Redis禁用或重新命名危險命令

良好的配置能夠杜絕誤操作引發的Redis事故。

一: Redis線上不能使用危險的命令

1:keys *

雖然其模糊匹配功能使用非常方便也很強大，在小資料量情況下使用沒什麼問題，資料量大會導致 Redis 鎖住及 CPU 飆升，在生產環境建議禁用或者重新命名！

2:flushdb

刪除 Redis 中當前所在資料庫中的所有記錄，並且此命令從不會執行失敗

3:flushall

刪除 Redis 中所有資料庫中的所有記錄，不只是當前所在資料庫，並且此命令從不會執行失敗。

4:config

客戶端可修改 Redis 配置。

二:如何禁用或者重新命名危險命令

1:看下 redis.conf 預設配置檔案，找到 SECURITY 區域，如以下所示:

################################## SECURITY ###################################

# Require clients to issue AUTH <PASSWORD> before processing any other
# commands.  This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# requirepass foobared

# Command renaming.
#
# It is possible to change the name of dangerous commands in a shared
# environment. For instance the CONFIG command may be renamed into something
# hard to guess so that it will still be available for internal-use tools
# but not available for general clients.
#
# Example:
#
# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
#
# It is also possible to completely kill a command by renaming it into
# an empty string:
#
# rename-command CONFIG ""
#
# Please note that changing the name of commands that are logged into the
# AOF file or transmitted to slaves may cause problems.

2:禁用命令

rename-command KEYS     ""
rename-command FLUSHALL ""
rename-command FLUSHDB  ""
rename-command CONFIG   ""

3:重新命名命令

rename-command KEYS     "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
rename-command FLUSHALL "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
rename-command FLUSHDB  "XXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
rename-command CONFIG   "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"