Redis is a widely used high-performance in-memory database, but it is not strongly secured by default. Especially when accessed over the network, improper configurations can lead to issues like data breaches, hacking, and service disruptions.

In this article, we will explain how to enhance the network security of Redis and the key settings in a way that beginners can easily understand. Let's look at what settings need to be checked to operate Redis securely.

1. Limiting Access to Redis from External Sources

✅ 1-1. Allow Access Only from Specific IPs (bind setting)

By default, Redis can accept connections from all network interfaces. This means that without any settings, anyone can access the Redis server.

To prevent this, you should use the bind setting to restrict access to specific IP addresses.

📌 Example: Allow Access Only from Local (127.0.0.1)

bind 127.0.0.1 -::1

With this setting, only clients running on the same server can access Redis.

📌 What if access from an external IP is necessary?

If you need to allow access from an external IP, you can set it to allow only specific IPs.

bind 192.168.1.100 10.0.0.1

This way, access to Redis will only be possible from 192.168.1.100 and 10.0.0.1.

✅ 1-2. Protect Mode (protected-mode) Setting

Redis provides a protected mode feature to enhance security. When protected mode is enabled, external access without a password is not allowed.

📌 Activating Protect Mode

protected-mode yes

With this setting, Redis will only be accessible from 127.0.0.1 (local).

2. Setting Network Port and Connection Limits for Redis

✅ 2-1. Setting the Port Redis Will Listen On (port)

Redis runs on port 6379 by default.

port 6379

If you want to use it only via Unix socket and not TCP sockets, you can set the port to 0.

port 0

✅ 2-2. Setting Communication to a Specific Port (bind-source-addr)

Redis does not bind to specific network interfaces for outbound connections (like when replicas connect to masters or when communicating within clusters) by default.

bind-source-addr 10.0.0.1

With this setting, Redis will only communicate with external Redis servers through the 10.0.0.1 interface.

3. Settings for Network Connection Stability

✅ 3-1. TCP Connection Backlog Size (tcp-backlog)

tcp-backlog 511

🔹 For servers handling high traffic, it's recommended to set this value to 1,024 or 4,096.

✅ 3-2. Client Inactivity Timeout (timeout)

timeout 300

If a client does nothing for 5 minutes, the connection will be automatically terminated.

4. Additional Settings for Enhanced Security

✅ 4-1. Blocking Dangerous Commands (enable-debug-command)

Some Redis commands (DEBUG, MODULE LOAD, etc.) can pose security risks.

enable-debug-command no
enable-module-command no

By doing this, the execution of potentially dangerous commands will be restricted.

5. Summary: Redis Network Security Settings Checklist

• ✔ Set Redis to be accessible only from specific IPs (bind)
• ✔ Activate protect mode (protected-mode) to block external access
• ✔ Configure TCP port settings (port) to limit unnecessary access
• ✔ Set client inactivity timeout (timeout) to block idle connections
• ✔ Implement Keepalive settings (tcp-keepalive) to maintain network connections
• ✔ Block dangerous commands (enable-debug-command no) to enhance security

Redis is a database where network security is paramount. Applying the above settings meticulously can prevent hacking and data breaches! If you are running a Redis server, check your security settings right away. 🔐🚀