[GH-ISSUE #259] Redis aborting connections #249

New issue

Closed

opened 2026-02-27 15:55:48 +03:00 by kerem · 3 comments

kerem commented

2026-02-27 15:55:48 +03:00

Owner

Originally created by @abvlm on GitHub (Aug 22, 2019).
Original GitHub issue: https://github.com/RD17/ambar/issues/259

Hello,

I'm having a issue that redis aborting the connections :

1:M 22 Aug 06:05:57.319 # Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.

Leading to errors downloading the files in the pipeline log.

Thanks for help

Originally created by @abvlm on GitHub (Aug 22, 2019). Original GitHub issue: https://github.com/RD17/ambar/issues/259 Hello, I'm having a issue that redis aborting the connections : > 1:M 22 Aug 06:05:57.319 # Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted. Leading to errors downloading the files in the pipeline log. Thanks for help

kerem

2026-02-27 15:55:48 +03:00

closed this issue
added the
wontfix
label

kerem commented

2026-02-27 15:55:49 +03:00

Author

Owner

@stale[bot] commented on GitHub (Sep 6, 2019):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale[bot] commented on GitHub (Sep 6, 2019): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

kerem commented

2026-02-27 15:55:49 +03:00

Author

Owner

@hardreddata commented on GitHub (Oct 28, 2019):

Having the same problem here. Ubuntu 18.04. I tried changing the redis alpine version, and also editing redis.conf to disable protected mode which did not help.

Advice welcome.

@hardreddata commented on GitHub (Oct 28, 2019): Having the same problem here. Ubuntu 18.04. I tried changing the redis alpine version, and also editing redis.conf to disable protected mode which did not help. Advice welcome.

kerem commented

2026-02-27 15:55:49 +03:00

Author

Owner

@MrNonoss commented on GitHub (Jun 11, 2020):

Hi there,
I also face the same trouble.

I think it is what causing me not beeing able to load the frontend page (localhost shows nothing, even no errors)

redis_1       | 1:C 11 Jun 11:38:59.999 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
redis_1       | 1:C 11 Jun 11:38:59.999 # Redis version=4.0.2, bits=64, commit=00000000, modified=0, pid=1, just started
redis_1       | 1:C 11 Jun 11:38:59.999 # Configuration loaded
redis_1       |                 _._
redis_1       |            _.-``__ ''-._
redis_1       |       _.-``    `.  `_.  ''-._           Redis 4.0.2 (00000000/0) 64 bit
redis_1       |   .-`` .-```.  ```\/    _.,_ ''-._
redis_1       |  (    '      ,       .-`  | `,    )     Running in standalone mode
redis_1       |  |`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
redis_1       |  |    `-._   `._    /     _.-'    |     PID: 1
redis_1       |   `-._    `-._  `-./  _.-'    _.-'
redis_1       |  |`-._`-._    `-.__.-'    _.-'_.-'|
redis_1       |  |    `-._`-._        _.-'_.-'    |           http://redis.io
redis_1       |   `-._    `-._`-.__.-'_.-'    _.-'
redis_1       |  |`-._`-._    `-.__.-'    _.-'_.-'|
redis_1       |  |    `-._`-._        _.-'_.-'    |
redis_1       |   `-._    `-._`-.__.-'_.-'    _.-'
redis_1       |       `-._    `-.__.-'    _.-'
redis_1       |           `-._        _.-'
redis_1       |               `-.__.-'
redis_1       |
redis_1       | 1:M 11 Jun 11:39:00.000 # Server initialized
redis_1       | 1:M 11 Jun 11:39:00.000 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
redis_1       | 1:M 11 Jun 11:39:00.000 * Ready to accept connections
redis_1       | 1:M 11 Jun 11:39:05.208 # Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.
redis_1       | 1:M 11 Jun 11:40:08.952 # Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.
redis_1       | 1:M 11 Jun 11:41:12.783 # Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.

Does anyone found a fix?

@MrNonoss commented on GitHub (Jun 11, 2020): Hi there, I also face the same trouble. I think it is what causing me not beeing able to load the frontend page (localhost shows nothing, even no errors) ``` redis_1 | 1:C 11 Jun 11:38:59.999 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo redis_1 | 1:C 11 Jun 11:38:59.999 # Redis version=4.0.2, bits=64, commit=00000000, modified=0, pid=1, just started redis_1 | 1:C 11 Jun 11:38:59.999 # Configuration loaded redis_1 | _._ redis_1 | _.-``__ ''-._ redis_1 | _.-`` `. `_. ''-._ Redis 4.0.2 (00000000/0) 64 bit redis_1 | .-`` .-```. ```\/ _.,_ ''-._ redis_1 | ( ' , .-` | `, ) Running in standalone mode redis_1 | |`-._`-...-` __...-.``-._|'` _.-'| Port: 6379 redis_1 | | `-._ `._ / _.-' | PID: 1 redis_1 | `-._ `-._ `-./ _.-' _.-' redis_1 | |`-._`-._ `-.__.-' _.-'_.-'| redis_1 | | `-._`-._ _.-'_.-' | http://redis.io redis_1 | `-._ `-._`-.__.-'_.-' _.-' redis_1 | |`-._`-._ `-.__.-' _.-'_.-'| redis_1 | | `-._`-._ _.-'_.-' | redis_1 | `-._ `-._`-.__.-'_.-' _.-' redis_1 | `-._ `-.__.-' _.-' redis_1 | `-._ _.-' redis_1 | `-.__.-' redis_1 | redis_1 | 1:M 11 Jun 11:39:00.000 # Server initialized redis_1 | 1:M 11 Jun 11:39:00.000 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled. redis_1 | 1:M 11 Jun 11:39:00.000 * Ready to accept connections redis_1 | 1:M 11 Jun 11:39:05.208 # Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted. redis_1 | 1:M 11 Jun 11:40:08.952 # Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted. redis_1 | 1:M 11 Jun 11:41:12.783 # Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted. ``` Does anyone found a fix?