一: Redis線上不能使用危險的命令

1:keys *

雖然其模糊匹配功能使用非常方便也很強大，在小數(shù)據(jù)量情況下使用沒什么問題，數(shù)據(jù)量大會導致 Redis 鎖住及 CPU 飆升，在生產(chǎn)環(huán)境建議禁用或者重命名！

2:flushdb

刪除 Redis 中當前所在數(shù)據(jù)庫中的所有記錄，并且此命令從不會執(zhí)行失敗

3:flushall

刪除 Redis 中所有數(shù)據(jù)庫中的所有記錄，不只是當前所在數(shù)據(jù)庫，并且此命令從不會執(zhí)行失敗。

4:config

客戶端可修改 Redis 配置。

二:如何禁用或者重命名危險命令

1:看下 redis.conf 默認配置文件，找到 SECURITY 區(qū)域，如以下所示:

################################## SECURITY #################################### Require clients to issue AUTH <PASSWORD> before processing any other # commands. This might be useful in environments in which you do not trust # others with access to the host running redis-server. # # This should stay commented out for backward compatibility and because most # people do not need auth (e.g. they run their own servers). # # Warning: since Redis is pretty fast an outside user can try up to # 150k passwords per second against a good box. This means that you should # use a very strong password otherwise it will be very easy to break. # # requirepass foobared# Command renaming. # # It is possible to change the name of dangerous commands in a shared # environment. For instance the CONFIG command may be renamed into something # hard to guess so that it will still be available for internal-use tools # but not available for general clients. # # Example: # # rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 # # It is also possible to completely kill a command by renaming it into # an empty string: # # rename-command CONFIG "" # # Please note that changing the name of commands that are logged into the # AOF file or transmitted to slaves may cause problems.

看說明，添加 rename-command 配置即可達到安全目的。

2:禁用命令

rename-command KEYS "" rename-command FLUSHALL "" rename-command FLUSHDB "" rename-command CONFIG ""

3:重命名命令

rename-command KEYS "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" rename-command FLUSHALL "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" rename-command FLUSHDB "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" rename-command CONFIG "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

上面的 XX 可以定義新命令名稱，或者用隨機字符代替。
經(jīng)過以上的設置之后，危險命令就不會被客戶端執(zhí)行了

新人創(chuàng)作打卡挑戰(zhàn)賽發(fā)博客就能抽獎！定制產(chǎn)品紅包拿不停！

總結(jié)

以上是生活随笔為你收集整理的Redis禁用危险命令的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。