Corrections about the new protected-mode usage. (#9143)

redis.conf

@@ -79,7 +79,10 @@
 # running on).
 #
 # IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
-# JUST COMMENT OUT THE FOLLOWING LINE.
+# COMMENT OUT THE FOLLOWING LINE.
+#
+# You will also need to set a password unless you explicitly disable protected
+# mode.
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 bind 127.0.0.1 -::1
 
@@ -98,20 +101,13 @@ bind 127.0.0.1 -::1
 # Protected mode is a layer of security protection, in order to avoid that
 # Redis instances left open on the internet are accessed and exploited.
 #
-# When protected mode is on and if:
+# When protected mode is on and the default user has no password, the server
-#
+# only accepts local connections from the IPv4 address (127.0.0.1), IPv6 address
-# 1) The server is not binding explicitly to a set of addresses using the
+# (::1) or Unix domain sockets.
-#    "bind" directive.
-# 2) No password is configured.
-#
-# The server only accepts connections from clients connecting from the
-# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
-# sockets.
 #
 # By default protected mode is enabled. You should disable it only if
 # you are sure you want clients from other hosts to connect to Redis
-# even if no authentication is configured, nor a specific set of interfaces
+# even if no authentication is configured.
-# are explicitly listed using the "bind" directive.
 protected-mode yes
 
 # Accept connections on the specified port, default is 6379 (IANA #815344).

src/networking.c

@@ -1001,9 +1001,8 @@ void clientAcceptHandler(connection *conn) {
         if (strcmp(cip,"127.0.0.1") && strcmp(cip,"::1")) {
             char *err =
                 "-DENIED Redis is running in protected mode because protected "
-                "mode is enabled, no bind address was specified, no "
+                "mode is enabled and no password is set for the default user. "
-                "authentication password is requested to clients. In this mode "
+                "In this mode connections are only accepted from the loopback interface. "
-                "connections are only accepted from the loopback interface. "
                 "If you want to connect from external computers to Redis you "
                 "may adopt one of the following solutions: "
                 "1) Just disable protected mode sending the command "
@@ -1017,7 +1016,7 @@ void clientAcceptHandler(connection *conn) {
                 "mode option to 'no', and then restarting the server. "
                 "3) If you started the server manually just for testing, restart "
                 "it with the '--protected-mode no' option. "
-                "4) Setup a bind address or an authentication password. "
+                "4) Setup a an authentication password for the default user. "
                 "NOTE: You only need to do one of the above things in order for "
                 "the server to start accepting connections from the outside.\r\n";
             if (connWrite(c->conn,err,strlen(err)) == -1) {