Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How to build/ops websites safety (2020-12-10)
Search
Daiji Hirata
December 10, 2020
Business
0
94
How to build/ops websites safety (2020-12-10)
ウェブサイト運用にともなうリスクと安定運用のコツ
2020.12.10 シックス・アパート オンラインミニセミナー スライド
Daiji Hirata
December 10, 2020
Tweet
Share
More Decks by Daiji Hirata
See All by Daiji Hirata
MTDDC Meetup TOKYO 2024 Keynote
hirata
1
550
MTDDC Meetup TOHOKU 2024 Keynote Speech
hirata
1
640
MTDDC Meetup Tokyo 2023 Keynote
hirata
0
850
MTDDC Meetup Tokyo 2022 Keynote
hirata
0
76
MTDDC meetup Tokyo 2021 Keynote
hirata
0
1.3k
How to build a Robust Website for Peak Traffics (2021-02-12)
hirata
0
75
MTDDC Meetup Tokyo 2020 Keynote
hirata
0
170
MTDDC Meetup Tokyo 2019 Closing Session
hirata
0
1.4k
AWS-ISV-SaaS-Seminar-2019-10-28-Tokyo
hirata
0
68
Other Decks in Business
See All in Business
20250122_FinJAWS
nanzhihutailang0417
0
150
2ndPASS_リクルートガイド2024
akinodaichi
0
410
2025.02_中途採用資料.pdf
superstudio
PRO
0
62k
Sales Marker Culture book
salesmarker
PRO
15
32k
株式会社スピークバディ 会社紹介資料
speakbuddy
1
220k
JINZAI BASE|会社紹介資料(2025.ver)
ryowasuzu
0
1.5k
サスメド株式会社 Culture Deck
susmed
0
39k
不二製油グループ本社 (02/07/2025 プレスリリース)
tsogo817421
2
220
アッテル会社紹介資料/culture deck
attelu
10
14k
総合研究院の概要|Science Tokyo(東京科学大学)
sciencetokyo
PRO
0
870
VISASQ: ABOUT DEV TEAM
eikohashiba
3
23k
2024年12月期_通期決算説明資料
mobcast20040326
PRO
0
160
Featured
See All Featured
A better future with KSS
kneath
238
17k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
A designer walks into a library…
pauljervisheath
205
24k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
7
620
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
8
260
Music & Morning Musume
bryan
46
6.3k
Git: the NoSQL Database
bkeepers
PRO
427
64k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
27
1.5k
A Tale of Four Properties
chriscoyier
158
23k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
20
2.4k
Being A Developer After 40
akosma
89
590k
Transcript
γοΫεɾΞύʔτ ฏా େ࣏ ΣϒαΠτӡ༻ʹͱͳ͏ϦεΫͱ҆ఆӡ༻ͷίπ ΣϒαΠτΛ҆৺ͯ͠׆༻͢ΔͨΊʹ͓͖͍ͬͯͨ͜ͱ
ͻΒ͍ͨͩ͡ 4JY"QBSU %JSFDUPS $50 !IJSBUB
ࠓͷ • ΣϒαΠτӡ༻্ͷϦεΫͱݪҼ • جຊతͳରࡦ • ରࡦͷҰྫɺެ։αʔόͷ • ͦͷଞɺؾΛ͚ͭΔ͜ͱ
ΣϒαΠτͷϦεΫ͍Ζ͍Ζ • αΠτͷվ᜵ɺͬऔΓ • αΠτͷμϯ • ใ࿙Ӯ • ౿ΈʹΘΕ͍ͯͨ •
ߋ৽͕Ͱ͖ͳ͘ͳͬͨ
αΠτͷվ᜵ɺͬऔΓ • ใͷૢ࡞ • ϚϧΣΞ͕͞Ε͍ͯͨ • ѱҙͷ͋ΔϓϩάϥϜΛΫϥΠΞϯτʹ࣮ߦͤ͞Δ • ϑΟογϯάٗʹΘΕ͍ͯͨ •
ݸਓใΫϨδοτΧʔυใΛ౪·ΕΔ
None
ෛͷ࿈ • ϚϧΣΞ / ϑΟογϯάʹΘΕΔ • ϒϩοΫϦετʹొ͞ΕΔ • Safe Browsing
ػೳͰαΠτ͕දࣔ͞Εͳ͘ͳΔ…
αΠτͷμϯ • αΠτ͕ਅͬനʹͳͬͨ • 404 Not Found φκͷΤϥʔը໘
ใ࿙Ӯ • αʔόʹอଘ͍ͯͨ͠ݸਓใ͕… • ·ͩެ։͍ͯ͠ͳ͍ͣͷ PDF ϑΝΠϧ͕…
౿Έʹ͞Ε͍ͯͨ? ඪతܕ߈ܸʹΘΕͨྫ • Βͳ͍ϑΝΠϧ͕͔ࣾΒΞοϓϩʔυ͞Ε͍ͯͨ • Βͳ͍αʔό͔ΒͷΞΫηεͰμϯϩʔυ͞Ε͍ͯͨ • Βͳ͍ϑΝΠϧ͕ࣾ֎͔ΒΞοϓϩʔυ͞Ε͍ͯͨ • ࣾͷPC͔ΒφκͷΞΫηε͕…
ߋ৽͕Ͱ͖ͳ͍ • CMS ͷཧը໘ʹϩάΠϯͰ͖ͳ͍ • αʔόͷΞΧϯτ͕Θ͔Βͳ͍
͞·͟·ͳݪҼ • ֎෦͔ΒͷͳΜΒ͔ͷΞΫγϣϯ (߈ܸ) • ނো • ୯७ͳϛε • ෦൜ߦ
• ͳʹ͍ͯ͠ͳ͍ͷʹ……
جຊతͳରࡦͷߟ͔͑ͨ • ݪҼΛ༧͠ɺͦΕͧΕͷରࡦΛߟ͑Δ • ϦεΫΛࣄલʹݮΒ͢ • ͠ൃੜͨ͠ͱ͖ͷϦΧόϦʔํ๏Λࣄલʹ༻ҙ͓ͯ͘͠ • ӡ༻ʹؾΛ͏ •
αʔόɺΞϓϦέʔγϣϯΛ҆શʹอͭ • ेͳϦιʔεΛख͢Δ • ීஈ͔ΒϦεΫʹඋ͑Δ
ҰൠతͳΣϒαΠτͰͷߟ͔͑ͨ • ҰൠͷใఏڙͷͨΊͷΣϒαʔό • ίʔϙϨʔταΠτͳͲ • ߋ৽ਵ࣌ɺσβΠϯมߋͳͲසൟͰͳ͍ • ड͚Δͷ͍߹ΘͤϑΥʔϜఔ
ҰൠతͳΣϒαΠτͰͷߟ͔͑ͨ • ެ։༻αʔόͱΞϓϦέʔγϣϯ༻αʔόΛ͢Δ • CMS αʔόҰൠ͔ΒΞΫηεͰ͖ͳ͍Α͏ʹɺ੍ݶ͢Δ • ΞΫηε੍ݶɺωοτϫʔΫͷ • ެ։༻αʔόʹɺඞཁͳΞϓϦέʔγϣϯͷΈઃஔ͢Δ
• ੩తίϯςϯπͷΈͩͱɺ͔ͳΓ҆શ
010111……… ެ։ྖҬ CMS 1ͷαʔόʹͯࠞ͢ࡏ html, image, css, js, etc.
ެ։༻αʔό CMS ެ։ྖҬ 010111……… ެ։༻αʔόͱ CMS Λ͢Δ
ެ։༻αʔόͷ • αΠτΛ੩తίϯςϯπͱͯ͠४උ͠ɺެ։༻αʔόʹసૹ͢Δ • MT ͩͱϓϥάΠϯΛར༻͢Δ͜ͱ͕Ұൠత • Uploader, SmartSyncPack, Movable
Type Premium (SiteSync) • MT Ϋϥυʹඪ४Ͱαʔό৴Λ༻ҙ͍ͯ͠Δ • సૹઌͱରԠ͢Δϓϩτίϧʹҙ • FTPS, SFTP, rsync, S3 (AWS) ͳͲ
ެ։༻αʔό CMS ެ։ྖҬ 010111……… ඇެ։ྖҬ ৴ ࠶ߏங (੩తϑΝΠϧߏங)
৴ػೳͷϝϦοτ • ৴ઌΛෳ༻ҙ͢Δ͜ͱͰɺεςʔδϯάͷΑ͏ʹར༻Ͱ͖Δ • ίϯςϯπΛͯ͠ཧ͢Δ͜ͱ͕Ͱ͖Δ • େنαΠτͷҰ෦͚ͩΛ MT ΫϥυͰཧ͢Δ •
෦ຖʹ৴Λ͚Δ
ެ։༻αʔό ඇެ։ྖҬ ৴ ֬ೝ༻αʔό ৴ CMS
ެ։༻αʔό CMS ඇެ։ྖҬ Ұ෦ͷྖҬʹ͚ͩ৴
CMS ͷΞΫηε੍ݶηΩϡϦςΟڧԽ • IP ΞυϨεͷ੍ݶ • ύεϫʔυอޢ • WAF ͷར༻
CMS ͷӅṭ • CMS ΞϓϦέʔγϣϯͷΞΫηεΛ੍ݶ͢Δ • ϗετͷӅṭ • ϓϥΠϕʔτωοτϫʔΫʹઃஔͯ͠ VPN
ܦ༝ͰΞΫηε • ެ։αʔόͷίϯςϯπ৴Ҏ֎ΛڐՄ͠ͳ͍ • ֎෦ͷτϥϑΟοΫͷࢹ͕༰қʹ ౿ΈʹͳΔϦεΫΛܰݮͰ͖Δ
ެ։༻αʔό CMS VPN ͳͲͰΞΫηεΛ੍ݶɾཧ ৴ (Ұํ) ֎෦͔Βͷ௨৴ःஅ 010111………
ެ։αʔόͷߏྫ • Apache • SSI htaccess ͍͍ͨ • Amazon
S3 • + CDN • + CDN + WAF + DDoS ରࡦ
ެ։༻αʔόΛηΩϡΞʹ • ΞϓϦέʔγϣϯͷઃஔΛߦΘͳ͍ɺ੍͘͠ݶ͢Δ • PHP ͷར༻εΫϦϓτͷઃஔܧଓϝϯςφϯεͰ͖Δ͔Ͳ͏͔ • SSI .htaccess
Θͳ͍ͳΒɺS3 ͷར༻ࢹʹೖΔ • ϑΥʔϜɺݕࡧͳͲαʔϏεΛར༻͢Δ͜ͱΛߟ͑Δ • ಠࣗΞϓϦέʔγϣϯαʔόΛͯ͠ CORS ReverseProxy Ͱͷӡ༻ߟ͑Δ
ެ։༻αʔό iframe ͰΈࠐΈ
ެ։༻αʔόΛηΩϡΞʹ • ΞϓϦέʔγϣϯͷઃஔΛߦΘͳ͍ɺ੍͘͠ݶ͢Δ • PHP ͷར༻εΫϦϓτͷઃஔܧଓϝϯςφϯεͰ͖Δ͔Ͳ͏͔ • SSI .htaccess
Θͳ͍ͳΒɺS3 ͷར༻ࢹʹೖΔ • ϑΥʔϜɺݕࡧͳͲαʔϏεΛར༻͢Δ͜ͱΛߟ͑Δ • ಠࣗΞϓϦέʔγϣϯαʔόΛͯ͠ CORS ReverseProxy Ͱͷӡ༻ߟ͑Δ
ΑΓҙ͢Δ͜ͱ • ނোࣄނʹඋ͑ͨߏ • ೋॏԽ…ϗετɺωοτϫʔΫɺσʔληϯλ • γεςϜͷఆظతͳϝϯςφϯε • ϛυϧΣΞΞϓϦέʔγϣϯͷΞοϓσʔτɺઃఆͷ֬ೝ •
ϩάͷ֬ೝ • ఆظతͳόοΫΞοϓ • όοΫΞοϓͷೖखੑɺੈ • ϦετΞखॱͷ֬ೝτϨʔχϯά
ࣗͰΔͷ͕େมͩͱࢥͬͨΒ • ϚωʔδυαʔϏε SaaS ͷ CMS Λར༻͢Δ • Movable Type
Ϋϥυ൛ • αʔό৴ػೳΛඪ४උ • MovableType.net • αʔϏεͱͯ͠ɺ͞·͟·ͳϦεΫʹྀͯ͠ӡӦ͍ͯ͠·͢
͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠