Make sure Redis is secure

Jeroen van Baarsen
November 15, 2015

A little while ago, I read a post about the insecurity of Redis. It was mainly about the fact that most Redis installation or totally open to the outside world, without any authentication.

When I read that, I immediately looked at our servers, and it turned out, some of them had the same problem. Redis was open for the outside world.

The main problem is that by default Redis is insecure, they don't block outside traffic, and they don't urge you to set up AUTH for your installation.

It's very simple to make sure you are secure. All you have to do is to bind the listen IP to instead of the outside world!

Is my installation insecure?

It's easy to find out! You can do so by running the following command:
$ telnet your_ip 6379

If you see the following text, your server is insecure!


Steps to make your installation secure

  1. Go to /etc/redis/
  2. Open the config file $ vi 6379.conf
  3. Find the line # bind Uncomment that line, and save the file
  4. Restart your redis service $ /etc/init.d/redis_6379 restart

I hope this post allowed you to improve the security of your Redis server. If you have any questions, you can ping me on Twitter (@jvanbaarsen) or by
email (