{"id":5221,"date":"2019-05-26T21:39:16","date_gmt":"2019-05-26T12:39:16","guid":{"rendered":"https:\/\/east19-mikas.com\/?page_id=5221"},"modified":"2019-05-26T21:39:16","modified_gmt":"2019-05-26T12:39:16","slug":"waf2%e3%81%ae%e5%b0%8e%e5%85%a5","status":"publish","type":"page","link":"https:\/\/east19-mikas.com\/mpat\/?page_id=5221","title":{"rendered":"WAF2\u306e\u5c0e\u5165"},"content":{"rendered":"
WAF\uff12\u306e\u5c0e\u5165<\/div>\n

HTTP\/2\u74b0\u5883\u3078\u306eWAF\u306e\u5c0e\u5165\u624b\u9806<\/h2>\n

\u203bWAF2\u3068\u52dd\u624b\u306b\u540d\u524d\u3092\u4ed8\u3051\u307e\u3057\u305f\u304c\u3001HTTP\/2\u5bfe\u5fdc\u306eWAF\u306e\u4e8b\u3092\u3053\u3053\u3067\u306fWAF2\u3068\u3057\u307e\u3057\u305f\u3002
\nWAF\uff08Web Application Firewall\uff09\u306eModSecurity\u3092\u5c0e\u5165\u3057\u307e\u3059\u3002<\/p>\n

\u5c0e\u5165\u3059\u308b\u74b0\u5883<\/h3>\n

ModSecurity2.9.2\u306fHTTP\/2\u306b\u5bfe\u5fdc\u3057\u3066\u3044\u308bWAF\u3067\u3059\u3002
\n\u6700\u65b0\u30d0\u30fc\u30b8\u30e7\u30f3\u306f\u516c\u5f0fHP<\/a>\u3067\u78ba\u8a8d\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n

\n\u5c0e\u5165\u3059\u308b\u30de\u30b7\u30f3\u306e\u30b5\u30fc\u30d0\u30fc\u30bd\u30d5\u30c8\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3059\nOS\uff1aCentOS 7.6.1810\uff08Core)\nOpenSSL1.1.1\nApache 2.4.39\nMySQL8.0.16\nPHP7.3.5\nWordPress5.2.0\n<\/pre>\n
\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h3>\n
\u4e8b\u524d\u6e96\u5099<\/p>\n
# yum install libxml2-devel lua-devel libcurl-devel expat-devel<\/span>\n<\/pre>\n
\n\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\n# cd \/usr\/local\/src\/<\/span>\n# wget https:\/\/www.modsecurity.org\/tarball\/2.9.2\/modsecurity-2.9.2.tar.gz<\/span>\n\u5c55\u958b\n# tar zxvf modsecurity-2.9.2.tar.gz<\/span>\nConfigure\n# cd modsecurity-2.9.2<\/span>\n# .\/configure \\<\/span><\/span>\n> --with-apxs=\/usr\/local\/apache2\/bin\/apxs \\<\/span>\n> --with-apr=\/usr\/local\/apache2\/bin\/apr-1-config \\<\/span>\n> --with-apu=\/usr\/local\/apache2\/bin\/apu-1-config\n\n\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\n# make<\/span>\n# make CFLAGS=-DMSC_TEST test<\/span>\n============================================================================\nTestsuite summary for modsecurity 2.9\n============================================================================\n# TOTAL: 1\n# PASS: 1\n# SKIP: 0\n# XFAIL: 0\n# FAIL: 0\n# XPASS: 0\n# ERROR: 0\n============================================================================\n\n# make install<\/span>\n<\/pre>\n
Apache\u306e\u8a2d\u5b9a<\/h3>\n
mod_security\u3092\u4f7f\u7528\u3059\u308b\u306b\u306fApache\u30e2\u30b8\u30e5\u30fc\u30eb\u306emod_uniq_id\u304c\u5fc5\u8981<\/p>\n
# ls -l \/usr\/local\/apache2\/modules\/ | grep mod_unique_id.so<\/span>\n-rwxr-xr-x. 1 root root   34112  4\u6708 18 16:57 mod_unique_id.so<\/span>\n\n\u6709\u52b9\u5316\n# vi \/usr\/local\/apache2\/conf\/httpd.conf<\/span>\n\n#LoadModule unique_id_module modules\/mod_unique_id.so\n\u2193\nLoadModule unique_id_module modules\/mod_unique_id.so    \u30fc\u30fc\u30fc\u5148\u982d\u306e#\u3092\u524a\u9664\u3057\u307e\u3059<\/span>\n<\/pre>\n
\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u305f\u30e9\u30a4\u30d6\u30e9\u30ea\u306e\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u5909\u66f4<\/p>\n
# cd \/usr\/local\/apache2\/modules\/<\/span>\n# chmod 755 \/usr\/local\/apache2\/modules\/mod_security2.so<\/span>\n\nhttpd.conf\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u8ffd\u52a0\u3059\u308b\nLoadModule security2_module modules\/mod_security2.so\n<\/pre>\n
CRS\uff08ModSecurity Core Rule Set\uff09\u306e\u9069\u7528<\/h3>\n
\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u4f5c\u6210<\/p>\n
# cd \/usr\/local\/apache2\/<\/span>\n# mkdir modsecurity.d<\/span>\n# cd modsecurity.d\/<\/span>\n\nCRS\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\n# git clone https:\/\/github.com\/SpiderLabs\/owasp-modsecurity-crs.git<\/span>\n# ls -l | grep crs<\/span>\ndrwxr-xr-x 7 root root 291 Feb 2 17:35 owasp-modsecurity-crs<\/span>\n<\/pre>\n
\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30ea\u30cd\u30fc\u30e0\uff08.example\u3092\u5916\u3059\uff09<\/p>\n
# cd owasp-modsecurity-crs\/<\/span>\n# mv crs-setup.conf.example crs-setup.conf<\/span>\n\n\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u30ea\u30cd\u30fc\u30e0\u3059\u308b\uff08.example\u3092\u5916\u3059\uff09\n# mv rules\/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example rules\/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf<\/span>\n\nApache\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306b\u4ee5\u4e0b\u3092\u8ffd\u52a0\n# vi \/usr\/local\/apache2\/conf\/httpd.conf<\/span>\n\nLoadModule security2_module modules\/mod_security2.so\n<IfModule security2_module>\n<IfModule unique_id_module>\n    SecRuleEngine On\n    SecRequestBodyAccess On\n    SecDebugLog logs\/modsec_debug.log\n    SecDebugLogLevel 3\n    SecTmpDir \/tmp\/\n    SecUploadDir \/tmp\/\n    SecDataDir \/tmp\/\n    SecAuditEngine On\n    SecAuditEngine RelevantOnly\n    SecAuditLogType concurrent\n    SecAuditLogParts ABIDEFGHZ\n    SecAuditLogStorageDir \/var\/log\/mod_security\/data\n    SecAuditLog logs\/audit_log\n    Include modsecurity.d\/owasp-modsecurity-crs\/crs-setup.conf\n    Include modsecurity.d\/owasp-modsecurity-crs\/rules\/*.conf\n<\/IfModule>\n<\/IfModule>\n<\/pre>\n
Apache\u518d\u8d77\u52d5<\/p>\n
# systemctl reload httpd<\/span>\n<\/pre>\n
modsecurity.conf<\/h3>\n
\n# cd \/usr\/local\/src\/modsecurity-2.9.2\/<\/span>\n# cp modsecurity.conf-recommended \/usr\/local\/apache2\/conf\/modsecurity.conf<\/span>\nmodsecurity\u30bd\u30fc\u30b9\u304b\u3089unicode.mapping\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\n# cp \/usr\/local\/src\/modsecurity-2.9.2\/unicode.mapping \/usr\/local\/apache2\/conf\/<\/span>\n<\/pre>\n
Syntax\u78ba\u8a8d<\/p>\n
# httpd -t<\/span>\nSyntax OK\n<\/pre>\n
Apache\u518d\u8d77\u52d5<\/p>\n
# systemctl restart httpd<\/span>\n<\/pre>\n
modsecurity.conf\u306e\u8a2d\u5b9a\u5909\u66f4<\/p>\n
# -- Rule engine initialization ----------------------------------------------\n\n#SecRuleEngine DetectionOnly # \u76e3\u67fb\u306f\u5b9f\u884c\u3059\u308b\u304c\u3001block, deny,drop,allow,proxy,redirec\u306e\u30a2\u30af\u30b7\u30e7\u30f3\u306f\u5b9f\u884c\u3057\u306a\u3044\nSecRuleEngine On # \u30eb\u30fc\u30eb\u3092\u51e6\u7406\u3059\u308b\u3088\u3046\u306bmod_secureity\u3092\u5b9f\u884c\u3059\u308b\n\n\n# -- Request body handling ---------------------------------------------------\nSecRequestBodyAccess On # \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304b\u3089\u30b5\u30fc\u30d0\u3078\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u30c7\u30fc\u30bf\u306b\u5bfe\u3057\u3066\u76e3\u67fb\u3059\u308b\n\n# -- Response body handling --------------------------------------------------\n#SecResponseBodyAccess On # \u30b5\u30fc\u30d0\u304b\u3089\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3078\u306e\u30ec\u30b9\u30dd\u30f3\u30b9\u30c7\u30fc\u30bf\u306b\u5bfe\u3057\u3066\u76e3\u67fb\u3059\u308b\nSecResponseBodyAccess Off # \u30b5\u30fc\u30d0\u304b\u3089\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3078\u306e\u30ec\u30b9\u30dd\u30f3\u30b9\u30c7\u30fc\u30bf\u306b\u5bfe\u3057\u3066\u76e3\u67fb\u3057\u306a\u3044\n\n# -- Debug log configuration -------------------------------------------------\n#SecDebugLog \/opt\/modsecurity\/var\/log\/debug.log\n#SecDebugLog \/var\/log\/modsec_debug.log # \u30c7\u30d0\u30c3\u30b0\u30ed\u30b0\u51fa\u529b\u5148(\u5909\u66f4)\nSecDebugLog \/usr\/local\/apache2\/logs\/modsec_debug.log\n\n# \u5bb9\u91cf\u304c\u591a\u3044\u305f\u3081\u3001\u901a\u5e38\u306f\u6b62\u3081\u3066\u304a\u304f\n#SecDebugLogLevel 3 #\u30c7\u30d0\u30c3\u30b0\u30ed\u30b0\u30ec\u30d9\u30eb0\u3067\u306a\u306b\u3082\u51fa\u529b\u3057\u306a\u3044\u3001\uff19\u3067\u5168\u3066\u306e\u60c5\u5831\u3092\u51fa\u529b\n\n# -- Audit log configuration -------------------------------------------------\nSecAuditEngine RelevantOnly # \u76e3\u67fb\u306b\u5f15\u3063\u639b\u304b\u3063\u305f\u3082\u306e\u3060\u3051\u3092\u8a18\u9332\n#SecAuditLog \/var\/log\/modsec_audit.log # \u76e3\u67fb\u30ed\u30b0\u306e\u51fa\u529b\u5148\nSecAuditLog \"|\/usr\/local\/apache2\/bin\/rotatelogs logs\/modsec_audit.log.%Y%m%d 86400 540\"\n<\/pre>\n
\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u306e\u767b\u9332<\/h3>\n
\u7de8\u96c6\u3059\u308bPC\u3060\u3051\u3092\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u306b\u767b\u9332\u3057\u3001\u9069\u7528\u9664\u5916\u306b\u3059\u308b<\/p>\n
\n# cd \/usr\/local\/apaache2\/modsecurity.d\/owasp-modsecurity-crs\/rules\/<\/span>\n# vi white-list.conf<\/span>\nSecRule REMOTE_ADDR \"@ipMatch 192.168.1.101,192.168.21.2,192.168.21.3\" id:2000,phase:1,t:none,log,allow\nApache\u3092\u518d\u8d77\u52d5\u3057\u307e\u3059\n# systemctl restart httpd<\/span>\n<\/pre>\n
\u52d5\u4f5c\u30c6\u30b9\u30c8<\/h2>\n
\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30fb\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0(XSS)\u3067\u30c6\u30b9\u30c8\u3057\u3066\u307f\u307e\u3059<\/p>\n
\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u3092\u6709\u52b9\u306b\u3057\u3066\u30c6\u30b9\u30c8<\/h3>\n
Modsecurity\u306erule\u306b\u8a2d\u5b9a\u3057\u305f\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u3092\u6709\u52b9\u306a\u72b6\u614b\u3067\u3001\u5bfe\u8c61PC\u304b\u3089\u4ee5\u4e0b\u306eURL\u3067\u30d6\u30e9\u30a6\u30b6\u3092\u958b\u3044\u3066\u307f\u307e\u3059
\n\"\"
\n\u30d6\u30e9\u30a6\u30b6\u306e\u8868\u793a\u3067\u3059\u3002
\n\"\"
\n\u7d50\u679c\u306f\u3001\u8a72\u5f53\u306e\u30da\u30fc\u30b8\u304c\u7121\u3044\u3068\u8868\u793a\u3055\u308c\u3066\u304a\u308a\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3067\u306f\u306d\u3089\u308c\u3066\u3044\u307e\u305b\u3093\u3002\u5bfe\u8c61PC\u304b\u3089\u306f\u62d2\u5426\u3057\u3066\u3044\u306a\u3044\u72b6\u614b\u3067\u3059\u3002<\/p>\n
\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u3092\u7121\u52b9\u306b\u3057\u3066\u30c6\u30b9\u30c8<\/h3>\n
\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u7121\u3057\u3067\u306e\u30c6\u30b9\u30c8\u306e\u7d50\u679c\u3067\u3059\uff08\u5168\u3066\u306ePC\u306b\u30eb\u30fc\u30eb\u3092\u9069\u7528\u3059\u308b\u72b6\u614b\uff09
\n\"\"
\n\u4e0a\u56f3\u306e\u7d50\u679c\u306fForbidden\u3067\u306f\u306d\u3089\u308c\u3066\u3044\u307e\u3059\uff01Modsecurity\u304c\u52d5\u4f5c\u3057\u3066\u3044\u308b\u4e8b\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
WAF\uff12\u306e\u5c0e\u5165 HTTP\/2\u74b0\u5883\u3078\u306eWAF\u306e\u5c0e\u5165\u624b\u9806 \u203bWAF2\u3068\u52dd\u624b\u306b\u540d\u524d\u3092\u4ed8\u3051\u307e\u3057\u305f\u304c\u3001HTTP\/2\u5bfe\u5fdc\u306eWAF\u306e\u4e8b\u3092\u3053\u3053\u3067\u306fWAF2\u3068\u3057\u307e\u3057\u305f\u3002 WAF\uff08Web Application Firewall\uff09\u306eModS […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":1824,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"class_list":["post-5221","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/east19-mikas.com\/mpat\/index.php?rest_route=\/wp\/v2\/pages\/5221","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/east19-mikas.com\/mpat\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/east19-mikas.com\/mpat\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/east19-mikas.com\/mpat\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/east19-mikas.com\/mpat\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5221"}],"version-history":[{"count":0,"href":"https:\/\/east19-mikas.com\/mpat\/index.php?rest_route=\/wp\/v2\/pages\/5221\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/east19-mikas.com\/mpat\/index.php?rest_route=\/wp\/v2\/pages\/1824"}],"wp:attachment":[{"href":"https:\/\/east19-mikas.com\/mpat\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}