質問編集履歴
1
vhosts\.conf追加
title
CHANGED
|
File without changes
|
body
CHANGED
|
@@ -11,23 +11,100 @@
|
|
|
11
11
|
何卒よろしくお願いいたします。
|
|
12
12
|
|
|
13
13
|
■OS
|
|
14
|
+
```lang-conf
|
|
14
15
|
[root@localhost httpd]# cat /etc/redhat-release
|
|
15
16
|
CentOS release 6.6 (Final)
|
|
17
|
+
```
|
|
16
18
|
|
|
17
19
|
■httpdのバージョン
|
|
20
|
+
```lang-conf
|
|
18
21
|
[root@localhost httpd]# /usr/sbin/httpd -v
|
|
19
22
|
Server version: Apache/2.2.15 (Unix)
|
|
20
|
-
|
|
23
|
+
```
|
|
21
24
|
■ログフォーマット
|
|
25
|
+
```lang-conf
|
|
22
26
|
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
|
23
27
|
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
|
24
28
|
LogFormat "%{Referer}i -> %U" referer
|
|
25
29
|
LogFormat "%{User-agent}i" agent
|
|
26
30
|
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%h\"" combined_with_realip
|
|
31
|
+
```
|
|
27
32
|
|
|
28
33
|
■SSL導入前までのログ
|
|
34
|
+
```lang-conf
|
|
29
35
|
xx.xx.79.150 - - [01/Aug/2016:12:13:40 +0900] "POST アクセス先 HTTP/1.1" 200 61 "リファラー" "Mozilla/5.0
|
|
36
|
+
```
|
|
30
37
|
|
|
31
38
|
■SSL導入後のログ
|
|
39
|
+
```lang-conf
|
|
32
40
|
- - - [02/Aug/2016:21:29:23 +0900] "GET アクセス先 HTTP/1.1" 403 300 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0" "身に覚えのないIPアドレス"
|
|
41
|
+
```
|
|
42
|
+
|
|
33
|
-
※IPアドレス制限をかけているため認証エラー
|
|
43
|
+
※IPアドレス制限をかけているため認証エラー
|
|
44
|
+
|
|
45
|
+
追記
|
|
46
|
+
■vhosts.conf
|
|
47
|
+
```lang-conf
|
|
48
|
+
<VirtualHost *:80>
|
|
49
|
+
ServerName www.ドメイン
|
|
50
|
+
ServerAlias ドメイン
|
|
51
|
+
DocumentRoot "/home/www/html"
|
|
52
|
+
ServerAdmin admin@root-d.com
|
|
53
|
+
<Directory "/home/www/html">
|
|
54
|
+
Options -Indexes FollowSymLinks ExecCGI +IncludesNoExec
|
|
55
|
+
AllowOverride all
|
|
56
|
+
#Require all granted
|
|
57
|
+
#Satisfy Any
|
|
58
|
+
</Directory>
|
|
59
|
+
|
|
60
|
+
RewriteEngine on
|
|
61
|
+
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
|
|
62
|
+
RewriteRule .* - [F]
|
|
63
|
+
|
|
64
|
+
CustomLog "|/usr/sbin/rotatelogs /home/www/logs/apache/access_log.%Y%m%d 86400 540" combined_with_realip
|
|
65
|
+
ErrorLog /home/www/logs/apache/error_log
|
|
66
|
+
</VirtualHost>
|
|
67
|
+
|
|
68
|
+
<VirtualHost *:443>
|
|
69
|
+
ServerName www.ドメイン:443
|
|
70
|
+
DocumentRoot "/home/www/html"
|
|
71
|
+
ServerAdmin admin@root-d.com
|
|
72
|
+
|
|
73
|
+
ErrorLog /home/www/logs/apache/ssl_error_log
|
|
74
|
+
TransferLog /home/www/logs/apache/ssl_access_log
|
|
75
|
+
LogLevel warn
|
|
76
|
+
SSLEngine on
|
|
77
|
+
SSLProtocol all -SSLv2
|
|
78
|
+
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
|
|
79
|
+
SSLCertificateFile /etc/httpd/conf.d/ssl/server.crt
|
|
80
|
+
SSLCACertificateFile /etc/httpd/conf.d/ssl/ca.crt
|
|
81
|
+
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/server.key
|
|
82
|
+
|
|
83
|
+
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
|
|
84
|
+
SSLOptions +StdEnvVars
|
|
85
|
+
</Files>
|
|
86
|
+
<Directory "/home/www/html">
|
|
87
|
+
SSLOptions +StdEnvVars
|
|
88
|
+
AllowOverride all
|
|
89
|
+
</Directory>
|
|
90
|
+
SetEnvIf User-Agent ".*MSIE.*" \
|
|
91
|
+
nokeepalive ssl-unclean-shutdown \
|
|
92
|
+
downgrade-1.0 force-response-1.0
|
|
93
|
+
# CustomLog logs/ssl_request_log \
|
|
94
|
+
# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
|
95
|
+
CustomLog "|/usr/sbin/rotatelogs /home/www/logs/apache/ssl_request_log.%Y%m%d 86400 540" combined
|
|
96
|
+
|
|
97
|
+
<Directory /home/www/html/share/uploads/mw-wp-form_uploads>
|
|
98
|
+
SetEnvIf X-Forwarded-For "99\.999\.99\.99|999\.999\.999\.999|999\.999\.999\.999" allowIP
|
|
99
|
+
Satisfy Any
|
|
100
|
+
Order deny,allow
|
|
101
|
+
Deny from all
|
|
102
|
+
Allow from env=allowIP
|
|
103
|
+
</Directory>
|
|
104
|
+
</VirtualHost>
|
|
105
|
+
```
|
|
106
|
+
※ドメイン名とアクセス許可IPは伏せさせていただきました。
|
|
107
|
+
ほかにもディレクトリ毎に.htaccessでX-Forwarded-Forを用いたアクセス制限をしています。
|
|
108
|
+
今回の減少はこのX-Forwarded-Forの判定がうまくいかなくなってしまったことが原因です。
|
|
109
|
+
Allow from all
|
|
110
|
+
にすればアクセスできないところが使用できるようになります。
|