質問編集履歴

修正

2020/08/20 13:02

投稿

退会済みユーザー

スコア0

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -8,7 +8,7 @@
 dameo様の質問を見てふと調べてみたのですが、
-どうも `125.4.237.180` はローカルネットワークが使用しているデフォルトゲートウェイに割り当てられたIPアドレスのようでした。
+どうも `xxx.yyy.zzz.180` はローカルネットワークが使用しているデフォルトゲートウェイに割り当てられたIPアドレスのようでした。
@@ -16,7 +16,7 @@
 $ curl ifconfig.io
-125.4.237.180
+xxx.yyy.zzz.180
 ```
@@ -28,9 +28,9 @@
 ```NginxAccessLog
-nginx-proxy | nginx.1    | 125.4.237.180 172.26.0.1 - - [20/Aug/2020:08:28:35 +0000] "GET / HTTP/1.1" 503 599 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36"
-nginx-proxy | nginx.1    | 125.4.237.180 172.26.0.1 - - [20/Aug/2020:08:28:35 +0000] "GET /favicon.ico HTTP/1.1" 503 599 "http://125.4.237.180/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36"
+nginx-proxy | nginx.1    | xxx.yyy.zzz.180 172.26.0.1 - - [20/Aug/2020:08:28:35 +0000] "GET / HTTP/1.1" 503 599 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36"
+nginx-proxy | nginx.1    | xxx.yyy.zzz.180 172.26.0.1 - - [20/Aug/2020:08:28:35 +0000] "GET /favicon.ico HTTP/1.1" 503 599 "http://xxx.yyy.zzz.180/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36"
 ```
@@ -48,23 +48,23 @@
 ```NginxAccessLog
-nginx-proxy | nginx.1    | 125.4.237.180 172.19.0.1 - - [18/Aug/2020:02:21:06 +0000] "GET /TP/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
-nginx-proxy | nginx.1    | 125.4.237.180 172.19.0.1 - - [18/Aug/2020:02:21:07 +0000] "GET /TP/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
-nginx-proxy | nginx.1    | 125.4.237.180 172.19.0.1 - - [18/Aug/2020:02:21:07 +0000] "GET /thinkphp/html/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
-nginx-proxy | nginx.1    | 125.4.237.180 172.19.0.1 - - [18/Aug/2020:02:21:07 +0000] "GET /html/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
-nginx-proxy | nginx.1    | 125.4.237.180 172.19.0.1 - - [18/Aug/2020:02:21:07 +0000] "GET /public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
-nginx-proxy | nginx.1    | 125.4.237.180 172.19.0.1 - - [18/Aug/2020:02:21:08 +0000] "GET /TP/html/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
-nginx-proxy | nginx.1    | 125.4.237.180 172.19.0.1 - - [18/Aug/2020:02:21:09 +0000] "GET /elrekt.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
-nginx-proxy | nginx.1    | 125.4.237.180 172.19.0.1 - - [18/Aug/2020:02:21:09 +0000] "GET /index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
-nginx-proxy | nginx.1    | 125.4.237.180 172.19.0.1 - - [18/Aug/2020:02:21:11 +0000] "GET / HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
+nginx-proxy | nginx.1    | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:06 +0000] "GET /TP/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
+nginx-proxy | nginx.1    | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:07 +0000] "GET /TP/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
+nginx-proxy | nginx.1    | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:07 +0000] "GET /thinkphp/html/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
+nginx-proxy | nginx.1    | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:07 +0000] "GET /html/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
+nginx-proxy | nginx.1    | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:07 +0000] "GET /public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
+nginx-proxy | nginx.1    | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:08 +0000] "GET /TP/html/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
+nginx-proxy | nginx.1    | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:09 +0000] "GET /elrekt.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
+nginx-proxy | nginx.1    | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:09 +0000] "GET /index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
+nginx-proxy | nginx.1    | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:11 +0000] "GET / HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
 ```

修正

2020/08/20 13:02

投稿

退会済みユーザー

スコア0

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -2,8 +2,52 @@
+20200820 追記ここから >>>>>
+dameo様の質問を見てふと調べてみたのですが、
+どうも `125.4.237.180` はローカルネットワークが使用しているデフォルトゲートウェイに割り当てられたIPアドレスのようでした。
+```bash
+$ curl ifconfig.io
+125.4.237.180
+```
+ブラウザにIPを直打ちすると該当のログと同様のログが記録されます。
 ```NginxAccessLog
+nginx-proxy | nginx.1    | 125.4.237.180 172.26.0.1 - - [20/Aug/2020:08:28:35 +0000] "GET / HTTP/1.1" 503 599 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36"
+nginx-proxy | nginx.1    | 125.4.237.180 172.26.0.1 - - [20/Aug/2020:08:28:35 +0000] "GET /favicon.ico HTTP/1.1" 503 599 "http://125.4.237.180/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36"
+```
+スマートフォンのモバイルネットワーク経由アクセスしても同様にログが出力されるので、どうもIP直打ちすると外部ネットワークからローカルネットワーク内のウェブサーバにアクセスできてしまう状態のようです。
+自宅WiFiのルーターはこのような挙動が一般的なのでしょうか？
+<<<<< 20200820 追記ここまで
+```NginxAccessLog
 nginx-proxy | nginx.1    | 125.4.237.180 172.19.0.1 - - [18/Aug/2020:02:21:06 +0000] "GET /TP/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
 nginx-proxy | nginx.1    | 125.4.237.180 172.19.0.1 - - [18/Aug/2020:02:21:07 +0000] "GET /TP/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
@@ -103,3 +147,85 @@
   reverse-proxy-network:
 ```
+20200820 追記ここから >>>>>
+該当ログを出力しているNginxの設定ファイルです。
+```NginxConf
+user  nginx;
+worker_processes  auto;
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+events {
+    worker_connections  1024;
+}
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log  /var/log/nginx/access.log  main;
+    sendfile        on;
+    #tcp_nopush     on;
+    keepalive_timeout  65;
+    #gzip  on;
+    include /etc/nginx/conf.d/*.conf;
+}
+daemon off;
+```
+<<<<< 20200820 追記ここまで

追記

2020/08/20 08:40

投稿

退会済みユーザー

スコア0

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -2,7 +2,7 @@
-```
+```NginxAccessLog
 nginx-proxy | nginx.1    | 125.4.237.180 172.19.0.1 - - [18/Aug/2020:02:21:06 +0000] "GET /TP/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
@@ -26,6 +26,10 @@
+該当のDockerコンテナは開発用に動作させており、Macbookのブラウザから `http://localhost` で接続することを想定しております。（外部からのアクセスを想定していません。）
 いままでローカル環境は安全だと思っていたのですが、このような攻撃を受けた場合どのような対策を行えば良いでしょうか。
@@ -37,3 +41,65 @@
 - 使用デバイス： MacOS Catalina v10.15.5
 - docker desktop community: v2.3.0.4 (46911)
+```DockerComposeYml
+version: "3.7"
+services:
+  admin-app-server:
+    image: "nginx:1.18"
+    container_name: "admin-app-server"
+    env_file:
+      - ".env"
+    volumes:
+      - "./nginx/nginx.conf:/etc/nginx/nginx.conf"
+      - "./nginx/conf.d:/etc/nginx/conf.d"
+      - "./nginx/certs:/etc/nginx/certs"
+      - "./app:/usr/share/nginx/html"
+    networks:
+      reverse-proxy-network:
+  nginx-proxy:
+    image: "jwilder/nginx-proxy"
+    container_name: "nginx-proxy"
+    ports:
+      - "80:80"
+    volumes:
+      - "/var/run/docker.sock:/tmp/docker.sock:ro"
+    networks:
+      reverse-proxy-network:
+networks:
+  reverse-proxy-network:
+```