Redis connection failed: Analysis and solution for the problem of client IP not on the whitelist

1. Problem background

During development and operation and maintenance, we may encounter the following error logs:

2025-01-09 17:47:42.298 ad_flowcontrol [main] ERROR  - Traffic sent toredisfail:ERR client ip is not in whitelist 192.168.0.40; nested exception is : ERR client ip is not in whitelist 192.168.0.40
2025-01-09 17:47:42.353 ad_flowcontrol [main] ERROR  - Application run failed
: Error creating bean with name 'redisDataInit': Invocation of init method failed; nested exception is : Traffic sendingredisfail

This log shows that the application failed when trying to connect to Redis because of the client's IP address (192.168.0.40) is not on Redis's whitelist. Next, we will analyze this problem in depth and provide detailed solutions.

2. Error analysis

1. Interpretation of error message

• ERR client ip is not in whitelist 192.168.0.40：

  • This is the error message returned by the Redis server, indicating the client's IP address192.168.0.40Connection is not allowed.
  • The Redis server may be configured with an IP whitelist, which can only be accessed by a specific IP address.

• nested exception is ：

  • Jedis is a commonly used Redis client library in Java. This exception indicates that the Redis server returns an error.

• Error creating bean with name 'redisDataInit'：

  • Spring Boot application is initializedredisDataInitFailed to bean because Redis connection failed.

• Traffic sending redis failed：

  • This is an application custom exception, indicating that data sent to Redis failed.

2. The root cause

The root cause of the problem is that the security configuration of the Redis server restricts client access. Specifically, Redis may restrict access by:

1. IP whitelist：

   • Redis is configuredbindParameters, only specific IP addresses are allowed to connect.
   • If the client's IP address is not on the whitelist, the connection will be denied.

2. Protection mode：

   • Redis is enabledprotected-mode, and the password is not configured or the allowed IP address is not bound.

3. Firewall or network security group：

   • The server's firewall or cloud service provider's security group rules block client access.

3. Solution

To address the above problems, we can start from the following aspects.

1. Add client IP to Redis whitelist

Step 1: Log in to the Redis server

Find Redis's configuration file (usually), usually located in/etc/redis/or/usr/local/etc/。

Step 2: Modify the configuration file

Find in the configuration filebindParameters, add the client's IP address to the whitelist. For example:

bind 127.0.0.1 192.168.0.40

Step 3: Restart Redis Service

After modifying the configuration, restart the Redis service to make the configuration take effect:

sudo systemctl restart redis

Step 4: Verify the connection

From the client192.168.0.40Try connecting to Redis to make sure the connection is successful.

2. Check the firewall or network security group

Step 1: Check the server firewall

Make sure the Redis server's firewall is allowed to come from192.168.0.40connection. For example, use the following command to open the Redis port (default is6379）：

sudo ufw allow from 192.168.0.40 to any port 6379

Step 2: Check the security group of the cloud service provider

If Redis is running on a cloud server (such as AWS, Alibaba Cloud, etc.), ensure that the security group rules allow192.168.0.40Access the Redis port.

3. Check application configuration

Step 1: Check Redis Connection Configuration

Make sure the application's Redis connection is configured correctly, including the host address, port, and password (if any). For example, in Spring Bootormiddle:

=your-redis-host
=6379
=your-password

Step 2: Check network connectivity

Ensure the client192.168.0.40You can access the Redis server. You can use the following command to test:

telnet your-redis-host 6379

4. Disable Redis whitelisting (not recommended)

If Redis is only used in the development environment, you can temporarily disable the whitelist:

Step 1: Modify the Redis configuration file

WillbindThe parameter is set to0.0.0.0, and closeprotected-mode：

bind 0.0.0.0
protected-mode no

Step 2: Restart Redis Service

After modifying the configuration, restart the Redis service:

sudo systemctl restart redis

Notice: Disabling whitelisting will reduce security and is only recommended for use in development environments.

4. Best Practices

To avoid similar problems, we can adopt the following best practices:

1. Reasonably configure Redis whitelist：

   • In production environments, always configure IP whitelists to allow only trusted IP addresses to access Redis.

2. Enable password authentication：

   • Setting in Redis configuration filerequirepassParameters, enable password authentication.

3. Using a VPN or a proprietary network：

   • In a cloud environment, use a VPN or a proprietary network (VPC) to limit the access scope of Redis.

4. Regularly review security configurations：

   • Regularly check Redis's configuration files, firewall rules, and security group settings for security.

5. Monitoring and alarm：

   • Set up monitoring and alarm systems to discover and deal with connection problems in a timely manner.

5. Summary

"Client IP is not on the whitelist" is one of the common problems with Redis connection failures, usually because Redis's security configuration restricts client access. We can effectively solve this problem by adding client IP to whitelist, checking firewalls or security groups, adjusting application configuration, etc. At the same time, following best practices can further improve the security and stability of the system.

Hopefully, the analysis and solutions in this article can help you better understand and solve Redis connection problems.

The above is the detailed analysis and solution of the problem of Redis connection failure: the client IP is not on the whitelist. For more information about the Redis client IP is not on the whitelist, please pay attention to my other related articles!