Redis 将合法连接视为攻击——可能是由于反向代理?

Redis 将合法连接视为攻击——可能是由于反向代理?

我正在运行 Redis 以用于 Rails 和 Action Cable。它们都位于 Nginx 反向代理后面。目前,每当连接到 Redis 时,我都会得到

# Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.

这可能是 Nginx 设置导致的吗?如果是,则配置如下:

server {
       server_name "###";
                                                                                                                                                                                    location / {                                                                                                                                                                          proxy_pass http://127.0.0.1:3000;                                                                                                                                            proxy_set_header  X-Forwarded-Proto $scheme;
                proxy_set_header  X-Forwarded-Ssl on;                                                                                                                                        proxy_set_header  X-Forwarded-Port $server_port;
                proxy_set_header  X-Forwarded-Host $host;
        }
        location /cable {                                                                                                                                                                    proxy_pass http://127.0.0.1:6379;
                proxy_set_header  X-Forwarded-Proto $scheme;                                                                                                                                 proxy_set_header  X-Forwarded-Ssl on;                                                                                                                                        proxy_set_header  X-Forwarded-Port $server_port;                                                                                                                             proxy_set_header  X-Forwarded-Host $host;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/###/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/###/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}server {
    if ($host = ###) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


       listen 80;
       server_name "###";
    return 404; # managed by Certbot


}

相关内容