diff options
Diffstat (limited to 'redis.conf')
| -rw-r--r-- | redis.conf | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/redis.conf b/redis.conf index 1350ac96d..8bac2afb5 100644 --- a/redis.conf +++ b/redis.conf @@ -110,6 +110,29 @@ bind 127.0.0.1 -::1 # even if no authentication is configured. protected-mode yes +# Redis uses default hardened security configuration directives to reduce the +# attack surface on innocent users. Therefore, several sensitive configuration +# directives are immutable, and some potentially-dangerous commands are blocked. +# +# Configuration directives that control files that Redis writes to (e.g., 'dir' +# and 'dbfilename') and that aren't usually modified during runtime +# are protected by making them immutable. +# +# Commands that can increase the attack surface of Redis and that aren't usually +# called by users are blocked by default. +# +# These can be exposed to either all connections or just local ones by setting +# each of the configs listed below to either of these values: +# +# no - Block for any connection (remain immutable) +# yes - Allow for any connection (no protection) +# local - Allow only for local local connections. Ones originating from the +# IPv4 address (127.0.0.1), IPv6 address (::1) or Unix domain sockets. +# +# enable-protected-configs no +# enable-debug-command no +# enable-module-command no + # Accept connections on the specified port, default is 6379 (IANA #815344). # If port 0 is specified Redis will not listen on a TCP socket. port 6379 |