質問編集履歴
3
修正
test
CHANGED
File without changes
|
test
CHANGED
@@ -8,7 +8,7 @@
|
|
8
8
|
|
9
9
|
dameo様の質問を見てふと調べてみたのですが、
|
10
10
|
|
11
|
-
どうも `
|
11
|
+
どうも `xxx.yyy.zzz.180` はローカルネットワークが使用しているデフォルトゲートウェイに割り当てられたIPアドレスのようでした。
|
12
12
|
|
13
13
|
|
14
14
|
|
@@ -16,7 +16,7 @@
|
|
16
16
|
|
17
17
|
$ curl ifconfig.io
|
18
18
|
|
19
|
-
|
19
|
+
xxx.yyy.zzz.180
|
20
20
|
|
21
21
|
```
|
22
22
|
|
@@ -28,9 +28,9 @@
|
|
28
28
|
|
29
29
|
```NginxAccessLog
|
30
30
|
|
31
|
-
nginx-proxy | nginx.1 |
|
32
|
-
|
33
|
-
nginx-proxy | nginx.1 |
|
31
|
+
nginx-proxy | nginx.1 | xxx.yyy.zzz.180 172.26.0.1 - - [20/Aug/2020:08:28:35 +0000] "GET / HTTP/1.1" 503 599 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36"
|
32
|
+
|
33
|
+
nginx-proxy | nginx.1 | xxx.yyy.zzz.180 172.26.0.1 - - [20/Aug/2020:08:28:35 +0000] "GET /favicon.ico HTTP/1.1" 503 599 "http://xxx.yyy.zzz.180/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36"
|
34
34
|
|
35
35
|
```
|
36
36
|
|
@@ -48,23 +48,23 @@
|
|
48
48
|
|
49
49
|
```NginxAccessLog
|
50
50
|
|
51
|
-
nginx-proxy | nginx.1 |
|
52
|
-
|
53
|
-
nginx-proxy | nginx.1 |
|
54
|
-
|
55
|
-
nginx-proxy | nginx.1 |
|
56
|
-
|
57
|
-
nginx-proxy | nginx.1 |
|
58
|
-
|
59
|
-
nginx-proxy | nginx.1 |
|
60
|
-
|
61
|
-
nginx-proxy | nginx.1 |
|
62
|
-
|
63
|
-
nginx-proxy | nginx.1 |
|
64
|
-
|
65
|
-
nginx-proxy | nginx.1 |
|
66
|
-
|
67
|
-
nginx-proxy | nginx.1 |
|
51
|
+
nginx-proxy | nginx.1 | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:06 +0000] "GET /TP/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
|
52
|
+
|
53
|
+
nginx-proxy | nginx.1 | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:07 +0000] "GET /TP/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
|
54
|
+
|
55
|
+
nginx-proxy | nginx.1 | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:07 +0000] "GET /thinkphp/html/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
|
56
|
+
|
57
|
+
nginx-proxy | nginx.1 | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:07 +0000] "GET /html/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
|
58
|
+
|
59
|
+
nginx-proxy | nginx.1 | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:07 +0000] "GET /public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
|
60
|
+
|
61
|
+
nginx-proxy | nginx.1 | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:08 +0000] "GET /TP/html/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
|
62
|
+
|
63
|
+
nginx-proxy | nginx.1 | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:09 +0000] "GET /elrekt.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
|
64
|
+
|
65
|
+
nginx-proxy | nginx.1 | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:09 +0000] "GET /index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
|
66
|
+
|
67
|
+
nginx-proxy | nginx.1 | xxx.yyy.zzz.180 172.19.0.1 - - [18/Aug/2020:02:21:11 +0000] "GET / HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
|
68
68
|
|
69
69
|
```
|
70
70
|
|
2
修正
test
CHANGED
File without changes
|
test
CHANGED
@@ -2,8 +2,52 @@
|
|
2
2
|
|
3
3
|
|
4
4
|
|
5
|
+
20200820 追記ここから >>>>>
|
6
|
+
|
7
|
+
|
8
|
+
|
9
|
+
dameo様の質問を見てふと調べてみたのですが、
|
10
|
+
|
11
|
+
どうも `125.4.237.180` はローカルネットワークが使用しているデフォルトゲートウェイに割り当てられたIPアドレスのようでした。
|
12
|
+
|
13
|
+
|
14
|
+
|
15
|
+
```bash
|
16
|
+
|
17
|
+
$ curl ifconfig.io
|
18
|
+
|
19
|
+
125.4.237.180
|
20
|
+
|
21
|
+
```
|
22
|
+
|
23
|
+
|
24
|
+
|
25
|
+
ブラウザにIPを直打ちすると該当のログと同様のログが記録されます。
|
26
|
+
|
27
|
+
|
28
|
+
|
5
29
|
```NginxAccessLog
|
6
30
|
|
31
|
+
nginx-proxy | nginx.1 | 125.4.237.180 172.26.0.1 - - [20/Aug/2020:08:28:35 +0000] "GET / HTTP/1.1" 503 599 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36"
|
32
|
+
|
33
|
+
nginx-proxy | nginx.1 | 125.4.237.180 172.26.0.1 - - [20/Aug/2020:08:28:35 +0000] "GET /favicon.ico HTTP/1.1" 503 599 "http://125.4.237.180/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36"
|
34
|
+
|
35
|
+
```
|
36
|
+
|
37
|
+
|
38
|
+
|
39
|
+
スマートフォンのモバイルネットワーク経由アクセスしても同様にログが出力されるので、どうもIP直打ちすると外部ネットワークからローカルネットワーク内のウェブサーバにアクセスできてしまう状態のようです。
|
40
|
+
|
41
|
+
自宅WiFiのルーターはこのような挙動が一般的なのでしょうか?
|
42
|
+
|
43
|
+
|
44
|
+
|
45
|
+
<<<<< 20200820 追記ここまで
|
46
|
+
|
47
|
+
|
48
|
+
|
49
|
+
```NginxAccessLog
|
50
|
+
|
7
51
|
nginx-proxy | nginx.1 | 125.4.237.180 172.19.0.1 - - [18/Aug/2020:02:21:06 +0000] "GET /TP/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
|
8
52
|
|
9
53
|
nginx-proxy | nginx.1 | 125.4.237.180 172.19.0.1 - - [18/Aug/2020:02:21:07 +0000] "GET /TP/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
|
@@ -103,3 +147,85 @@
|
|
103
147
|
reverse-proxy-network:
|
104
148
|
|
105
149
|
```
|
150
|
+
|
151
|
+
|
152
|
+
|
153
|
+
20200820 追記ここから >>>>>
|
154
|
+
|
155
|
+
|
156
|
+
|
157
|
+
該当ログを出力しているNginxの設定ファイルです。
|
158
|
+
|
159
|
+
|
160
|
+
|
161
|
+
```NginxConf
|
162
|
+
|
163
|
+
user nginx;
|
164
|
+
|
165
|
+
worker_processes auto;
|
166
|
+
|
167
|
+
|
168
|
+
|
169
|
+
error_log /var/log/nginx/error.log warn;
|
170
|
+
|
171
|
+
pid /var/run/nginx.pid;
|
172
|
+
|
173
|
+
|
174
|
+
|
175
|
+
|
176
|
+
|
177
|
+
events {
|
178
|
+
|
179
|
+
worker_connections 1024;
|
180
|
+
|
181
|
+
}
|
182
|
+
|
183
|
+
|
184
|
+
|
185
|
+
|
186
|
+
|
187
|
+
http {
|
188
|
+
|
189
|
+
include /etc/nginx/mime.types;
|
190
|
+
|
191
|
+
default_type application/octet-stream;
|
192
|
+
|
193
|
+
|
194
|
+
|
195
|
+
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
196
|
+
|
197
|
+
'$status $body_bytes_sent "$http_referer" '
|
198
|
+
|
199
|
+
'"$http_user_agent" "$http_x_forwarded_for"';
|
200
|
+
|
201
|
+
|
202
|
+
|
203
|
+
access_log /var/log/nginx/access.log main;
|
204
|
+
|
205
|
+
|
206
|
+
|
207
|
+
sendfile on;
|
208
|
+
|
209
|
+
#tcp_nopush on;
|
210
|
+
|
211
|
+
|
212
|
+
|
213
|
+
keepalive_timeout 65;
|
214
|
+
|
215
|
+
|
216
|
+
|
217
|
+
#gzip on;
|
218
|
+
|
219
|
+
|
220
|
+
|
221
|
+
include /etc/nginx/conf.d/*.conf;
|
222
|
+
|
223
|
+
}
|
224
|
+
|
225
|
+
daemon off;
|
226
|
+
|
227
|
+
```
|
228
|
+
|
229
|
+
|
230
|
+
|
231
|
+
<<<<< 20200820 追記ここまで
|
1
追記
test
CHANGED
File without changes
|
test
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
|
4
4
|
|
5
|
-
```
|
5
|
+
```NginxAccessLog
|
6
6
|
|
7
7
|
nginx-proxy | nginx.1 | 125.4.237.180 172.19.0.1 - - [18/Aug/2020:02:21:06 +0000] "GET /TP/public/index.php HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
|
8
8
|
|
@@ -26,6 +26,10 @@
|
|
26
26
|
|
27
27
|
|
28
28
|
|
29
|
+
該当のDockerコンテナは開発用に動作させており、Macbookのブラウザから `http://localhost` で接続することを想定しております。(外部からのアクセスを想定していません。)
|
30
|
+
|
31
|
+
|
32
|
+
|
29
33
|
いままでローカル環境は安全だと思っていたのですが、このような攻撃を受けた場合どのような対策を行えば良いでしょうか。
|
30
34
|
|
31
35
|
|
@@ -37,3 +41,65 @@
|
|
37
41
|
- 使用デバイス: MacOS Catalina v10.15.5
|
38
42
|
|
39
43
|
- docker desktop community: v2.3.0.4 (46911)
|
44
|
+
|
45
|
+
|
46
|
+
|
47
|
+
```DockerComposeYml
|
48
|
+
|
49
|
+
version: "3.7"
|
50
|
+
|
51
|
+
|
52
|
+
|
53
|
+
services:
|
54
|
+
|
55
|
+
admin-app-server:
|
56
|
+
|
57
|
+
image: "nginx:1.18"
|
58
|
+
|
59
|
+
container_name: "admin-app-server"
|
60
|
+
|
61
|
+
env_file:
|
62
|
+
|
63
|
+
- ".env"
|
64
|
+
|
65
|
+
volumes:
|
66
|
+
|
67
|
+
- "./nginx/nginx.conf:/etc/nginx/nginx.conf"
|
68
|
+
|
69
|
+
- "./nginx/conf.d:/etc/nginx/conf.d"
|
70
|
+
|
71
|
+
- "./nginx/certs:/etc/nginx/certs"
|
72
|
+
|
73
|
+
- "./app:/usr/share/nginx/html"
|
74
|
+
|
75
|
+
networks:
|
76
|
+
|
77
|
+
reverse-proxy-network:
|
78
|
+
|
79
|
+
|
80
|
+
|
81
|
+
nginx-proxy:
|
82
|
+
|
83
|
+
image: "jwilder/nginx-proxy"
|
84
|
+
|
85
|
+
container_name: "nginx-proxy"
|
86
|
+
|
87
|
+
ports:
|
88
|
+
|
89
|
+
- "80:80"
|
90
|
+
|
91
|
+
volumes:
|
92
|
+
|
93
|
+
- "/var/run/docker.sock:/tmp/docker.sock:ro"
|
94
|
+
|
95
|
+
networks:
|
96
|
+
|
97
|
+
reverse-proxy-network:
|
98
|
+
|
99
|
+
|
100
|
+
|
101
|
+
networks:
|
102
|
+
|
103
|
+
reverse-proxy-network:
|
104
|
+
|
105
|
+
```
|