. In my case I want to enable access for the loopback network interface (127.0.0.1/::1) and for the ip 192.168.56.101 (192.168.56.102 is the ip of the Redis server). According to all the documentation that I have read so far the configuration below should work...

bind 127.0.0.1 ::1 192.168.56.101

... but that's not what happens.

I've tried several other configurations...

bind 127.0.0.1 192.168.56.101 ::1
bind 127.0.0.1 192.168.56.101
bind 192.168.56.101
bind 192.168.56.0
bind 192.168.0.0

... and nothing works. =|

The only configuration that worked was this...

bind 0.0.0.0

But, this configuration opens access to any ip!

NOTE: The protected-mode parameter (redis.conf) has a no value.

Any idea what might be happening?

REFERENCE:

Redis bind to more than one IP

https://redis.io/topics/security

http://download.redis.io/redis-stable/redis.conf

FURTHER QUESTION:

How could I enable access for an IP range (bind parameter)? Something like...

bind 192.168.56.0

... or...

bind 192.168.56.0/24

In these examples any machine with an ip starting at "192.168.56" will have access to the Redis server.

@Carl Dacosta @Jacky

Thanks!

Community
  • 1
  • 1
Eduardo Lucio
  • 1,771
  • 2
  • 25
  • 43

1 Answers1

6

I think you misunderstand the bind configuration and IP-whitelist.

The bind configuration specifies the IP addresses that Redis listens to. If you bind Redis to loopback interface, only local clients can access Redis. If you want other hosts to access Redis, you have to bind Redis to all network interfaces (i.e. 0.0.0.0), or some specified network interfaces.

What's you need is IP-whitelist, which lists the IP addresses that can access Redis. AFAIK, so far, Redis DOES NOT support that (correct me, if I'm wrong).

There are other solutions to limit the access to Redis (all these solution needs Redis NOT to bind on loopback interface).

Limit access by authentication

You can use the requirepass configuration to set a password for Redis. Only clients with the password can access Redis.

Limit access by OS utility

On Linux, you can use iptables to control the network access. With this utility, you can only allow specified hosts to access the port that Redis bind to.

for_stack
  • 21,012
  • 4
  • 35
  • 48