編集履歴

質問編集履歴

vhosts\.conf追加

2016/08/03 01:36

投稿

T.Yokotani

スコア141

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -24,22 +24,30 @@
 ■OS
+```lang-conf
 [root@localhost httpd]# cat /etc/redhat-release
 CentOS release 6.6 (Final)
+```
 ■httpdのバージョン
+```lang-conf
 [root@localhost httpd]# /usr/sbin/httpd -v
 Server version: Apache/2.2.15 (Unix)
+```
 ■ログフォーマット
+```lang-conf
 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
 LogFormat "%h %l %u %t \"%r\" %>s %b" common
@@ -50,16 +58,162 @@
 LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%h\"" combined_with_realip
+```
 ■SSL導入前までのログ
+```lang-conf
 xx.xx.79.150 - - [01/Aug/2016:12:13:40 +0900] "POST アクセス先 HTTP/1.1" 200 61 "リファラー" "Mozilla/5.0
+```
 ■SSL導入後のログ
+```lang-conf
 - - - [02/Aug/2016:21:29:23 +0900] "GET アクセス先 HTTP/1.1" 403 300 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0" "身に覚えのないIPアドレス"
+```
 ※IPアドレス制限をかけているため認証エラー
+追記
+■vhosts.conf
+```lang-conf
+<VirtualHost *:80>
+   ServerName www.ドメイン
+   ServerAlias ドメイン
+   DocumentRoot "/home/www/html"
+   ServerAdmin admin@root-d.com
+   <Directory "/home/www/html">
+       Options -Indexes FollowSymLinks ExecCGI +IncludesNoExec
+       AllowOverride all
+       #Require all granted
+       #Satisfy Any
+   </Directory>
+   RewriteEngine on
+   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
+   RewriteRule .* - [F]
+   CustomLog "|/usr/sbin/rotatelogs /home/www/logs/apache/access_log.%Y%m%d 86400 540" combined_with_realip
+   ErrorLog  /home/www/logs/apache/error_log
+</VirtualHost>
+<VirtualHost *:443>
+  ServerName www.ドメイン:443
+  DocumentRoot "/home/www/html"
+  ServerAdmin admin@root-d.com
+  ErrorLog /home/www/logs/apache/ssl_error_log
+  TransferLog /home/www/logs/apache/ssl_access_log
+  LogLevel warn
+  SSLEngine on
+  SSLProtocol all -SSLv2
+  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+  SSLCertificateFile    /etc/httpd/conf.d/ssl/server.crt
+  SSLCACertificateFile  /etc/httpd/conf.d/ssl/ca.crt
+  SSLCertificateKeyFile /etc/httpd/conf.d/ssl/server.key
+  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
+       SSLOptions +StdEnvVars
+  </Files>
+  <Directory "/home/www/html">
+       SSLOptions +StdEnvVars
+       AllowOverride all
+  </Directory>
+  SetEnvIf User-Agent ".*MSIE.*" \
+           nokeepalive ssl-unclean-shutdown \
+           downgrade-1.0 force-response-1.0
+#  CustomLog logs/ssl_request_log \
+#            "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+   CustomLog "|/usr/sbin/rotatelogs /home/www/logs/apache/ssl_request_log.%Y%m%d 86400 540" combined
+  <Directory /home/www/html/share/uploads/mw-wp-form_uploads>
+    SetEnvIf X-Forwarded-For "99\.999\.99\.99|999\.999\.999\.999|999\.999\.999\.999" allowIP
+    Satisfy Any
+    Order deny,allow
+    Deny from all
+    Allow from env=allowIP
+  </Directory>
+</VirtualHost>
+```
+※ドメイン名とアクセス許可IPは伏せさせていただきました。
+ほかにもディレクトリ毎に.htaccessでX-Forwarded-Forを用いたアクセス制限をしています。
+今回の減少はこのX-Forwarded-Forの判定がうまくいかなくなってしまったことが原因です。
+Allow from all
+にすればアクセスできないところが使用できるようになります。