[B! WAF] no_riã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

å¤§è¦æ¨¡ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ ã€ŒLizaMoonã€æ”»æ’ƒã«ã¤ã„ã¦èª¿ã¹ã¦ã¿ãŸã€‚ - piyolog

æœ€è¿‘TLä¸Šã§ã€Œæ–°ã—ã„ã‚¿ã‚¤ãƒ—ã®SQLã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³æ”»æ’ƒã€ã¨ã„ã†ã‚ãƒ¼ãƒ¯ãƒ¼ãƒ‰ã‚’è¦‹ã‹ã‘ã¾ã™ã€‚æƒ…å ±å…ƒã‚’ãŸã©ã£ã¦ã„ãã¨ã©ã†ã‚„ã‚‰ã“ã®æ”»æ’ƒã¯ã€ŒLizaMoon(ãƒ©ã‚¤ã‚¶ãƒ ãƒ¼ãƒ³)æ”»æ’ƒã€ã¨ã„ã†åç§°ã®æ¨¡æ§˜ã€‚æ”»æ’ƒã§ç”¨ã„ã‚‰ã‚ŒãŸæ‰‹æ³•ãŒã‚ã¾ã‚Šãªã„ãƒ‘ã‚¿ãƒ¼ãƒ³ã§ã‚ã£ãŸã¨ã„ã†ã“ã¨ã§ã©ã†ã„ã†ã‚‚ã®ã‹èª¿ã¹ã¦ã¿ã¾ã—ãŸã€‚ (1) LizaMoonæ”»æ’ƒã¨ã¯ä½•ã‹ å…ˆæœˆæœ«ã€3/29ã«webSenceã®Blogã«ã€Œæ–°ã—ã„æ‚ªæ„ã‚ã‚‹å¤§è¦æ¨¡ãªã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ãŒè¡Œã‚ã‚ŒãŸã€ã¨ã—ã¦ã€æ¬¡ã®ãƒã‚¹ãƒˆãŒè¡Œã‚ã‚Œã¾ã—ãŸã€‚ Websense Security Labs and the Websense Threatseeker Network have identified a new malicious mass-injection campaign that we call LizaMoon. Websense customers are protected wit

no_ri 2011/05/10

ãƒªãƒ³ã‚¯

â€œå®Œç’§ãªWAFâ€ã«å¦ã¶WAFã®é˜²å¾¡æˆ¦ç•¥ - ockeghem's blog

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£Expert 2010ã«å¤§æ²³å†…æ™ºç§€æ°ãŒã€Œç¾çŠ¶ã®èª²é¡Œã¨â€œå®Œç’§ãªWAFâ€ã€ã¨é¡Œã—ã¦å¯„ç¨¿ã•ã‚Œã¦ã„ã‚‹ã€‚å¤§å¤‰èˆˆå‘³æ·±ã„å†…å®¹ã§ã‚ã‚‹ã®ã§ã€ã“ã®å¯„ç¨¿ã‚’ãªãžã‚ŠãªãŒã‚‰ã€WAFã®é˜²å¾¡æˆ¦ç•¥ã«ã¤ã„ã¦æ¤œè¨Žã—ã¦ã¿ãŸã„ã€‚ ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒ»ã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°(XSS)ã«å¯¾ã™ã‚‹é˜²å¾¡ å¤§æ²³å†…æ°ã®å¯„ç¨¿ã®å‰åŠã¯ã€ç¾çŠ¶ã®WAFã®èª²é¡Œã¨ã—ã¦ã€Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã«å¯¾ã™ã‚‹æ”»æ’ƒã®å¤šãï¼ˆå¤§åŠï¼‰ãŒWAFã®ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆè¨å®šã§ã¯é˜²å¾¡ã§ããªã„ã¨æŒ‡æ‘˜ã™ã‚‹ã€‚ä¾‹ãˆã°ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒ»ã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°(XSS)ã«é–¢ã—ã¦ã¯ã€ä»¥ä¸‹ã®ã‚ˆã†ãªæŒ‡æ‘˜ãŒã‚ã‚‹ã€‚ ä»®ã«scriptã‚’ãƒ–ãƒ©ãƒƒã‚¯ãƒªã‚¹ãƒˆã«æŒ‡å®šã—ãŸã¨ã—ã¾ã—ã‚‡ã†ã€‚ãã‚Œã§ã‚‚ã¾ã ä¸ååˆ†ã§ã™ã€‚<IMG>ã‚¿ã‚°ã§XSSãŒç™ºå‹•ã™ã‚‹ã“ã¨ã‚’ã”å˜ã˜ã§ã—ã‚‡ã†ã‹ï¼Ÿãƒ—ãƒã‚°ãƒ©ãƒ ãªã©ã§ã¯<IMG>ã‚¿ã‚°ã¯ç”»åƒæ·»ä»˜ã«å¿…é ˆã§ã‚ã‚Šã€WAFã§ç¦æ¢ã™ã‚‹ã“ã¨ã¯é›£ã—ã„ã®ãŒå®Ÿæƒ…ã§ã€ãƒ–ãƒ©ãƒƒã‚¯ãƒªã‚¹ãƒˆæ–¹å¼ã®èª²é¡Œã¨ãªã£ã¦ã„ã¾ã™ã€‚ ã€Œç¾çŠ¶ã®èª²é¡Œã¨â€œå®Œç’§ãªWAFâ€ã€ã‚ˆã‚Šå¼•

no_ri 2010/05/07

ãƒªãƒ³ã‚¯

æƒ…å ±å‡¦ç†æŽ¨é€²æ©Ÿæ§‹ï¼šæƒ…å ±ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ï¼šè„†å¼±æ€§å¯¾ç– : ã€ŒWeb Application Firewall èªæœ¬ã€ã‚’å…¬é–‹

IPAï¼ˆç‹¬ç«‹è¡Œæ”¿æ³•äººæƒ…å ±å‡¦ç†æŽ¨é€²æ©Ÿæ§‹ã€ç†äº‹é•·ï¼šè¥¿åž£ æµ©å¸ï¼‰ã¯ã€ã‚¦ã‚§ãƒ–ã‚µã‚¤ãƒˆã®è„†å¼±æ€§ã®ä¿®æ£ä½œæ¥ãŒé•·æœŸåŒ–ã—ã¦ã„ã‚‹äº‹ä¾‹ãŒå°‘ãªããªã„ã“ã¨ã‹ã‚‰ã€ã‚¦ã‚§ãƒ–ã‚µã‚¤ãƒˆé‹å–¶è€…ãŒWeb Application Firewallï¼ˆã‚¦ã‚§ãƒ–ãƒ»ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãƒ»ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã€WAFï¼‰ã‚’å°Žå…¥ã™ã‚‹éš›ã®å‚è€ƒã¨ãªã‚‹è§£èª¬è³‡æ–™ã€ŒWeb Application Firewall èªæœ¬ã€ã‚’2010å¹´2æœˆ16æ—¥ï¼ˆç«ï¼‰ã‹ã‚‰IPAã®ã‚¦ã‚§ãƒ–ã‚µã‚¤ãƒˆã§å…¬é–‹ã—ã¾ã—ãŸã€‚ã€€URLï¼š http://www.ipa.go.jp/security/vuln/waf.html Web Application Firewallï¼ˆWAFï¼‰ã¯ã€ã‚¦ã‚§ãƒ–ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³(*1)ã®è„†å¼±æ€§(*2)ã‚’æ‚ªç”¨ã—ãŸæ”»æ’ƒãªã©ã‹ã‚‰ã‚¦ã‚§ãƒ–ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚’ä¿è·ã™ã‚‹ã‚½ãƒ•ãƒˆã‚¦ã‚§ã‚¢ã€ã¾ãŸã¯ãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ã™ã€‚WAFã¯è„†å¼±æ€§ã‚’ä¿®æ£ã™ã‚‹ã¨ã„ã£ãŸã‚¦ã‚§ãƒ–ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®å®Ÿè£…é¢ã§ã®æ ¹æœ¬çš„ãªå¯¾ç–ã§ã¯ãªã

no_ri 2010/02/16

ãƒªãƒ³ã‚¯

å¯èƒ½æ€§ã‚’æ„Ÿã˜ã•ã›ã‚‹Request Filtering Module - ãƒ´ã‚¡ãƒ«ã‚«ãƒ³ã®æ°—ã¾ãã‚Œæ—¥è¨˜

ã¤ã„å…ˆæ—¥çŸ¥ã£ãŸã®ã ãŒã€IIS7.xã§ã¯ã€UrlScanã®ã»ã¼å…¨ã¦ã®ä¸»è¦æ©Ÿèƒ½ãŒRequest Filtering Moduleï¼ˆè¦æ±‚ãƒ•ã‚£ãƒ«ã‚¿ï¼‰ã¨ã„ã†åç§°ã®ãƒã‚¤ãƒ†ã‚£ãƒ–ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã«çµ„ã¿è¾¼ã¾ã‚Œã¦æä¾›ã•ã‚Œã¦ã„ã‚‹ãã†ã ã€‚ å‚ç…§å…ƒï¼šUse Request Filtering | Microsoft Docs IIS7.xã«ã‚‚UrlScanã‚’å°Žå…¥ã™ã‚‹ã“ã¨ãŒå‡ºæ¥ã‚‹ãŒã€ã‚ãã¾ã§ã‚‚ISAPIãƒ•ã‚£ãƒ«ã‚¿ã¨ã—ã¦ã®å°Žå…¥ã«ãªã‚‹ã€‚ ãã—ã¦ã€è¨å®šå¤‰æ›´ã«IIS Managerã‚„appcmdãƒ„ãƒ¼ãƒ«ã‚’ä½¿ã†ã“ã¨ãŒå‡ºæ¥ãªã„ã€‚ ã‚‚ã¡ã‚ã‚“ã€WMIãƒ—ãƒãƒã‚¤ãƒ€çµŒç”±ã§ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚‚ç„¡ç†ã ã—ã€PowerShellã§ã®ç®¡ç†ã‚‚é›£ã—ã„ã ã‚ã†ã€‚ ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã¨ã—ã¦æä¾›ã•ã‚Œã€IIS7.xã«çµ„ã¿è¾¼ã‚€ã“ã¨ãŒå‡ºæ¥ã‚‹ã¨è¨€ã†ã“ã¨ã¯ã€IIS7.xã®ç®¡ç†ãƒ„ãƒ¼ãƒ«ãŒä¸€é€šã‚Šä½¿ãˆã‚‹ã¨ã„ã†ã“ã¨ã ã€‚ Administration Pack for IIS Managerã‚’ä½¿ãˆã°ã€GUI

no_ri 2009/11/29

ã¡ã‚‡ã£ã¨ã ã‘è©¦ã—ãŸã‘ã©ãƒ•ã‚£ãƒ«ã‚¿ãƒªãƒ³ã‚°ã®ã‚¿ã‚¤ãƒŸãƒ³ã‚°ãŒè‰¯ãã‚ã‹ã‚‰ãªã‹ã£ãŸã€‚ã‚‚ã†å°‘ã—èª¿ã¹ã¦ã¿ã‚ˆã†ã€‚

IIS
WAF

ãƒªãƒ³ã‚¯

ã‚¢ã‚«ãƒžã‚¤ãŒã‚¯ãƒ©ã‚¦ãƒ‰ã«WAFã‚’å®Ÿè£…ã—ã¦æä¾› ï¼ ï¼ IT

2009/05/21 ã‚¢ã‚«ãƒžã‚¤ã¯5æœˆ20æ—¥ã€åŒç¤¾ãŒå…¨ä¸–ç•Œã«é…ç½®ã—ã¦ã„ã‚‹ã‚³ãƒ³ãƒ†ãƒ³ãƒ„é…ä¿¡ç”¨ãƒ—ãƒ©ãƒƒãƒˆãƒ•ã‚©ãƒ¼ãƒ ã€ŒEdge Platformã€ã®æ©Ÿèƒ½ã‚’æ‹¡å¼µã—ã€Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ï¼ˆWAFï¼‰ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚’æè¼‰ã™ã‚‹ã“ã¨ã‚’ç™ºè¡¨ã—ãŸã€‚ã“ã‚Œã«ã‚ˆã‚Šã€ãƒ‡ãƒ¼ã‚¿ã‚»ãƒ³ã‚¿ãƒ¼ã«ç½®ã‹ã‚Œã¦ã„ã‚‹ã‚ªãƒªã‚¸ãƒŠãƒ«ã®ã‚µãƒ¼ãƒã«å±Šãå‰ã«ã€ã‚¯ãƒ©ã‚¦ãƒ‰å´ã§æ”»æ’ƒã‚’æ¤œå‡ºã€ãƒ–ãƒãƒƒã‚¯ã§ãã‚‹ã¨ã„ã†ã€‚ ã‚¢ã‚«ãƒžã‚¤ã§ã¯ã€ä¸–ç•Œ70ã‚«å›½ã«ç´„4ä¸‡8000å°ã®Edge Platformã‚’é…ç½®ã—ã€ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã‚’ä»‹ã—ãŸã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã®é«˜é€Ÿé…ä¿¡ã‚µãƒ¼ãƒ“ã‚¹ã‚’æä¾›ã—ã¦ããŸã€‚Edge Platformã§ã¯ã•ã‚‰ã«ã€ã‚ªãƒ³ãƒ©ã‚¤ãƒ³ã‚·ãƒ§ãƒƒãƒ”ãƒ³ã‚°äº‹æ¥è€…å‘ã‘ã«ã„ãã¤ã‹ã®ãƒ„ãƒ¼ãƒ«ã‚ãƒƒãƒˆã‚’æä¾›ã—ã¦ãŠã‚Šã€ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ããŸãƒ¦ãƒ¼ã‚¶ãƒ¼ã®å±žæ€§ã«å¿œã˜ã¦å„ªå…ˆé †ä½ä»˜ã‘ã‚’è¡Œã£ãŸã‚Šã€ã‚ãƒ£ãƒ³ãƒšãƒ¼ãƒ³ã¨é€£å‹•ã—ãŸã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã‚’æä¾›ã™ã‚‹ã¨ã„ã£ãŸã€ãã‚ç´°ã‹ãªã‚µãƒ¼ãƒ“ã‚¹æä¾›ãŒå¯èƒ½ã¨ã„ã†ã€‚ æ–°ãŸã«æä¾›ã•ã‚Œã‚‹WAFãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚‚ã€ã“ã®

no_ri 2009/09/30

WAF
cloud

ãƒªãƒ³ã‚¯

ã‚ªãƒ¼ãƒ—ãƒ³ã‚½ãƒ¼ã‚¹ç”±æ¥ã®å›½ç”£WAFã«ã‹ã‘ã‚‹æ„æ°—è¾¼ã¿

Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã®æ©Ÿèƒ½ã‚’ã‚µãƒ¼ãƒ“ã‚¹ã¨ã—ã¦æä¾›ã™ã‚‹å›½å†…åˆã®å–ã‚Šçµ„ã¿ã‚’ã‚»ã‚ãƒ¥ã‚¢ã‚¹ã‚«ã‚¤ãƒ»ãƒ†ã‚¯ãƒŽãƒã‚¸ãƒ¼ï¼ˆSSTï¼‰ãŒå§‹ã‚ãŸã€‚ã‚ªãƒ¼ãƒ—ãƒ³ã‚½ãƒ¼ã‚¹ç”±æ¥ã®åŒã‚µãƒ¼ãƒ“ã‚¹ã®é–‹ç™ºã‚’æ‰‹ãŒã‘ã‚‹é‡‘åºŠæ°ã¨SSTã®è‹¥æž—æ°ã«ã€ãã®ç‹™ã„ã¨ç›®æ¨™ã‚’èžã„ãŸã€‚ Webã‚µã‚¤ãƒˆã‚„Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚’æ¨™çš„ã«ã™ã‚‹ã‚µã‚¤ãƒãƒ¼æ”»æ’ƒãŒæ¿€å¢—ã™ã‚‹ä¸ã€ã“ã‚Œã‚‰ã®æ”»æ’ƒã«å¯¾å‡¦ã™ã‚‹æ‰‹æ®µã¨ã—ã¦Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ï¼ˆWAFï¼‰ãŒæ³¨ç›®ã•ã‚Œã¦ã„ã‚‹ã€‚WAFã¯ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°ã‚„SQLã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ãªã©Webç‰¹æœ‰ã®è„†å¼±æ€§ã«ç‰¹åŒ–ã—ã¦ã‚·ã‚¹ãƒ†ãƒ ã‚’ä¿è·ã§ãã‚‹ã‚‚ã®ã®ã€å°Žå…¥ã‚„é‹ç”¨ã«ã¯ã‚ã‚‹ç¨‹åº¦ã®æ‰‹é–“ã‚„ã‚³ã‚¹ãƒˆã‚‚ä¼´ã†ã“ã¨ã‹ã‚‰ã€ä½¿ã„ã“ãªã™ã‚ˆã†ã«ãªã‚‹ã¾ã§ã«ã¯æ™‚é–“ã‚„ãƒªã‚½ãƒ¼ã‚¹ã‚’è²»ã‚„ã™å´é¢ã‚‚ã‚ã‚‹ã€‚ Webã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ä¼æ¥ã®ã‚»ã‚ãƒ¥ã‚¢ã‚¹ã‚«ã‚¤ãƒ»ãƒ†ã‚¯ãƒŽãƒã‚¸ãƒ¼ï¼ˆSSTï¼‰ã¯ã€ã‚ªãƒ¼ãƒ—ãƒ³ã‚½ãƒ¼ã‚¹ã®WAFã€ŒGuardianã€ã‚’ãƒ™ãƒ¼ã‚¹ã«WAFã®æ©Ÿèƒ½ã‚’ã‚ªãƒ³ãƒ©ã‚¤ãƒ³ã§å®‰ä¾¡ã«æä¾›ã™ã‚‹å›½

no_ri 2009/09/20

WAF

ãƒªãƒ³ã‚¯

http://tokumaru.org/d/20080722.html

no_ri 2009/07/23

ãƒªãƒ³ã‚¯

ã‚¢ã‚«ãƒžã‚¤ãŒã‚¯ãƒ©ã‚¦ãƒ‰ã«WAFã‚’å®Ÿè£…ã—ã¦æä¾› âˆ’ ï¼ ITï¼ˆæƒ…å ±å…ƒã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ï¼‰ - ripjyr's blog

AkamaiãŒWAFã‚’å°Žå…¥ã¨ã®ã“ã¨ã€‚ ã‚¢ã‚«ãƒžã‚¤ã¯5æœˆ20æ—¥ã€åŒç¤¾ãŒå…¨ä¸–ç•Œã«é…ç½®ã—ã¦ã„ã‚‹ã‚³ãƒ³ãƒ†ãƒ³ãƒ„é…ä¿¡ç”¨ãƒ—ãƒ©ãƒƒãƒˆãƒ•ã‚©ãƒ¼ãƒ ã€ŒEdge Platformã€ã®æ©Ÿèƒ½ã‚’æ‹¡å¼µã—ã€Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ï¼ˆWAFï¼‰ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚’æè¼‰ã™ã‚‹ã“ã¨ã‚’ç™ºè¡¨ã—ãŸã€‚ã“ã‚Œã«ã‚ˆã‚Šã€ãƒ‡ãƒ¼ã‚¿ã‚»ãƒ³ã‚¿ãƒ¼ã«ç½®ã‹ã‚Œã¦ã„ã‚‹ã‚ªãƒªã‚¸ãƒŠãƒ«ã®ã‚µãƒ¼ãƒã«å±Šãå‰ã«ã€ã‚¯ãƒ©ã‚¦ãƒ‰å´ã§æ”»æ’ƒã‚’æ¤œå‡ºã€ãƒ–ãƒãƒƒã‚¯ã§ãã‚‹ã¨ã„ã†ã€‚ ã‚¢ã‚«ãƒžã‚¤ãŒã‚¯ãƒ©ã‚¦ãƒ‰ã«WAFã‚’å®Ÿè£…ã—ã¦æä¾› âˆ’ ï¼ IT åŸºæœ¬ã¯ã‚¹ãƒ¼ãƒãƒ¼ãƒ–ãƒ©ãƒƒã‚¯ãƒªã‚¹ãƒˆé˜²å¾¡æ–¹å¼ã¿ãŸã„ã€‚IPã‚¢ãƒ‰ãƒ¬ã‚¹ã«ã‚ˆã‚‹æ‹’å¦ã¨ãƒ–ãƒ©ãƒƒã‚¯ãƒªã‚¹ãƒˆã‚·ã‚°ãƒãƒãƒ£ã¿ãŸã„ã€‚ æ–°ãŸã«æä¾›ã•ã‚Œã‚‹WAFãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚‚ã€ã“ã®Edge Platformä¸Šã«å®Ÿè£…ã•ã‚Œã‚‹ã€‚IPã‚¢ãƒ‰ãƒ¬ã‚¹ã«åŸºã¥ã„ã¦ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ãƒ¬ãƒ™ãƒ«ã§ã‚µãƒ¼ãƒã‚’ä¿è·ã™ã‚‹ã ã‘ã§ãªãã€SQLã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã‚„ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°ã€ãƒ—ãƒãƒˆã‚³ãƒ«é•åã¨ã„ã£ãŸã€ã•ã¾ã–ã¾ãªã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãƒ¬ãƒ™ãƒ«ã®æ”»æ’ƒã‹ã‚‰ã‚µãƒ¼ãƒ

no_ri 2009/06/12

WAF

ãƒªãƒ³ã‚¯

ä½å•†æƒ…å ±ãŒBIG-IP WAFè£…ç½®ã®å°Žå…¥æ”¯æ´ã‚µãƒ¼ãƒ“ã‚¹ã‚’ãƒ¡ãƒ‹ãƒ¥ãƒ¼åŒ–

ä½å•†æƒ…å ±ã‚·ã‚¹ãƒ†ãƒ ï¼ˆSCSï¼‰ã¯2009å¹´5æœˆ20æ—¥ï¼Œã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£æ©Ÿå™¨ã®å°Žå…¥ã«ã‚ˆã£ã¦Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚’ä¸æ£ãªæ”»æ’ƒã‹ã‚‰å®ˆã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã€ŒSCS WAFã‚³ãƒ³ã‚µãƒ«ãƒ†ã‚£ãƒ³ã‚°ã‚µãƒ¼ãƒ“ã‚¹ã€ã‚’ç™ºè¡¨ã—ãŸã€‚åŒæ—¥ä»˜ã§æä¾›ã‚’é–‹å§‹ã™ã‚‹ã€‚ãƒŽã‚¦ãƒã‚¦ã‚’ä½“ç³»åŒ–ã—ãŸä¸Šã§æ–™é‡‘ã‚’æ˜Žç¢ºã«ã—ã€é¡§å®¢ãŒåˆ©ç”¨ã—ã‚„ã™ãã—ãŸã€‚æ–™é‡‘ã¯è„†å¼±æ€§ã®è¨ºæ–ã‚µãƒ¼ãƒ“ã‚¹ã§60ä¸‡å††ï¼ˆç¨Žåˆ¥ï¼‰ã‹ã‚‰ã€‚åˆå¹´åº¦è²©å£²ç›®æ¨™ã¯1å„„å††ã€‚200ä¸‡å††ã®æ¡ˆä»¶50ä»¶ã‚’è¦‹è¾¼ã‚€ã€‚ ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£æ©Ÿå™¨ã¨ã—ã¦ï¼ŒF5ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚¹ã‚¸ãƒ£ãƒ‘ãƒ³ãŒè²©å£²ã™ã‚‹ã€ŒBIG-IP Application Security Managerã€ï¼ˆASMï¼‰ã‚’åˆ©ç”¨ã™ã‚‹ã€‚WAFï¼ˆWeb Application Firewallï¼‰ã®1ç¨®ã§ã€ãƒãƒƒãƒ•ã‚¡ãƒ»ã‚ªãƒ¼ãƒãƒ¼ãƒ»ãƒ•ãƒãƒ¼ã‚’å¼•ãèµ·ã“ã™æ”»æ’ƒã‚„SQLã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã‚’ä½¿ã£ãŸæ”»æ’ƒãªã©ï¼ŒWebã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚’ç‹™ã£ãŸä¸æ£ãªæ”»æ’ƒã‚’ã‚·ã‚°ãƒãƒãƒ£ãƒ»ãƒ™ãƒ¼ã‚¹ã§æ¤œçŸ¥ã—ã¦é˜²å¾¡ã™ã‚‹æ©Ÿèƒ½ã‚’å‚™ãˆã‚‹ã€‚ ä»Šå›žSCSãŒè£½å“åŒ–

no_ri 2009/05/29

WAF

ãƒªãƒ³ã‚¯

ã¯ã¦ãªã‚°ãƒ«ãƒ¼ãƒ—ã®çµ‚äº†æ—¥ã‚’2020å¹´1æœˆ31æ—¥(é‡‘)ã«æ±ºå®šã—ã¾ã—ãŸ - ã¯ã¦ãªã®å‘ŠçŸ¥

ã¯ã¦ãªã‚°ãƒ«ãƒ¼ãƒ—ã®çµ‚äº†æ—¥ã‚’2020å¹´1æœˆ31æ—¥(é‡‘)ã«æ±ºå®šã—ã¾ã—ãŸ ä»¥ä¸‹ã®ã‚¨ãƒ³ãƒˆãƒªã®é€šã‚Šã€ä»Šå¹´æœ«ã‚’ç›®å‡¦ã«ã¯ã¦ãªã‚°ãƒ«ãƒ¼ãƒ—ã‚’çµ‚äº†äºˆå®šã§ã‚ã‚‹æ—¨ã‚’ãŠçŸ¥ã‚‰ã›ã—ã¦ãŠã‚Šã¾ã—ãŸã€‚ 2019å¹´æœ«ã‚’ç›®å‡¦ã«ã€ã¯ã¦ãªã‚°ãƒ«ãƒ¼ãƒ—ã®æä¾›ã‚’çµ‚äº†ã™ã‚‹äºˆå®šã§ã™ - ã¯ã¦ãªã‚°ãƒ«ãƒ¼ãƒ—æ—¥è¨˜ ã“ã®ãŸã³ã€æ£å¼ã«çµ‚äº†æ—¥ã‚’æ±ºå®šã„ãŸã—ã¾ã—ãŸã®ã§ã€ä»¥ä¸‹ã®é€šã‚Šã”ç¢ºèªãã ã•ã„ã€‚ çµ‚äº†æ—¥: 2020å¹´1æœˆ31æ—¥(é‡‘) ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆå¸Œæœ›ç”³è«‹æœŸé™:2020å¹´1æœˆ31æ—¥(é‡‘) çµ‚äº†æ—¥ä»¥é™ã¯ã€ã¯ã¦ãªã‚°ãƒ«ãƒ¼ãƒ—ã®é–²è¦§ãŠã‚ˆã³æŠ•ç¨¿ã¯è¡Œãˆã¾ã›ã‚“ã€‚æ—¥è¨˜ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆãŒå¿…è¦ãªæ–¹ã¯ä»¥ä¸‹ã®è¨˜äº‹ã«ã—ãŸãŒã£ã¦æ‰‹ç¶šãã‚’ã—ã¦ãã ã•ã„ã€‚ ã¯ã¦ãªã‚°ãƒ«ãƒ¼ãƒ—ã«æŠ•ç¨¿ã•ã‚ŒãŸæ—¥è¨˜ãƒ‡ãƒ¼ã‚¿ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«ã¤ã„ã¦ - ã¯ã¦ãªã‚°ãƒ«ãƒ¼ãƒ—æ—¥è¨˜ ã”åˆ©ç”¨ã®ã¿ãªã•ã¾ã«ã¯ã”è¿·æƒ‘ã‚’ãŠã‹ã‘ã„ãŸã—ã¾ã™ãŒã€ã©ã†ãžã‚ˆã‚ã—ããŠé¡˜ã„ã„ãŸã—ã¾ã™ã€‚ 2020-06-25 è¿½è¨˜ ã¯ã¦ãªã‚°ãƒ«ãƒ¼ãƒ—æ—¥è¨˜ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆãƒ‡ãƒ¼ã‚¿ã¯2020å¹´2æœˆ28

no_ri 2009/05/21

WAF

ãƒªãƒ³ã‚¯

ç™½é»’ã¯ã£ãã‚Šã¤ã‘ãŸã„WAFã®æœ€æ–°äº‹æƒ…

5æœˆ13æ—¥ã«å§‹ã¾ã£ãŸã€Œç¬¬6å›ž æƒ…å ±ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£EXPOã€ã€‚ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã‹ã‚‰ã®æ”»æ’ƒã¯ã¾ã™ã¾ã™è¤‡é›‘åŒ–ã—ã€ã‚¿ãƒ¼ã‚²ãƒƒãƒˆã‚‚OSã‚„Webã‚µãƒ¼ãƒã§ã¯ãªãã€Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã«çµžã‚‰ã‚Œã¦ãã¦ã„ã‚‹ã€‚ã“ã‚Œã«å¯¾æŠ—ã™ã‚‹ã®ãŒã€WAFï¼ˆWeb Application Firewallï¼‰ã§ã‚ã‚‹ã€‚ Webã‚µã‚¤ãƒˆæ”»æ’ƒå¢—åŠ ã¨PCI DSSã§ æ³¨ç›®ã‚’æµ´ã³ã‚‹WAF æƒ…å ±æ¼ãˆã„å¯¾ç–ã®ã‚ˆã†ãªç¤¾å†…ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã«æ³¨ç›®ãŒé›†ã¾ã‚‹ä¸ã€ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã¨LANã®é–“ã«è¨ç½®ã™ã‚‹ã‚²ãƒ¼ãƒˆã‚¦ã‚§ã‚¤åž‹ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£è£½å“ã‚‚ã„ãã¤ã‹ç™»å ´ã—ã¦ã„ã‚‹ã€‚ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã‚„IPSã€UTMè£½å“ã‚‚å¤šã„ãŒã€ãƒˆãƒ¬ãƒ³ãƒ‰ã¨ãªã£ã¦ã„ã‚‹ã®ã¯ã€ã‚„ã¯ã‚ŠWAFã§ã‚ã‚‹ã€‚ WAFã¯åå‰ã®é€šã‚Šã€Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®é˜²å¾¡ã«ç‰¹åŒ–ã—ãŸHTTPãƒ»HTTPSå°‚ç”¨ã®ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã§ã€ä»Šã‹ã‚‰5å¹´å‰ãã‚‰ã„ã«ã‚¢ãƒ—ãƒ©ã‚¤ã‚¢ãƒ³ã‚¹åž‹ã®è£½å“ãŒç™»å ´ã€‚å½“åˆã¯é«˜ä¾¡ã§ã€ãƒ•ã‚£ãƒ«ã‚¿ãƒªãƒ³ã‚°è¨å®šã«èžé€šãŒåˆ©ã‹ãªã‹ã£ãŸãŸã‚ã€ãªã‹ãªã‹æ™®åŠã—ãª

no_ri 2009/05/19

ãƒªãƒ³ã‚¯

2è£½å“ãŒéŽå‰°æ¤œçŸ¥ãªã—ï¼Œæ”»æ’ƒãƒ„ãƒ¼ãƒ«ã¯ã»ã¼æ’ƒé€€

ä¸€ã¤ã¯ã€Œunionã€ã€Œselectã€ã¨ã„ã†SQLã®äºˆç´„èªžã‚’äºŒã¤å«ã‚€æ–‡å—åˆ—ã§ï¼ŒBIG-IPã¨SecureSphereãŒéŽå‰°æ¤œçŸ¥ã—ãŸã€‚ã‚‚ã†ä¸€ã¤ã¯ã€Œ'ã€ã¨ã„ã†ç‰¹æ®Šæ–‡å—ã¨SQLã®äºˆç´„èªžã‚’ä¸€ã¤ãšã¤å«ã‚€æ–‡å—åˆ—ã€‚ã“ã‚Œã¯CitrixãŒéŽå‰°æ¤œçŸ¥ã—ãŸã€‚ éŽå‰°æ¤œçŸ¥ã—ãŸ3è£½å“ã¯ã©ã‚Œã‚‚ãƒ›ãƒ¯ã‚¤ãƒˆãƒªã‚¹ãƒˆé‡è¦–åž‹ã§ã‚ã‚‹ã€‚ãƒ›ãƒ¯ã‚¤ãƒˆãƒªã‚¹ãƒˆé‡è¦–åž‹ã®è£½å“ã¯ï¼Œãƒ›ãƒ¯ã‚¤ãƒˆãƒªã‚¹ãƒˆã®ä½œæˆãªã©ï¼Œå°Žå…¥å‰ã«Webã‚µã‚¤ãƒˆã®ç‰¹æ€§ã«åˆã‚ã›ã¦ãƒãƒ¥ãƒ¼ãƒ‹ãƒ³ã‚°ã™ã‚‹ã“ã¨ã§å®‰å…¨æ€§ã®å‘ä¸Šã‚’å›³ã‚‹ã“ã¨ã‚’æŽ¨å¥¨ã—ã¦ã„ã‚‹ã€‚ãã†ã—ãŸãƒãƒ¥ãƒ¼ãƒ‹ãƒ³ã‚°ã®éŽç¨‹ã§ï¼ŒéŽå‰°æ¤œçŸ¥ã¸ã®é…æ…®ã‚‚å¿…è¦ã«ãªã‚Šãã†ãªã“ã¨ãŒæ¤œè¨¼ã§åˆ†ã‹ã£ãŸã€‚ã‚¯ãƒ¬ãƒ¼ãƒ ã‚’æ¸›ã‚‰ã™ãŸã‚ï¼ŒéŽå‰°æ¤œçŸ¥ã¯å°Žå…¥å‰ã«ã§ãã‚‹ã ã‘ãªãã™ã¹ãã§ã‚ã‚‹ã€‚ éŽå‰°æ¤œçŸ¥ãŒå‡ºãªã‹ã£ãŸ2è£½å“ã¯ï¼Œãƒ–ãƒ©ãƒƒã‚¯ãƒªã‚¹ãƒˆé‡è¦–åž‹ã®è£½å“ã ã£ãŸã€‚ã©ã¡ã‚‰ã‚‚å°Žå…¥å‰ã®è¨å®šä½œæ¥ã‚’æ¥µåŠ›æ¸›ã‚‰ã—ã¦ï¼Œã™ãã«ä½¿ãˆã‚‹ã“ã¨ã‚’ç›®æŒ‡ã—ã¦ã„ã‚‹ã€‚ä»Šå›žã¯ã‚ãã¾ã§äºŒã¤ã®æ–‡å—åˆ—ã‚’è©¦ã—ãŸã ã‘ã ãŒï¼Œå°Žå…¥æ™‚ã®æ‰‹é–“ã¯å°‘ãªããªã‚Š

no_ri 2009/04/10

ãƒªãƒ³ã‚¯

ç´”å›½ç”£ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã€JP-SecureãŒæ–°è£½å“

ã‚¸ã‚§ã‚¤ãƒ”ãƒ¼ãƒ»ã‚»ã‚ãƒ¥ã‚¢ã¯8æœˆ1æ—¥ã€Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã€ŒSiteGuardã€ã‚’ç™ºå£²ã—ãŸã€‚å°Žå…¥ã‚„é‹ç”¨ã®æ‰‹é–“ã‚’è»½æ¸›ã™ã‚‹ã¨ã„ã†ã€‚ æ–°è£½å“ã¯è‡ªå‹•æ›´æ–°ã«å¯¾å¿œã—ãŸç‹¬è‡ªã®ã‚·ã‚°ãƒãƒãƒ£ãƒ™ãƒ¼ã‚¹ã®é˜²å¾¡æ©Ÿèƒ½ã‚’æè¼‰ã—ã€åˆæœŸè¨å®šã‚„é‹ç”¨ç®¡ç†ã®ç°¡ç´ åŒ–ã‚’å›³ã£ãŸã€‚è„…å¨ã®å†…å®¹ãªã©ã‚’è‡ªå·±å¦ç¿’ã™ã‚‹ã€Œãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿æ¤œæŸ»æ©Ÿèƒ½ã€ã‚’æŒã¡ã€è‡ªç¤¾ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã«å¯¾å¿œã—ãŸãƒ›ãƒ¯ã‚¤ãƒˆãƒªã‚¹ãƒˆã®ä½œæˆã‚‚ã§ãã‚‹ã€‚ åŒç¤¾ã«ã‚ˆã‚Œã°ã€é–‹ç™ºã‚’å›½å†…ã§è¡Œã„ã€ç®¡ç†ç”»é¢ã‚„ãƒžãƒ‹ãƒ¥ã‚¢ãƒ«ã€ã‚µãƒãƒ¼ãƒˆãªã©ã‚’æ—¥æœ¬èªžã§æä¾›ã™ã‚‹ã¨ã„ã†ã€‚ä¾¡æ ¼ã¯åˆå¹´åº¦178ä¸‡å††ã€æ›´æ–°ä¾¡æ ¼ã¯53ä¸‡4000å††ã€‚è²©å£²åˆå¹´åº¦ã«1å„„å††ã®å£²ã‚Šä¸Šã’ã‚’è¦‹è¾¼ã‚€ã€‚ éŽåŽ»ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒ‹ãƒ¥ãƒ¼ã‚¹ä¸€è¦§ã¯ã“ã¡ã‚‰

no_ri 2008/08/04

WAF

ãƒªãƒ³ã‚¯

ãã‚ãã‚WAFã«é–¢ã—ã¦ä¸€è¨€ã„ã£ã¨ãã‹ï½žä¸‰é‡è‹¦ã‚’ä¹—ã‚Šè¶Šãˆã¦WAFãŒæ™®åŠã™ã‚‹ãŸã‚ã®æ¡ä»¶ã¨ã¯ï½ž

è£œè¶³ ã“ã®è¨˜äº‹ã¯æ—§å¾³ä¸¸æµ©ã®æ—¥è¨˜ã‹ã‚‰ã®è»¢è¼‰ã§ã™ï¼ˆå…ƒURLã€ã‚¢ãƒ¼ã‚«ã‚¤ãƒ–ã€ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯1ã€ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯2ï¼‰ å‚™å¿˜ã®ãŸã‚è»¢è¼‰ã„ãŸã—ã¾ã™ãŒã€ã“ã®è¨˜äº‹ã¯2008å¹´7æœˆ22æ—¥ã«å…¬é–‹ã•ã‚ŒãŸã‚‚ã®ã§ã€å½“æ™‚ã®å¾³ä¸¸ã®è€ƒãˆã‚’ç¤ºã™ã‚‚ã®ã‚’ã€åŸºæœ¬çš„ã«å†…å®¹ã‚’å¤‰æ›´ã›ãšã«ãã®ã¾ã¾è»¢è¼‰ã™ã‚‹ã‚‚ã®ã§ã™ã€‚ ãªãŠã€ã“ã®è¨˜äº‹ã‚’æ›¸ã„ãŸå¾Œã€WAFã¯ã“ã®è¨˜äº‹ã®äºˆè¨€ï¼ˆé¡˜ã„?ï¼‰é€šã‚Šã«é€²å±•ã—ãŸã‚ˆã†ã«æ€ã„ã¾ã™ã€‚ãã®ã‚ãŸã‚Šã®æ´å²ã«ã¤ã„ã¦ã¯ã€ã“ã¡ã‚‰ã®ã‚¤ãƒ³ã‚¿ãƒ“ãƒ¥ãƒ¼è¨˜äº‹ã‚’å‚ç…§ä¸‹ã•ã„ã€‚ è£œè¶³çµ‚ã‚ã‚Š PCIãƒ‡ãƒ¼ã‚¿ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£åŸºæº–(PCIDSS)ãŒWAF(Web Application Firewall)ã«ã¤ã„ã¦è¨€åŠã—ã¦ã„ã‚‹ã“ã¨ãªã©ã‹ã‚‰ã€æœ€è¿‘å†ã³WAFã¸ã®é–¢å¿ƒãŒé«˜ã¾ã£ã¦ã„ã‚‹ã€‚ä¸€æ–¹ã€WAFã¯ã€ä¸€éƒ¨ã®ãƒ¦ãƒ¼ã‚¶ã‚„å°‚é–€å®¶ã«éžå¸¸ã«è©•åˆ¤ãŒæ‚ªã„ã€‚ãªãœã€ãã®ã‚ˆã†ãªã“ã¨ã«ãªã‚‹ã®ã‹ã€‚æœ¬ç¨¿ã§ã¯ã€WAFã®åŸºæœ¬æ©Ÿèƒ½ã‚’èª¬æ˜Žã—ãŸä¸Šã§ã€ãã®é™ç•Œã¨é‹ç”¨ä¸Šã®å•é¡Œã‚’æŒ‡æ‘˜ã—ã€ä»Šå¾Œã®WAFã®ä½¿ã„æ–¹

no_ri 2008/08/04

ãƒªãƒ³ã‚¯

ModSecurity Blog: XSS Defense HOWTO - ripjyr's blog

ãµã‚€ãµã‚€ã€mod_securityã§ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°ã‚’é˜²ããŸã‚ã®æ–¹æ³•ã‚’è€ƒãˆã‚‹ã¨ã€‚ Without any planning (so please forgive any omissions), I am now going to write how to produce web applications that are safe against XSS and other injection attacks. http://blog.modsecurity.org/2008/07/do-you-know-how.html UTF-8ç³»ã®è©±ãŒå¼±ã„ãªãã€‚ Identify all system components other than the application itself. In a typical web application you will have at le

no_ri 2008/07/31

ãƒªãƒ³ã‚¯

Sentinel dynamically generates ModSecurity rules

no_ri 2008/06/13

ãƒªãƒ³ã‚¯

mod rewriteã‚’ä½¿ç”¨ã—ãŸç°¡æ˜“WAF

(Last Updated On: 2018å¹´8æœˆ8æ—¥)http://www.0x000000.com/?i=567 ã«mod rewriteã‚’åˆ©ç”¨ã—ãŸç°¡æ˜“WAF(Web Application Firewall)ã®å®šç¾©ä¾‹ãŒæŽ²è¼‰ã•ã‚Œã¦ã„ã¾ã™ã€‚åŒã˜ã‚ˆã†ãªã‚¢ã‚¤ãƒ‡ã‚¢ã‚’ãŠæŒã¡ã®æ–¹ã€æ—¢ã«ä¼¼ãŸã‚ˆã†ãªè¨å®šã‚’ä½¿ã‚ã‚Œã¦ã„ã‚‹æ–¹ã‚‚å¤šã„ã¨ã¯æ€ã„ã¾ã™ã€‚ ç°¡å˜ãªWAFã§ã™ãŒã€å®Ÿç”¨æ€§ã‚‚é«˜ã„ã§ã™ã€‚ä¾‹ãˆã°ã€ãƒŒãƒ«æ–‡å—ã‚„HTMLç‰¹æ®Šæ–‡å—ã®ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã¯æ§˜ã€…ãªæ”»æ’ƒã§åˆ©ç”¨ã•ã‚Œã¾ã™ã€‚ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã§å¯¾å‡¦ãŒå¿˜ã‚Œã‚‰ã‚ŒãŒã¡ãªCOOOKIEã‚„REFERã€USER_AGENTç‰ã«ç‰¹æ®Šæ–‡å—ãŒå…¥ã£ã¦ã„ãŸå ´åˆã«ã‚¢ã‚¯ã‚»ã‚¹ã‚’æ‹’å¦ã™ã‚‹éƒ¨åˆ†ã ã‘ã‚‚ã§å°Žå…¥ã™ã‚‹ä¾¡å€¤ã¯ååˆ†ã«ã‚ã‚‹ã¨æ€ã„ã¾ã™ã€‚ å…ƒãƒã‚¿ã®ã‚µã‚¤ãƒˆã¯è‹±èªžã§ã™ãŒã€è§£èª¬ä»˜ãã§ã™ã€‚ ã“ã‚Œã‚’å…¥ã‚Œã‚‹ã¨å•é¡Œã¨ãªã‚‹å ´åˆã‚‚ã‚ã‚‹ã®ã§ã€å†…å®¹ã‚’ç†è§£ã—ã¦ã‹ã‚‰åˆ©ç”¨ã—ãªã‘ã‚Œã°ãªã‚Šã¾ã›ã‚“ã€‚ RewriteEngine On Op

no_ri 2008/05/19

ãƒªãƒ³ã‚¯

ãã®ã‚„ã‚Šæ–¹ã§ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°å¯¾ç–ã¯å®Œå…¨ã§ã™ã‹ï¼Ÿ

ä½•ã‹ã¨ç‰©é¨’ãªãƒ‹ãƒ¥ãƒ¼ã‚¹ã®å¤šã„Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã€‚ ç‰¹ã«ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°è„†å¼±æ€§ï¼ˆä»¥ä¸‹ã€Œã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°ã€ã¨ã„ã„ã¾ã™ï¼‰ã¯ã€å¯¾ç–ãŒé›£ã—ã„ã ã‘ã§ãªãã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚¤ã‚¸ãƒ£ãƒƒã‚¯ãªã©ã‚’çµ„ã¿åˆã‚ã›ã‚‹ã“ã¨ã§ä»–ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®æƒ…å ±ã‚’å¾—ã‚‰ã‚Œã‚‹ãªã©æ”»æ’ƒè€…ã«ã¨ã£ã¦ã® ãƒ¡ãƒªãƒƒãƒˆã‚‚å¤§ããã€æ”»æ’ƒã¯å¢—åŠ ã®ä¸€é€”ã‚’ãŸã©ã£ã¦ã„ã¾ã™ã€‚ ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°ã¨ã¯ï¼Ÿ ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°ã¨ã¯ã€æ‚ªæ„ã®ã‚ã‚‹ã‚³ãƒ¼ãƒ‰ãŒWebã‚µã‚¤ãƒˆã®è¨ªå•è€…ã®ãƒ–ãƒ©ã‚¦ã‚¶ã«é€ã‚‰ã‚Œã¦ã—ã¾ã†è„†å¼±æ€§ã®ã“ã¨ã‚’ã„ã„ã¾ã™ã€‚ ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°è‡ªä½“ã§ã‚‚ã€ãƒ–ãƒ©ã‚¦ã‚¶ã‚’å¼·åˆ¶çš„ã«åœæ¢ã•ã›ã‚‹ãªã©ã®å®Ÿå®³ã‚’è¨ªå•è€…ã«ä¸Žãˆã‚‹ã“ã¨ãŒã§ãã¾ã™ãŒã€ã‚‚ã£ã¨æ€–ã„ã“ã¨ã¯ã€è¨ªå•è€…ã®ã‚¯ãƒƒã‚ãƒ¼ãªã©ã‚’ç›—ã¿å‡ºã—ã€ ãƒã‚°ã‚¤ãƒ³çŠ¶æ…‹ã‚’æ“¬ä¼¼çš„ã«ä½œã‚Šå‡ºã—ã¦ã€å€‹äººæƒ…å ±ã‚„ã‚¯ãƒ¬ã‚¸ãƒƒãƒˆã‚«ãƒ¼ãƒ‰ç•ªå·ãªã©ã€é‡è¦ãªæƒ…å ±ãŒç›—ã¾ã‚Œã‚‹å¯èƒ½æ€§ãŒã‚ã‚‹ã¨ã„ã†äº‹å®Ÿã§ã™ã€‚ ãƒ—ãƒã‚°ãƒ©ãƒžãŒã—ã£ã‹ã‚Šã™ã‚Œã°

no_ri 2008/01/31

æ–‡ç« ã¨ã„ã†ã‹ä¾‹ãˆãŒã¡ã‚‡ã£ã¨å¤‰

ãƒªãƒ³ã‚¯

ãã®ã‚„ã‚Šæ–¹ã§ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°å¯¾ç–ã¯å®Œå…¨ã§ã™ã‹ï¼Ÿ

no_ri 2007/12/25

ã‚ã‹ã‚Šãšã‚‰ã„ä¾‹ãˆã

ãƒªãƒ³ã‚¯

We need Web Application Firewalls to work

no_ri 2007/06/06

ãƒªãƒ³ã‚¯

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

ã‚¿ã‚°

é–¢é€£ã‚¿ã‚°ã§çµžã‚Šè¾¼ã‚€ (12)

WAFã«é–¢ã™ã‚‹no_riã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (27)

ãŠçŸ¥ã‚‰ã›

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2025å¹´1æœˆç¬¬2é€±ï¼‰

æœˆé–“ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2024å¹´12æœˆï¼‰

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2025å¹´1æœˆç¬¬1é€±ï¼‰

å…¬å¼Twitter

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹

ã‚¿ã‚°

é–¢é€£ã‚¿ã‚°ã§çµžã‚Šè¾¼ã‚€ (12)

WAFã«é–¢ã™ã‚‹no_riã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (27)

ãŠçŸ¥ã‚‰ã›

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚­ãƒ³ã‚°ï¼ˆ2025å¹´1æœˆç¬¬2é€±ï¼‰

æœˆé–“ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚­ãƒ³ã‚°ï¼ˆ2024å¹´12æœˆï¼‰

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚­ãƒ³ã‚°ï¼ˆ2025å¹´1æœˆç¬¬1é€±ï¼‰

å…¬å¼Twitter

ã‚­ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹

é–¢é€£ã‚¿ã‚°ã§çµžã‚Šè¾¼ã‚€ (12)

WAFã«é–¢ã™ã‚‹no_riã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (27)

ãŠçŸ¥ã‚‰ã›

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2025å¹´1æœˆç¬¬2é€±ï¼‰

æœˆé–“ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2024å¹´12æœˆï¼‰

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2025å¹´1æœˆç¬¬1é€±ï¼‰

å…¬å¼Twitter

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹