3th of 4 Questions.
What is protected-mode in Redis, and when does it activate?
protected-mode yes (default) causes Redis to refuse connections from all addresses except loopback (127.0.0.1) unless either a bind directive is set or a requirepass is configured. It was introduced as a safety net after public internet-exposed Redis instances became a common attack vector. In production, always either bind to a private interface or enable auth — never rely solely on protected-mode.