Redis aborting connections

Question

Redis aborting connections

abvlm opened this issue 5 years ago · 3 comments

Hello,

I'm having a issue that redis aborting the connections :

1:M 22 Aug 06:05:57.319 # Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.

Leading to errors downloading the files in the pipeline log.

Thanks for help

Answer 1 · 2019-09-06T06:53:08.000Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Answer 2 · 2019-10-28T20:08:39.000Z

Having the same problem here. Ubuntu 18.04. I tried changing the redis alpine version, and also editing redis.conf to disable protected mode which did not help.

Advice welcome.

Answer 3 · 2020-06-11T11:52:36.000Z

Hi there,
I also face the same trouble.

I think it is what causing me not beeing able to load the frontend page (localhost shows nothing, even no errors)

redis_1       | 1:C 11 Jun 11:38:59.999 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
redis_1       | 1:C 11 Jun 11:38:59.999 # Redis version=4.0.2, bits=64, commit=00000000, modified=0, pid=1, just started
redis_1       | 1:C 11 Jun 11:38:59.999 # Configuration loaded
redis_1       |                 _._
redis_1       |            _.-``__ ''-._
redis_1       |       _.-``    `.  `_.  ''-._           Redis 4.0.2 (00000000/0) 64 bit
redis_1       |   .-`` .-```.  ```\/    _.,_ ''-._
redis_1       |  (    '      ,       .-`  | `,    )     Running in standalone mode
redis_1       |  |`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
redis_1       |  |    `-._   `._    /     _.-'    |     PID: 1
redis_1       |   `-._    `-._  `-./  _.-'    _.-'
redis_1       |  |`-._`-._    `-.__.-'    _.-'_.-'|
redis_1       |  |    `-._`-._        _.-'_.-'    |           http://redis.io
redis_1       |   `-._    `-._`-.__.-'_.-'    _.-'
redis_1       |  |`-._`-._    `-.__.-'    _.-'_.-'|
redis_1       |  |    `-._`-._        _.-'_.-'    |
redis_1       |   `-._    `-._`-.__.-'_.-'    _.-'
redis_1       |       `-._    `-.__.-'    _.-'
redis_1       |           `-._        _.-'
redis_1       |               `-.__.-'
redis_1       |
redis_1       | 1:M 11 Jun 11:39:00.000 # Server initialized
redis_1       | 1:M 11 Jun 11:39:00.000 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
redis_1       | 1:M 11 Jun 11:39:00.000 * Ready to accept connections
redis_1       | 1:M 11 Jun 11:39:05.208 # Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.
redis_1       | 1:M 11 Jun 11:40:08.952 # Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.
redis_1       | 1:M 11 Jun 11:41:12.783 # Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.

Does anyone found a fix?