Ich verwende Redis für die Verwendung mit Rails und Action Cable. Diese sitzen alle hinter einem Nginx-Reverse-Proxy. Derzeit erhalte ich immer, wenn eine Verbindung zu Redis besteht,
# Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.
Ist es möglich, dass das Nginx-Setup dies verursacht? Hier ist die Konfiguration, wenn ja:
server {
server_name "###";
location / { proxy_pass http://127.0.0.1:3000; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
}
location /cable { proxy_pass http://127.0.0.1:6379;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Host $host;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/###/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/###/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = ###) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name "###";
return 404; # managed by Certbot
}