質問編集履歴
1
vhosts\.conf追加
test
CHANGED
File without changes
|
test
CHANGED
@@ -24,22 +24,30 @@
|
|
24
24
|
|
25
25
|
■OS
|
26
26
|
|
27
|
+
```lang-conf
|
28
|
+
|
27
29
|
[root@localhost httpd]# cat /etc/redhat-release
|
28
30
|
|
29
31
|
CentOS release 6.6 (Final)
|
30
32
|
|
33
|
+
```
|
34
|
+
|
31
35
|
|
32
36
|
|
33
37
|
■httpdのバージョン
|
34
38
|
|
39
|
+
```lang-conf
|
40
|
+
|
35
41
|
[root@localhost httpd]# /usr/sbin/httpd -v
|
36
42
|
|
37
43
|
Server version: Apache/2.2.15 (Unix)
|
38
44
|
|
39
|
-
|
45
|
+
```
|
40
46
|
|
41
47
|
■ログフォーマット
|
42
48
|
|
49
|
+
```lang-conf
|
50
|
+
|
43
51
|
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
44
52
|
|
45
53
|
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
@@ -50,16 +58,162 @@
|
|
50
58
|
|
51
59
|
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%h\"" combined_with_realip
|
52
60
|
|
61
|
+
```
|
62
|
+
|
53
63
|
|
54
64
|
|
55
65
|
■SSL導入前までのログ
|
56
66
|
|
67
|
+
```lang-conf
|
68
|
+
|
57
69
|
xx.xx.79.150 - - [01/Aug/2016:12:13:40 +0900] "POST アクセス先 HTTP/1.1" 200 61 "リファラー" "Mozilla/5.0
|
58
70
|
|
71
|
+
```
|
72
|
+
|
59
73
|
|
60
74
|
|
61
75
|
■SSL導入後のログ
|
62
76
|
|
77
|
+
```lang-conf
|
78
|
+
|
63
79
|
- - - [02/Aug/2016:21:29:23 +0900] "GET アクセス先 HTTP/1.1" 403 300 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0" "身に覚えのないIPアドレス"
|
64
80
|
|
81
|
+
```
|
82
|
+
|
83
|
+
|
84
|
+
|
65
85
|
※IPアドレス制限をかけているため認証エラー
|
86
|
+
|
87
|
+
|
88
|
+
|
89
|
+
追記
|
90
|
+
|
91
|
+
■vhosts.conf
|
92
|
+
|
93
|
+
```lang-conf
|
94
|
+
|
95
|
+
<VirtualHost *:80>
|
96
|
+
|
97
|
+
ServerName www.ドメイン
|
98
|
+
|
99
|
+
ServerAlias ドメイン
|
100
|
+
|
101
|
+
DocumentRoot "/home/www/html"
|
102
|
+
|
103
|
+
ServerAdmin admin@root-d.com
|
104
|
+
|
105
|
+
<Directory "/home/www/html">
|
106
|
+
|
107
|
+
Options -Indexes FollowSymLinks ExecCGI +IncludesNoExec
|
108
|
+
|
109
|
+
AllowOverride all
|
110
|
+
|
111
|
+
#Require all granted
|
112
|
+
|
113
|
+
#Satisfy Any
|
114
|
+
|
115
|
+
</Directory>
|
116
|
+
|
117
|
+
|
118
|
+
|
119
|
+
RewriteEngine on
|
120
|
+
|
121
|
+
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
|
122
|
+
|
123
|
+
RewriteRule .* - [F]
|
124
|
+
|
125
|
+
|
126
|
+
|
127
|
+
CustomLog "|/usr/sbin/rotatelogs /home/www/logs/apache/access_log.%Y%m%d 86400 540" combined_with_realip
|
128
|
+
|
129
|
+
ErrorLog /home/www/logs/apache/error_log
|
130
|
+
|
131
|
+
</VirtualHost>
|
132
|
+
|
133
|
+
|
134
|
+
|
135
|
+
<VirtualHost *:443>
|
136
|
+
|
137
|
+
ServerName www.ドメイン:443
|
138
|
+
|
139
|
+
DocumentRoot "/home/www/html"
|
140
|
+
|
141
|
+
ServerAdmin admin@root-d.com
|
142
|
+
|
143
|
+
|
144
|
+
|
145
|
+
ErrorLog /home/www/logs/apache/ssl_error_log
|
146
|
+
|
147
|
+
TransferLog /home/www/logs/apache/ssl_access_log
|
148
|
+
|
149
|
+
LogLevel warn
|
150
|
+
|
151
|
+
SSLEngine on
|
152
|
+
|
153
|
+
SSLProtocol all -SSLv2
|
154
|
+
|
155
|
+
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
|
156
|
+
|
157
|
+
SSLCertificateFile /etc/httpd/conf.d/ssl/server.crt
|
158
|
+
|
159
|
+
SSLCACertificateFile /etc/httpd/conf.d/ssl/ca.crt
|
160
|
+
|
161
|
+
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/server.key
|
162
|
+
|
163
|
+
|
164
|
+
|
165
|
+
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
|
166
|
+
|
167
|
+
SSLOptions +StdEnvVars
|
168
|
+
|
169
|
+
</Files>
|
170
|
+
|
171
|
+
<Directory "/home/www/html">
|
172
|
+
|
173
|
+
SSLOptions +StdEnvVars
|
174
|
+
|
175
|
+
AllowOverride all
|
176
|
+
|
177
|
+
</Directory>
|
178
|
+
|
179
|
+
SetEnvIf User-Agent ".*MSIE.*" \
|
180
|
+
|
181
|
+
nokeepalive ssl-unclean-shutdown \
|
182
|
+
|
183
|
+
downgrade-1.0 force-response-1.0
|
184
|
+
|
185
|
+
# CustomLog logs/ssl_request_log \
|
186
|
+
|
187
|
+
# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
188
|
+
|
189
|
+
CustomLog "|/usr/sbin/rotatelogs /home/www/logs/apache/ssl_request_log.%Y%m%d 86400 540" combined
|
190
|
+
|
191
|
+
|
192
|
+
|
193
|
+
<Directory /home/www/html/share/uploads/mw-wp-form_uploads>
|
194
|
+
|
195
|
+
SetEnvIf X-Forwarded-For "99\.999\.99\.99|999\.999\.999\.999|999\.999\.999\.999" allowIP
|
196
|
+
|
197
|
+
Satisfy Any
|
198
|
+
|
199
|
+
Order deny,allow
|
200
|
+
|
201
|
+
Deny from all
|
202
|
+
|
203
|
+
Allow from env=allowIP
|
204
|
+
|
205
|
+
</Directory>
|
206
|
+
|
207
|
+
</VirtualHost>
|
208
|
+
|
209
|
+
```
|
210
|
+
|
211
|
+
※ドメイン名とアクセス許可IPは伏せさせていただきました。
|
212
|
+
|
213
|
+
ほかにもディレクトリ毎に.htaccessでX-Forwarded-Forを用いたアクセス制限をしています。
|
214
|
+
|
215
|
+
今回の減少はこのX-Forwarded-Forの判定がうまくいかなくなってしまったことが原因です。
|
216
|
+
|
217
|
+
Allow from all
|
218
|
+
|
219
|
+
にすればアクセスできないところが使用できるようになります。
|