Nginx + Luaを活用したDDoS攻撃対策: 「LINE STORE」における動的IP Blacklist運用とアプローチ / Utilizing Nginx + Lua for DDoS Attack Mitigation: Dynamic IP Blacklist Operation and Approach at "LINE STORE"

6UJMJ[JOH/HJOY -VBGPS%%P4"UUBDL .JUJHBUJPO%ZOBNJD*1#MBDLMJTU0QFSBUJPO BOE"QQSPBDI BU-*/&4503& &OUFSUBJONFOU$PNQBOZ5BML%FW 5FBN ,POJTIJ ,B[VNB

*OUSPEVDUJPO %%P4BUUBDLJO-*/&4503& )PXUPBEESFTT%%P4BUUBDL %ZOBNJD0QTJO"DUJPO $PODMVTJPO
"HFOE B

*OUSPEVDUJPO

4FMG*OUSPEVDUJPO ,POJTIJ,B[VNB +PJOFE-:$PSQPSBUJPOJO"QSJMMBTUZFBSBGUFS USBOTGFSSJOHGSPN-*/&'VLVPLB XIFSF* TUBSUFEJO &OUFSUBJONFOU$PNQBOZ 5BML%FW5FBN4UPSF
4FSWFSEFWFMPQNFOUUFBN 8PSLJOHBTBTFSWFSTJEFFOHJOFFS !NPSPNJO TMBDL (JU)VC

"CPVU-*/&4503& IUUQTTUPSFMJOFNF 0GGJDJBM0OMJOF4UPSFGPS-*/&%JHJUBM *UFNT "XFCBQQMJDBUJPOBDDFTTJCMFWJBB CSPXTFS 6TFSTDBOQVSDIBTF
-*/&4UJDLFST &NPKJT 5IFNFT -*/&(".&JUFNT FUD

-*/&4503&BSDIJUFDUVSF 6TFSSFRVFTUTBSFEFMJWFSFEEJSFDUMZUPUIFTFSWFSWJBBMPBECBMBODFSBOE /HJOY

%%P4BUUBDLJO-*/&4503&

%%P4 %JTUSJCVUFE%FOJBMPG4FSWJDF "UUBDL

%%P4BUUBDLJO-*/&4503& 1FSJPE 4VO r 4JUVBUJPO $16VTBHFSFBDIFE QSFWFOUJOHJUGSPNSFTQPOEJOHUPVTFST
5IFSFXFSFVOBCMFUPEJTQMBZBMMQBHFT QVSDIBTFJUFNTBOEDIBOHF-*/& DSFEJUT

$PVOUFSNFBTVSFT

8IZ*1CMBDLMJTU .BMJDJPVT*1BEESFTTMJTU 5PQ "MNPTUBMM*1BEESFTTFTXFSFLOPX NBMJDJPVT $BOCMPDLBCVTFS`TSFRVFTUTCBTFEPO UIFJS*1BEESFTTFT
5SZUPBQQMZ*1CMBDLMJTUGPS-*/&4503&

8IJDIMBZFSEPFTUIF*1CMBDLMJTUBQQMZ UP *1CMBDLMJTUDPOGJHVSBUJPOTGPSFBDIMBZFSJO7. /HJOY "QQMJDBUJPO

)PXUPBEESFTT%%P4BUUBDL

'JSTU"QQSPBDI /HJOYMBZFSCMPDLJOHXJUIHFPNPEVMF

0WFSWJFX -PBE*1CMBDLMJTUBTBMJTU #MPDLSFRVFTUTBU/HJOYMBZFS

/HJOYDPOGJHVSBUJPO 6TFHFP<>NPEVMFPG/HJOY $POGJHVSBUJPOGJMFT OHJOYDPOGVTFHFPNPEVMF JQCMBDLMJTUDPOG*1BEESFTT MJTU
OHJOYDPOG JQ CMBDLMJTUDPOG <> IUUQTOHJOYPSHFOEPDTIUUQOHY@IUUQ@HFP@NPEVMFIU

3FTVMU'JSTUXFFL "QQMZ .FBTVSFNFOU1FSJPEd "MM
#MPDL 3BUF 5BSHFU #SPXTFS #PU 1FSTPOBM"QQMJDBUJPO

3FTVMU0OFNPOUIMBUFS "QQMZ .FBTVSFNFOU1FSJPEd NPUIMBUFS "MM
#MPDL 3BUF #MPDLJOHSBUFEFDSFBTFETPNVDI

8IZCMPDLJOHSBUFEFDSFBTFE "TTVNQUJPO/FWFSIBEB%%P4BUUBDLEVSJOHUIFQFSJPEJOUIFpSTU QMBDF *GTP JUJTJEFBM *OUIFBDUVBM BUUBDLFETFWFSBMUJNFT

8IZCMPDLJOHSBUFEFDSFBTFE ❌ "TTVNQUJPO/FWFSIBEB%%P4BUUBDLEVSJOHUIFQFSJPEJOUIFGJSTU QMBDF *GTP JUJTJEFBM *OUIFBDUVBM BUUBDLFETFWFSBMUJNFT

8IZCMPDLJOHSBUFEFDSFBTFE "TTVNQUJPO%FDSFBTFEIJUSBUFEVFUPUIFPVUEBUFECMBDLMJTU -BTUVQEBUF 1FSJPET TUd
OEd "UUBDLFSTDBOFBTJMZDIBOHFUIFJS*1BEESFTTFT

8IZCMPDLJOHSBUFEFDSFBTFE ⭕"TTVNQUJPO%FDSFBTFEIJUSBUFEVFUPUIFPVUEBUFECMBDLMJTU -BTUVQEBUF 1FSJPET TUd OEd
"UUBDLFSTDBOFBTJMZDIBOHFUIFJS*1BEESFTTFT /FFEUPVQEBUFUIFCMBDLMJTUQFSJPEJDBMMZ

*TTVFT .BOBHF/HJOYDPOpHVSBUJPOTXJUI"OTJCMF TUBUJD 'PMMPXJOHTUFQTBSFSFRVJSFEUPVQEBUF*1 CMBDLMJTU 5BLFBUJNF
8BOUUPBWPJENBOVBMPQFSBUJPOBT QPTTJCMF /PFBTFPGSPMMCBDL %JGpDVMUUPXSJUFDPNQMJDBUFEMPHJD (PBM0QFSBUF*1CMBDLMJTUEZOBNJDBMMZ

/FX"QQSPBDIFT "QQMJDBUJPOMBZFSCMPDLJOHXJUI"SNFSJB EFDPSBUPS /HJOYMBZFSCMPDLJOHXJUINPOJUPSJOHTDSJQU /HJOYMBZFSCMPDLJOHXJUI-VBTDSJQU

/FX"QQSPBDI "QQMJDBUJPOMBZFSCMPDLJOHXJUI "SNFSJB

-PBE*1CMBDLMJTUBTBTUSJOHMJTU 7FSJGZ*1BEESFTTFTXJUI"SNFSJB 0WFSWJFX

%FUBJMFE"SDIJUFDUVSF ,FZDPNQPOFOUT $FOUSBM%PHNB "SNFSJB

8IBU`T$FOUSBM%PHNB l$FOUSBM%PHNBJTBOPQFOTPVSDFIJHIMZBWBJMBCMFWFSTJPODPOUSPMMFETFSWJDF DPOGJHVSBUJPOSFQPTJUPSZCBTFEPO(JU ;PP,FFQFSBOE)551z<> - Used to synchronize the
IP blacklist repository with application settings <> IUUQTMJOFHJUIVCJPDFOUSBMEPHNB

8IBU`T$FOUSBM%PHNB l$FOUSBM%PHNBJTBOPQFOTPVSDFIJHIMZBWBJMBCMFWFSTJPODPOUSPMMFETFSWJDF DPOGJHVSBUJPOSFQPTJUPSZCBTFEPO(JU ;PP,FFQFSBOE)551z - Enables centralized management and
real-time updates of blacklist data

8IBU`T"SNFSJB l"SNFSJBJTZPVSHPUPNJDSPTFSWJDFGSBNFXPSLGPSBOZTJUVBUJPOz<> 6UJMJ[FTEFDPSBUPSTUPJOUFSDFQUBOEQSPDFTTJODPNJOHSFRVFTUT <>IUUQTBSNFSJBEFW

8IBU`T"SNFSJB l"SNFSJBJTZPVSHPUPNJDSPTFSWJDFGSBNFXPSLGPSBOZTJUVBUJPOz 7BMJEBUFSFRVFTUTCBTFEPOUIFCMBDLMJTUMPBEFEGSPN$FOUSBM%PHNB

1SPTWT$POT ˔1SPT 6QEBUF*1CMBDLMJTUJOOFBSMZSFBMUJNF &BTZUPSPMMCBDL )JHIFSNBJOUBJOBCJMJUZ 3FVTBCMFBDSPTT"SNFSJBCBTFETFSWJDFT
˔$POT )JHIFSSFTPVSDFDPOTVNQUJPO $16 .FNPSZ )JHIFSMBUFODZ

/FX"QQSPBDI /HJOYMBZFSCMPDLJOHXJUINPOJUPSJOH TDSJQU

"QQMJDBUJPO 4ZOD*1CMBDLMJTUDPOGJHVSBUJPO XJUI$FOUSBM%PHNB 6QEBUFJQCMBDLMJTUDPOG .POJUPSJOH4DSJQU
.POJUPSJQCMBDLMJTUDPOGGPS DIBOHFT *GDIBOHFE SFMPBET/HJOY /HJOY #MPDLSFRVFTUT 0WFSWJFX

˔1SPT 6QEBUF*1CMBDLMJTUJOOFBSMZSFBMUJNF -PXFSMBUFODZ -PXFSSFTPVSDFDPOTVNQUJPO )JHIPOMZXIFOVQEBUJOH*1CMBDLMJTU ˔$POT
-PXFSNBJOUBJOBCJMJUZ )BSEUPNPOJUPSTUBUFBOEMPHT /FFEUPTFUQFSNJTTJPOUPSFMPBE/HJOY $BOOPUCFVTFEGPSPUIFSTFSWJDFTUIBU EPO`UDPOTJTUPGCPUI/HJOYBOE "QQMJDBUJPO 1SPTWT$POT

/FX"QQSPBDI /HJOYMBZFSCMPDLJOHXJUI-VBTDSJQU

"QQMJDBUJPO 4ZOD*1CMBDLMJTUDPOpHVSBUJPO XJUI$FOUSBM%PHNB 1SPWJEFBO"1* /HJOY -VB
6QEBUF*1CMBDLMJTUQFSJPEJDBMMZ 7BMJEBUFSFRVFTUT 0WFSWJFX

-VB l-VBJTBQPXFSGVM FGGJDJFOU MJHIUXFJHIU FNCFEEBCMFTDSJQUJOHMBOHVBHF*U TVQQPSUTQSPDFEVSBMQSPHSBNNJOH PCKFDUPSJFOUFEQSPHSBNNJOH GVODUJPOBM
QSPHSBNNJOH EBUBESJWFOQSPHSBNNJOH BOEEBUBEFTDSJQUJPOz<> $IPTF-VBTDSJQUJOHUPJNQMFNFOUEZOBNJD*1CMBDLMJTU MPHJDXJUIJO/HJOY 0QFO3FTUZ l0QFO3FTUZJTBGVMMGMFEHFEXFCQMBUGPSNUIBUJOUFHSBUFTPVSFOIBODFE WFSTJPOPGUIF/HJOYDPSF PVSFOIBODFEWFSTJPOPG-VB+*5 NBOZDBSFGVMMZ XSJUUFO-VBMJCSBSJFT MPUTPGIJHIRVBMJUZSEQBSUZ/HJOYNPEVMFT BOENPTU PGUIFJSFYUFSOBMEFQFOEFODJFTz<> *OUSPEVDFEBMPOHTJEF-VBUPFYUFOE/HJOYDBQBCJMJUJFT <>IUUQTXXXMVBPSH <>IUUQTPQFOSFTUZPSHFO 8IBU`T-VB BOE0QFO3FTUZ

4UPSF*1CMBDLMJTUDPOGJHVSBUJPOT • JQCMBDLMJTU • IBTI $BMMJQCMBDLMJTU"1*XJUIIBTI (FUUIFDPOGJHVSBUJPO
B *GMVB@IBTIBQQ@IBTIOPUIJOHUP EP C *GMVB@IBTIBQQ@IBTIVQEBUF DBDIF -VBTDSJQU6QEBUF*1CMBDLMJTU QFSJPEJDBMMZ

B *GMVB@IBTIBQQ@IBTIOPUIJOHUP EP C *GMVB@IBTIBQQ@IBTIVQEBUF DBDIF -VBTDSJQU6QEBUF*1CMBDLMJTU QFSJPEJDBMMZ ᶃ

B *GMVB@IBTIBQQ@IBTIOPUIJOHUP EP C *GMVB@IBTIBQQ@IBTIVQEBUF DBDIF -VBTDSJQU6QEBUF*1CMBDLMJTU QFSJPEJDBMMZ ᶄ

B *GMVB@IBTIBQQ@IBTIOPUIJOHUP EP C *GMVB@IBTIBQQ@IBTIVQEBUF DBDIF -VBTDSJQU6QEBUF*1CMBDLMJTU QFSJPEJDBMMZ ᶅ

4UPSF*1CMBDLMJTUDPOpHVSBUJPOT • JQCMBDLMJTU • IBTI $BMMJQCMBDLMJTU"1*XJUIIBTI (FUUIFDPOpHVSBUJPO
B *GMVB@IBTIBQQ@IBTIOPUIJOHUP EP C *GMVB@IBTIBQQ@IBTIVQEBUF DBDIF 3VOUIJTqPXQFSJPEJDBMMZBTBUJNFS -VBTDSJQU6QEBUF*1CMBDLMJTU QFSJPEJDBMMZ

-VBTDSJQU6QEBUF*1CMBDLMJTU QFSJPEJDBMMZ 4UPSF*1CMBDLMJTUDPOGJHVSBUJPOT • JQCMBDLMJTU • IBTI $BMMJQCMBDLMJTU"1*XJUIIBTI
(FUUIFDPOGJHVSBUJPO B *GMVB@IBTIBQQ@IBTIOPUIJOHUP EP C *GMVB@IBTIBQQ@IBTIVQEBUF DBDIF

3FDFJWFBSFRVFTU +VEHFUIFDMJFOU*1BEESFTTJTJO DBDIFE*1CMBDLMJTU B :FTSFUVSOT /P3FTQPOTF <> C
/PQSPYJFTUIFSFRVFTUUP BQQMJDBUJPO - [6] https://nginx.org/en/docs/http/request_processing.html -VBTDSJQU7BMJEBUFSFRVFTUT

/PQSPYJFTUIFSFRVFTUUP BQQMJDBUJPO - [6] https://nginx.org/en/docs/http/request_processing.html -VBTDSJQU7BMJEBUFSFRVFTUT ᶃ

/PQSPYJFTUIFSFRVFTUUP BQQMJDBUJPO - [6] https://nginx.org/en/docs/http/request_processing.html -VBTDSJQU7BMJEBUFSFRVFTUT ᶄ

-VBTDSJQU7BMJEBUFSFRVFTUT 3FDFJWFBSFRVFTU +VEHFUIFDMJFOU*1BEESFTTJTJO DBDIFE*1CMBDLMJTU B :FTSFUVSOT /P3FTQPOTF <>
C /PQSPYJFTUIFSFRVFTUUP BQQMJDBUJPO - [6] https://nginx.org/en/docs/http/request_processing.html

˔1SPT 6QEBUF*1CMBDLMJTUJOOFBSMZSFBMUJNF -PXFSMBUFODZ -PXFSSFTPVSDFDPOTVNQUJPO )JHIFSNBJOUBJOBCJMJUZ
3FVTBCMFBDSPTT/HJOYCBTFETFSWJDFT ˔$POT /FFEUPSFQMBDFUIFFYJTUJOH/HJOY XJUI0QFO3FTUZ /FFEUPMFBSO-VB 1SPTWT$POT

$PNQBSJTPO "QQSPBDI/HJOY -VBMPPLTHPPE /FFEUPWFSJGZ.FNPSZ $16BOE-BUFODZQFSGPSNBODF

#FODINBSL

5BSHFU"QQSPBDIFT 'JSTU/HJOYMBZFSCMPDLJOHXJUIHFPNPEVMF /FX"QQMJDBUJPOMBZFSCMPDLJOHXJUI"SNFSJB EFDPSBUPS /FX/HJOYMBZFSCMPDLJOHXJUINPOJUPSJOHTDSJQU 4FFNTCBDLXBSEDPNQBUJCMFXJUIPUIFST
/FX/HJOYMBZFSCMPDLJOHXJUI-VBTDSJQU

8IBUUPEPJOFBDIFOWJSPONFOU $SFBUFB7.FOWJSPONFOUGPS CFODINBSLXJUINVMUJQBTT<> 7. /HJOY "QQMJDBUJPO
-PDBM 4FOEBNBTTSFRVFTU <>IUUQTDBOPOJDBMDPNNVMUJQBTT

8IBU`TNVMUJQBTT l.VMUJQBTTJTBUPPMUPHFOFSBUFDMPVETUZMF6CVOUV7.T RVJDLMZPO-JOVY NBD04BOE8JOEPXT*UQSPWJEFTBTJNQMF CVUQPXFSGVM$-*UIBUFOBCMFTZPVUPRVJDLMZBDDFTTBO 6CVOUVDPNNBOEMJOFPSDSFBUFZPVSPXOMPDBMNJOJDMPVEz <> $PNNBOET
$SFBUFB7. .PVOUBQSPKFDUUPUIF7. $IFDLUIF7.TQFDT -PHJOUIF7. FUD <>IUUQTEPDVNFOUBUJPOVCVOUVDPNNVMUJQBTTFOMBUFTU

3FTVMU/HJOYMBZFSCMPDLJOHXJUIHFPNPEVMF 3VO "QQ 3FRVFTU#VSTU 4UBSU

$166TBHF -PXFWFOVOEFSIJHISFRVFTUMPBE .FNPSZ6TBHF /PTJHOJGJDBOUDIBOHF -BUFODZ
5PCFDPNQBSFEXJUIPUIFSSFTVMUT MBUFS 3FTVMU/HJOYMBZFSCMPDLJOHXJUIHFPNPEVMF

3FTVMU"QQMJDBUJPOMBZFSCMPDLJOHXJUI"SNFSJB EFDPSBUPS 3VO "QQ 3FRVFTU#VSTU 4UBSU

$166TBHF *ODSFBTFETJHOJGJDBOUMZVOEFSIJHI SFRVFTUMPBE .FNPSZ6TBHF )JHIFSPWFSBMMNFNPSZVTBHFEVF UPMPBEJOHBCMBDLMJTUJOUPB
4FU4USJOHJO"QQMJDBUJPO -BUFODZ "MNPTUTBNFBT/HJOY 3FTVMU"QQMJDBUJPOMBZFSCMPDLJOHXJUI"SNFSJB EFDPSBUPS

3FTVMU/HJOYMBZFSCMPDLJOHXJUI-VBTDSJQU 3VO "QQ 3FRVFTU#VSTU 4UBSU

$166TBHF -PXFWFOVOEFSIJHISFRVFTU MPBE .FNPSZ6TBHF .PTUMZTUBCMFEVSJOHUFTUJOH
4MJHIUJODSFBTFPCTFSWFEXIFO MPBEJOHUIFCMBDLMJTU -BUFODZ "MNPTUTBNFBTPUIFST 3FTVMU/HJOYMBZFSCMPDLJOHXJUI-VBTDSJQU

$166TBHF ˔/HJOYPS/HJOY -VB .FNPSZ6TBHF ˔/HJOYPS/HJOY -VB
-BUFODZ ˔/HJOYPS/HJOY -VB $PNQBSJTPO

$PNQBSJTPO )ZQPUIFTJT #FODINBSL

$PNQBSJTPO 1SPT$POT #FODINBSL /HJOY -VBQSPWJEFTUIFCFTUCBMBODF

%ZOBNJD0QTJO"DUJPO

4UFQT $SFBUFBQQSPWF13 $VUBOFXSFMFBTFCSBODI "OOPVODFPQTJO4MBDL 3VO"OTJCMFQMBZCPPL
3FMPBESFTUBSU/HJOY 1BJO1PJOUT &BDIVQEBUFUBLFTBMPOHUJNF .BOZUPVDIQPJOUTˠIVNBOFSSPSSJTL 3PMMCBDLSFQFBUUIFXIPMFGMPX OHJOYDPOGDBO`UIBOEMFDPNQMFYMPHJD #FGPSFr4UBUJD"OTJCMF'MPX

4UFQT $SFBUFBQQSPWF13 %POFVQEBUF (BJOT &OUJSFDZDMFVOEFSBGFXNJOVUFT
OP "OTJCMF 3PMMCBDL13SFWFSU BVUPBQQMJFE -VBFOBCMFTSJDI EZOBNJDSVMFT "GUFSr%ZOBNJD/HJOY -VB'MPX /FXCMBDLMJTUJTBQQMJFEXJUIJONJOVUFT

$PODMVTJPO

$PODMVTJPO (PBM0QFSBUF*1CMBDLMJTUEZOBNJDBMMZ "EPQUFE/HJOY -VB 8IZ 3FBMUJNFCMBDLMJTUVQEBUFT
-PXMBUFODZSFTPVSDFVTBHF #BTFEPOCFODINBSLSFTVMUT )JHINBJOUBJOBCJMJUZ &BTZUPFYUFOEUPPUIFS/HJOYTFSWJDFT

$PODMVTJPO (PBM0QFSBUF*1CMBDLMJTUEZOBNJDBMMZ "EPQUFE/HJOY -VB 0QTJNQSPWFE +VTUNFSHFB13UPVQEBUF
&BTZSPMMCBDLXIJUFMJTUIBOEMJOH

8IZ/PU5SZ/HJOY -VB

Nginx + Luaを活用したDDoS攻撃対策: 「LINE STORE」における動的IP ...

Nginx + Luaを活用したDDoS攻撃対策: 「LINE STORE」における動的IP Blacklist運用とアプローチ / Utilizing Nginx + Lua for DDoS Attack Mitigation: Dynamic IP Blacklist Operation and Approach at "LINE STORE"

More Decks by LINEヤフーTech (LY Corporation Tech)

Other Decks in Technology

Featured

Transcript