Tweet
Tweet

Slide 1

Slide 1 text

,BJHJPO3BJMT QSFTFOUFECZZVDBPIPVST ActionDispatch::HostAuthorization DNS ͱֶͿ ͷ͠ ͘ Έ Photo by Gauravdeep Singh Bansal on Unsplash

Slide 2

Slide 2 text

2 Ӭ࿨γεςϜϚωδϝϯτΞδϟΠϧࣄۀ෦ॴଐ 3BJMTΛ࢖ͬͨ࢓ࣄɺΞδϟΠϧͳ։ൃ͕ಘҙͰ޷͖ ޷͖ͳݘछ͸ γϕϦΞϯɾϋεΩʔ δϟʔϚϯɾγΣύʔυ ຊ೔ͷൃද΁ͷϑΟʔυόοΫΛ͓଴͍ͪͯ͠·͢ʂ Hello, I’m… yucao24hours

Slide 3

Slide 3 text

3

Slide 4

Slide 4 text

4

Slide 5

Slide 5 text

5

Slide 6

Slide 6 text

6 ਆాਢాொํ໘͔Β͖·ͨ͠ ʁ ˞Ӭ࿨γεςϜϚωδϝϯτ౦ژࢧࣾ͸ਆాਢాொʹҐஔ͍ͯ͠·͢ Distinguished Engineer 5%%XJUIHJU
 -POHMJWFFOHJOFFSJOH Koichi ITO Super duper wakamono ίʔυϨϏϡʔຊϊοΫͰ ֶΜͩ3BJMTϦϑΝΫλϦϯά 9sako6 Me "DUJPO%JTQBUDI)PTU"VUIPSJ[BUJPO ͱֶͿ%/4ͷ͘͠Έ yucao24hours A Living Legend a_matsuda DPNJOHTPPO

Slide 7

Slide 7 text

7 ຊ೔͓࿩͢͠Δ͜ͱ  %/4ͷ͖΄Μ • %/4ͱ͸ͳʹ͔ • ໰͍߹Θͤޮ཰ԽͷͨΊʹ  %/4ϦόΠϯσΟϯά • ߈ܸͷͨΊͷ४උ • ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔  )PTU"VUIPSJ[BUJPOͱ͍͏3BDLϛυϧ΢ΣΞʹ͍ͭͯ • %/4ϦόΠϯσΟϯάͷݟഁΓํ • 3BJMTͷ)PTU"VUIPSJ[BUJPOͱ͸Ͳ͏͍͏΋ͷʁ

Slide 8

Slide 8 text

8 %/4ͷ͖΄Μ • %/4ͱ͸ͳʹ͔ • ໰͍߹Θͤޮ཰ԽͷͨΊʹ 5PQJD Photo by Stephane YAICH on Unsplash

Slide 9

Slide 9 text

9 DNS … Domain Name System %/4ͱ͸ͳʹ͔

Slide 10

Slide 10 text

10 Πϯλʔωοτ্Ͱϗετͷಛఆʜ*1ΞυϨε %/4ͱ͸ͳʹ͔ *1WΞυϨε *1WΞυϨε ਺ࣈͷཏྻͳͷͰਓ͕ؒهԱɾ؅ཧ͢Δͷ͸λΠϔϯ

Slide 11

Slide 11 text

11 ਓ͕ؒѻ͍΍͍ࣝ͢ผࢠʜ໊લ %/4ͱ͸ͳʹ͔ هԱ͠΍͍͢ɺղऍ͠΍͍͢ ʮ෼ࢄ؅ཧʯͷߟ͑ํʹରԠͰ͖ΔʢυϝΠϯͱ%/4ͷ୉ޣຯ ͚ͩΕͲࠓ೔͸͓࿩͠·ͤΜʣ Πϯλʔωοτ্ʹ͓͚ΔlൣғzʜυϝΠϯ υϝΠϯ͝ͱʹ෇͚ΒΕ໊ͨલ͕υϝΠϯ໊

Slide 12

Slide 12 text

12 %/4ͷجຊతͳ໾ׂ %/4ͱ͸ͳʹ͔ υϝΠϯ໊ͱ*1ΞυϨεͱͷରԠ͚ͮΛ؅ཧ͢Δ ඞཁʹԠͯ͡ɺυϝΠϯ໊ʹରԠ͢Δ*1ΞυϨεΛ୳͠ग़͢ ໊લղܾ

Slide 13

Slide 13 text

13 υϝΠϯ໊͝ͱʹ؅ཧΛҕ೚͢Δ ໰͍߹Θͤޮ཰ԽͷͨΊʹ yucao24hours.me 99.84.130.27 ͷ*1ΞυϨε͸ TTL 60 agile.esm.co.jp 13.33.9.96 ͷ*1ΞυϨε͸ TTL 60 kaigionrails.org 185.199.109.153 ͷ*1ΞυϨε͸ TTL 3600

Slide 14

Slide 14 text

14 υϝΠϯ໊͝ͱʹ؅ཧΛҕ೚͢Δ ໰͍߹Θͤޮ཰ԽͷͨΊʹ yucao24hours.me 99.84.130.27 ͷ*1ΞυϨε͸ TTL 60 agile.esm.co.jp 13.33.9.96 ͷ*1ΞυϨε͸ TTL 60 kaigionrails.org 185.199.109.153 ͷ*1ΞυϨε͸ TTL 3600

Slide 15

Slide 15 text

15 υϝΠϯ໊͝ͱʹ؅ཧΛҕ೚͢Δ ໰͍߹Θͤޮ཰ԽͷͨΊʹ yucao24hours.me 99.84.130.27 ͷ*1ΞυϨε͸ TTL 60 agile.esm.co.jp 13.33.9.96 ͷ*1ΞυϨε͸ TTL 60 kaigionrails.org 185.199.109.153 ͷ*1ΞυϨε͸ TTL 3600

Slide 16

Slide 16 text

16 υϝΠϯ໊͝ͱʹ؅ཧΛҕ೚͢Δ ໰͍߹Θͤޮ཰ԽͷͨΊʹ yucao24hours.me 99.84.130.27 ͷ*1ΞυϨε͸ TTL 60 agile.esm.co.jp 13.33.9.96 ͷ*1ΞυϨε͸ TTL 60 kaigionrails.org 185.199.109.153 ͷ*1ΞυϨε͸ TTL 3600

Slide 17

Slide 17 text

17 ར༻ऀ yucao24hours.me ͷ*1ΞυϨεΛ
 ஌Γ͍ͨ ϑϧϦκϧό ݖҖαʔό yucao24hours.me. ໊લղܾͷ୅ߦ໾ 99.84.130.27 ໰͍߹Θͤޮ཰ԽͷͨΊʹ ໊લղܾͷ͘͠Έ

Slide 18

Slide 18 text

18 ར༻ऀ yucao24hours.me ͷ*1ΞυϨεΛ
 ஌Γ͍ͨ ϑϧϦκϧό ݖҖαʔό yucao24hours.me. ໊લղܾͷ୅ߦ໾ 99.84.130.27 ໰͍߹Θͤޮ཰ԽͷͨΊʹ ໊લղܾͷ͘͠Έ

Slide 19

Slide 19 text

19 ར༻ऀ yucao24hours.me ͷ*1ΞυϨεΛ
 ஌Γ͍ͨ yucao24hours.me ͷ*1ΞυϨε͸ʁ ϑϧϦκϧό 99.84.130.27 ໰͍߹Θͤޮ཰ԽͷͨΊʹ ݖҖαʔό yucao24hours.me. ໊લղܾͷ୅ߦ໾ ໊લղܾͷ͘͠Έ

Slide 20

Slide 20 text

20 ར༻ऀ ϑϧϦκϧό yucao24hours.me 99.84.130.27 ͷ*1ΞυϨε͸ TTL 60 99.84.130.27 ໰͍߹Θͤޮ཰ԽͷͨΊʹ ݖҖαʔό yucao24hours.me. ໊લղܾͷ୅ߦ໾ ໊લղܾͷ͘͠Έ

Slide 21

Slide 21 text

21 ར༻ऀ ϑϧϦκϧό yucao24hours.me 99.84.130.27 ͷ*1ΞυϨε͸ TTL 60 yucao24hours.me 99.84.130.27 ͷ*1ΞυϨε͸ 99.84.130.27 ໰͍߹Θͤޮ཰ԽͷͨΊʹ ݖҖαʔό yucao24hours.me. ໊લղܾͷ୅ߦ໾ ໊લղܾͷ͘͠Έ

Slide 22

Slide 22 text

22 ར༻ऀ ϑϧϦκϧό 99.84.130.27 ໰͍߹Θͤޮ཰ԽͷͨΊʹ ݖҖαʔό yucao24hours.me. ໊લղܾͷ୅ߦ໾ ໊લղܾͷ͘͠Έ

Slide 23

Slide 23 text

23 ϑϧϦκϧό ར༻ऀ yucao24hours.me 99.84.130.27 ͷ*1ΞυϨε͸ TTL 60 99.84.130.27 ໰͍߹Θͤޮ཰ԽͷͨΊʹ ݖҖαʔό yucao24hours.me. ໊લղܾͷ୅ߦ໾ ໊લղܾͷ͘͠Έ

Slide 24

Slide 24 text

24 ϑϧϦκϧό ར༻ऀ yucao24hours.me 99.84.130.27 ͷ*1ΞυϨε͸ TTL 60 99.84.130.27 ໰͍߹Θͤޮ཰ԽͷͨΊʹ ݖҖαʔό yucao24hours.me. ໊લղܾͷ୅ߦ໾ ໊લղܾͷ͘͠Έ

Slide 25

Slide 25 text

25 ར༻ऀ yucao24hours.me ͷ*1ΞυϨεΛ
 ஌Γ͍ͨ ϑϧϦκϧό ݖҖαʔό yucao24hours.me. 99.84.130.27 ໰͍߹Θͤޮ཰ԽͷͨΊʹ yucao24hours.me 99.84.130.27 ͷ*1ΞυϨε͸ TTL 60 ໊લղܾͷ୅ߦ໾ ໊લղܾͷ͘͠Έ

Slide 26

Slide 26 text

26 ར༻ऀ ϑϧϦκϧό 99.84.130.27 yucao24hours.me 99.84.130.27 ͷ*1ΞυϨε͸ TTL 60 yucao24hours.me 99.84.130.27 ͷ*1ΞυϨε͸ ໰͍߹Θͤޮ཰ԽͷͨΊʹ ݖҖαʔό yucao24hours.me. ໊લղܾͷ୅ߦ໾ ໊લղܾͷ͘͠Έ

Slide 27

Slide 27 text

27 %/4·ͱΊ υϝΠϯ໊ͱ*1ΞυϨεͷରԠ͚ͮΛ؅ཧ͠ɺ໊લղܾΛߦ͏ͨΊͷ͘͠Έ ϑϧϦκϧό໊͕લղܾΛ୅ߦ͢Δ ϑϧϦκϧό͸ɺݖҖαʔό͔Βͷ໰͍߹Θͤ݁ՌΛҰఆ࣌ؒΩϟογϡ͠ ͯΑ͍ͱ͞ΕΔ ϑϧϦκϧό͸ɺҎલͷ໰͍߹Θͤ݁ՌͷΩϟογϡ͕͋Ε͹ͦΕΛ࢖ͬͯ Ϣʔβ΁Ԡ౴͠ɺݖҖαʔό΁͸৽ͨʹ໰͍߹ΘͤΛൃߦ͠ͳ͍ ϑϧϦκϧό͕Ԡ౴಺༰ΛΩϟογϡͯ͠Α͍࣌ؒ 55- ͸֤κʔϯͷ؅ཧ ऀ͕ܾΊΒΕΔ

Slide 28

Slide 28 text

28 ΋ͬͱ%/4Λֶͼ͍ͨͳΒʜ %/4͕Α͘Θ͔ΔڭՊॻʛ4#ΫϦΤΠςΟϒ https://www.sbcr.jp/product/4797394481/

Slide 29

Slide 29 text

29 %/4 ϦόΠϯσΟϯά • ߈ܸͷͨΊͷ४උ • ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔ 5PQJD Photo by Jonatan Lewczuk on Unsplash

Slide 30

Slide 30 text

30 ߈ܸͷͨΊͷ४උ Piyostagram piyostagram.com 133.127.254.9 ߈ܸऀ

Slide 31

Slide 31 text

31 ߈ܸͷͨΊͷ४උ ߈ܸऀ kougeki.com

Slide 32

Slide 32 text

243.102.110.103 32 ߈ܸͷͨΊͷ४උ ߈ܸऀ ᠘αΠτ kougeki.com

Slide 33

Slide 33 text

33 ߈ܸͷͨΊͷ४උ ߈ܸऀ ᠘αΠτ ݖҖαʔό kougeki.com 243.102.110.103 ͷ*1ΞυϨε͸ TTL 3 243.102.110.103

Slide 34

Slide 34 text

34 ߈ܸͷͨΊͷ४උ ߈ܸऀ ᠘αΠτ kougeki.com 243.102.110.103 ͷ*1ΞυϨε͸ TTL 3 243.102.110.103 ݖҖαʔό

Slide 35

Slide 35 text

35 ߈ܸͷͨΊͷ४උ ߈ܸऀ ᠘αΠτ kougeki.com 243.102.110.103 ͷ*1ΞυϨε͸ TTL 3 243.102.110.103 ݖҖαʔό lϩʔυޙOඵޙʹ kougeki.comʹࣗಈͰΞΫηε͠
 ͦ͜ͰYYY ѱ͍͜ͱ Λ͢Δz ͕ίʔσ Οϯά͞Εͨ
 ߈ܸ༻+BWB4DSJQUίʔυ Λฦ͢Α͏ʹ͓ͯ͘͠

Slide 36

Slide 36 text

36 ߈ܸ։࢝ ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔

Slide 37

Slide 37 text

37 ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔ ߈ܸऀ ߈ܸର৅ऀ :͞Μ 243.102.110.103 133.127.254.9 ϑϧϦκϧό ݖҖαʔό kougeki.com. ໊લղܾͷ୅ߦ໾ kougeki.com ΁ͷϦϯΫΛ
 ΫϦοΫ ϝʔϧ಺ͷ

Slide 38

Slide 38 text

38 ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔ ߈ܸऀ ߈ܸର৅ऀ :͞Μ kougeki.com ͷ*1ΞυϨεΛ
 ஌Γ͍ͨ kougeki.com ͷ*1ΞυϨε͸ʁ ϑϧϦκϧό 243.102.110.103 133.127.254.9 ݖҖαʔό kougeki.com. ໊લղܾͷ୅ߦ໾

Slide 39

Slide 39 text

39 ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔ ߈ܸऀ ߈ܸର৅ऀ :͞Μ ϑϧϦκϧό kougeki.com 243.102.110.103 ͷ*1ΞυϨε͸ 243.102.110.103 133.127.254.9 kougeki.com 243.102.110.103 ͷ*1ΞυϨε͸ TTL 3 ݖҖαʔό kougeki.com. ໊લղܾͷ୅ߦ໾

Slide 40

Slide 40 text

40 ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔ ߈ܸऀ ߈ܸର৅ऀ :͞Μ ϑϧϦκϧό 243.102.110.103 133.127.254.9 kougeki.com 243.102.110.103 ͷ*1ΞυϨε͸ TTL 3 ݖҖαʔό kougeki.com. ໊લղܾͷ୅ߦ໾

Slide 41

Slide 41 text

41 ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔ ߈ܸऀ ߈ܸର৅ऀ :͞Μ ϑϧϦκϧό 243.102.110.103 133.127.254.9 ݖҖαʔό kougeki.com. kougeki.com 243.102.110.103 ͷ*1ΞυϨε͸ TTL 3 ໊લղܾͷ୅ߦ໾

Slide 42

Slide 42 text

42 ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔ ߈ܸऀ ߈ܸର৅ऀ :͞Μ ϑϧϦκϧό 243.102.110.103 133.127.254.9 ݖҖαʔό kougeki.com. kougeki.com 243.102.110.103 ͷ*1ΞυϨε͸ TTL 3 lϩʔυޙOඵޙʹ kougeki.comʹࣗಈͰΞΫηε͠
 ͦ͜ͰYYY ѱ͍͜ͱ Λ͢Δz ͕ίʔσ Οϯά͞Εͨ
 ߈ܸ༻+BWB4DSJQUίʔυ ໊લղܾͷ୅ߦ໾

Slide 43

Slide 43 text

43 ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔ ߈ܸऀ ߈ܸର৅ऀ :͞Μ ϑϧϦκϧό 243.102.110.103 133.127.254.9 kougeki.com 243.102.110.103 ͷ*1ΞυϨε͸ TTL 3 ݖҖαʔό kougeki.com. ໊લղܾͷ୅ߦ໾

Slide 44

Slide 44 text

44 ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔ ߈ܸऀ ߈ܸର৅ऀ :͞Μ ϑϧϦκϧό 243.102.110.103 133.127.254.9 kougeki.com 243.102.110.103 ͷ*1ΞυϨε͸ TTL 3 ݖҖαʔό kougeki.com. ໊લղܾͷ୅ߦ໾

Slide 45

Slide 45 text

45 ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔ ߈ܸऀ ߈ܸର৅ऀ :͞Μ ϑϧϦκϧό 243.102.110.103 133.127.254.9 kougeki.com 243.102.110.103 ͷ*1ΞυϨε͸ 133.127.254.9 ݖҖαʔό kougeki.com. ໊લղܾͷ୅ߦ໾

Slide 46

Slide 46 text

46 ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔ ߈ܸऀ ߈ܸର৅ऀ :͞Μ ϑϧϦκϧό 243.102.110.103 133.127.254.9 kougeki.com ͷ*1ΞυϨεΛ
 ஌Γ͍ͨ ݖҖαʔό kougeki.com. ໊લղܾͷ୅ߦ໾

Slide 47

Slide 47 text

47 ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔ ߈ܸऀ ߈ܸର৅ऀ :͞Μ ϑϧϦκϧό 243.102.110.103 133.127.254.9 kougeki.com ͷ*1ΞυϨεΛ
 ஌Γ͍ͨ kougeki.com ͷ*1ΞυϨε͸ʁ ݖҖαʔό kougeki.com. ໊લղܾͷ୅ߦ໾

Slide 48

Slide 48 text

48 ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔ ߈ܸऀ ߈ܸର৅ऀ :͞Μ ϑϧϦκϧό 243.102.110.103 133.127.254.9 kougeki.com ͷ*1ΞυϨε͸ kougeki.com 133.127.254.9 ͷ*1ΞυϨε͸ TTL 86400 133.127.254.9 ݖҖαʔό kougeki.com. ໊લղܾͷ୅ߦ໾

Slide 49

Slide 49 text

49 ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔ ߈ܸऀ ߈ܸର৅ऀ :͞Μ ϑϧϦκϧό 243.102.110.103 133.127.254.9 ݸਓ৘ใΛ
 ൈ͖औΔFUDʜ ݖҖαʔό kougeki.com. ໊લղܾͷ୅ߦ໾

Slide 50

Slide 50 text

50 ͲͷΑ͏ʹ߈ܸ͞ΕΔͷ͔ ͋͘·Ͱ΋%/4ͷ࢓༷Ͳ͓ΓͰ͋Δ %/4ͷ੬ऑੑΛͭ͘Α͏ͳ߈ܸͰ͸ͳ͍ ʜͰ͸ɺͲ͏ͨ͠Βʁ

Slide 51

Slide 51 text

51 %/4ϦόΠϯσΟϯά·ͱΊ %/4ͷ࢓༷Λѱ༻ͨ͠߈ܸख๏Ͱ͢ ϗετ໊͸ม͑ͣɺ*1ΞυϨεΛ࠮শ͞ΕΔ߈ܸͰ͢ ϦόΠϯσΟϯάޙʹϓϥΠϕʔτωοτϫʔΫͷ*1ΞυϨε౳Λࢦఆ͞ΕΔ ͜ͱͰɺϑΝΠΞ΢Υʔϧ಺ͷϓϥΠϕʔτωοτϫʔΫ΋߈ܸର৅ͱͳΓ· ͢ʢࠓճͷΑ͏ʹΠϯλʔωοτ্ͷαʔόΛ߈ܸ͞ΕΔͱ͍͏ͷ͸͋͘·Ͱ ΋Ұྫʣ

Slide 52

Slide 52 text

52 5PQJD ActionDispatch:: HostAuthorization • %/4ϦόΠϯσΟϯάͷݟഁΓํ • 3BJMTͷ)PTU"VUIPSJ[BUJPOͱ͸Ͳ͏͍͏΋ͷʁ Photo by Wolfgang Hasselmann on Unsplash

Slide 53

Slide 53 text

53 %/4ϦόΠϯσΟϯάͷݟഁΓํ GET /login.html HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: kougeki.com Accept-Language: ja-JP ߈ܸͷಛੑ্ɺ

Slide 54

Slide 54 text

54 GET /login.html HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: kougeki.com Accept-Language: ja-JP ໊લղܾͷࡍʹ࢖ΘΕͨυϝΠϯ໊͕)PTUʹهࡌ͞ΕΔ ߈ܸͷಛੑ্ɺ %/4ϦόΠϯσΟϯάͷݟഁΓํ ˞9.-)UUQ3FRVFTUͰ͸ɺϢʔβʹΑΔ)PTUϔομͷมߋ͸Ͱ͖ͳ͍

Slide 55

Slide 55 text

55 ϦΫΤετͷ)PTUϔομͷ஋͕ ҙਤͨ͠υϝΠϯ໊*1ΞυϨε͔Λ ֬ೝ͢Ε͹ྑ͍ʂ %/4ϦόΠϯσΟϯάͷݟഁΓํ

Slide 56

Slide 56 text

56 GET /login.html HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: piyostragram.com Accept-Language: ja-JP GET /login.html HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: kougeki.com Accept-Language: ja-JP Valid Request Invalid Request %/4ϦόΠϯσΟϯάͷݟഁΓํ

Slide 57

Slide 57 text

57 ͦͷͨΊʹ࣮૷͞Εͨͷ͕ɺ %/4ϦόΠϯσΟϯάͷݟഁΓํ

Slide 58

Slide 58 text

58 https://github.com/rails/rails/blob/6-0-stable/actionpack/CHANGELOG.md#rails-600beta1-january-18-2019 ͜Ε͸ɺϦΫΤετ͕Ͱ͖ΔϗετΛ໌ࣔతʹڐՄ͢Δ͜ͱͰɺ%/4ϦόΠϯσΟϯά߈ܸΛ๷ޚ͢Δɺ ৽͍͠ϛυϧ΢ΣΞͰ͢ɻ ͦΕͧΕͷϗετ͸ DBTF PQFSBUPS   ͰνΣοΫ͞ΕɺϗετΛڐՄ͢ΔͨΊͷ΋ͷͱͯ͠ 3FHFYQ  1SPD *1"EES ΧελϜΦϒδΣΫτΛαϙʔτ͍ͯ͠·͢ɻ 3BJMTͷ)PTU"VUIPSJ[BUJPOͱ͸Ͳ͏͍͏΋ͷʁ

Slide 59

Slide 59 text

59 3BJMTͷ)PTU"VUIPSJ[BUJPOͱ͸Ͳ͏͍͏΋ͷʁ Rails.application.config.hosts = [ IPAddr.new(“0.0.0.0/0”), # All IPv4 addresses. IPAddr.new(“::/0"), # All IPv6 addresses. “localhost” # The localhost reserved domain. ] )PTUͷڐՄϦετΛ࡞੒͢Δ

Slide 60

Slide 60 text

60 3BJMTͷ)PTU"VUIPSJ[BUJPOͱ͸Ͳ͏͍͏΋ͷʁ σϑΥϧτͰ͸ɺڐՄϦετʹ஋͕͋Δͷ͸ https://github.com/rails/rails/blob/6-0-stable/railties/lib/rails/application/ configuration.rb#L34 EFWFMPQNFOU؀ڥͷΈ ڐՄϦετ͕ۭ)PTUϔομ͸ݕূ͠ͳ͍

Slide 61

Slide 61 text

61 EFWFMPQNFOU؀ڥҎ֎Ͱ΋ݕূΛ༗ޮʹ͍ͨ͠৔߹͸ʜ # config/environments/#{environment}.rb Rails.application.config.hosts = [ “yucao24hours.me" # Add hostname you’d like to pass ] 3BJMTͷ)PTU"VUIPSJ[BUJPOͱ͸Ͳ͏͍͏΋ͷʁ

Slide 62

Slide 62 text

62 3BJMTͷ)PTU"VUIPSJ[BUJPOͱ͸Ͳ͏͍͏΋ͷʁ https://github.com/rails/rails/blob/6-0-stable/actionpack/lib/action_dispatch/ middleware/host_authorization.rb#L22-L30 ڐՄϦετ ϦΫΤετϔομͷ஋
 )PTU 9'PSXBSEFE)PTU ൑ఆ෦෼ͷϝιουͷ࣮૷ΛݟͯΈΔ

Slide 63

Slide 63 text

63 3BJMTͷ)PTU"VUIPSJ[BUJPOͱ͸Ͳ͏͍͏΋ͷʁ https://github.com/rails/rails/blob/6-0-stable/actionpack/lib/action_dispatch/ middleware/host_authorization.rb#L56-L67 Λฦ͢ ൑ఆ෦෼ͷϝιουͷ࣮૷ΛݟͯΈΔ

Slide 64

Slide 64 text

64 3BJMTͷ)PTU"VUIPSJ[BUJPOͱ͸Ͳ͏͍͏΋ͷʁ Rails.application.config.hosts << IPAddr.new(“10.0.0.1/8”) IPAddr Rails.application.config.hosts << /.*\.example\.com/ RegExp Rails.application.config.hosts << "yucao24hours.me" String

Slide 65

Slide 65 text

65 3BJMTͷ)PTU"VUIPSJ[BUJPOͱ͸Ͳ͏͍͏΋ͷʁ υοτ͔Β࢝·Δ4USJOHͰαϒυϝΠϯΛڐՄ͢Δ Rails.application.config.hosts << “.example.com" https://github.com/rails/rails/blob/6-0-stable/actionpack/lib/action_dispatch/ middleware/host_authorization.rb#L47-L53

Slide 66

Slide 66 text

66 3BJMTͷ)PTU"VUIPSJ[BUJPOͱ͸Ͳ͏͍͏΋ͷʁ τϥϒϧใࠂ "84&-#"-#͔Β3BJMTΞϓϦ΁ͷIFBMUIDIFDLϦΫΤετ࣌ɺ)PTUϔομ͕ ڐՄϦετʹ͋Δ΋ͷͰ͸ͳ͔ͬͨͨΊɺʹͳͬͯ͠·ͬͨ %PDLFS%FTLUPQGPS.BDͷIPTUEPDLFSJOUFSOBMΛ࢖͍͕ͬͯͨɺڐՄϦετʹೖ Ε͍ͯͳ͔ͬͨͨΊʹͳͬͯ͠·ͬͨ ʹ઀ଓ͢ΔࡍʹMWINFΛ࢖͍͕ͬͯͨɺڐՄϦετʹೖΕ͍ͯͳ͔ ͬͨͨΊʹͳͬͯ͠·ͬͨ 66

Slide 67

Slide 67 text

67 3BJMTͷ)PTU"VUIPSJ[BUJPOͱ͸Ͳ͏͍͏΋ͷʁ طʹϦόʔεϓϩΩγ౳Ͱ )PTUϔομͷݕূΛ͍ͯ͠ΔͳΒ Θ͟Θ͟ڐՄϦετΛઃఆ͢Δඞཁ͸ͳ͍ 67

Slide 68

Slide 68 text

68 3BJMTͷ)PTU"VUIPSJ[BUJPOͱ͸Ͳ͏͍͏΋ͷʁ ҆қʹڐՄϦετΛۭʹͤͣɺ ࣗ͝਎ͷαʔϏεߏ੒ʹ͋Θͤͯ ରԠ͠·͠ΐ͏ 68

Slide 69

Slide 69 text

69 )PTU"VUIPSJ[BUJPO·ͱΊ 3BJMT͔Βಋೖ͞Ε·ͨ͠ ڐՄϦετʹͳ͍υϝΠϯ໊͕ )PTU  9'PSXBSEFE)PTU ϔομʹؚ·Ε ͍ͯΔϦΫΤετʹ͸ɺσϑΥϧτͰ͸Λฦ͠·͢ ͨͩ͠ڐՄϦετ͕ۭͰ͋Ε͹ϔομͷݕূ͸͠·ͤΜʢࠓ·Ͱͱಈ࡞͸ มΘΓ·ͤΜʣ ࣗαʔϏεͷߏ੒ʹ͋Θͤͯઃఆ͠·͠ΐ͏

Slide 70

Slide 70 text

75 参考文献 DNS がよくわかる教科書 (SB クリエイティブ) https://www.sbcr.jp/product/4797394481/ 【インターネットとは】 1-2. ドメイン名とIPアドレス ~ドメイン名~ (JPNIC) https://youtu.be/l2XZBjOEK2w ドメイン名のしくみ - JPNIC https://www.nic.ad.jp/ja/dom/system.html 浸透いうな! http://www.e-ontap.com/dns/propagation/ DNS浸透の都市伝説を斬る ~ランチのおともにDNS~ https://jprs.jp/tech/material/iw2011-lunch-L1-01.pdf DNS のきほん

Slide 71

Slide 71 text

76 参考文献 DNS rebinding attack の対策と考察 https://dnsops.jp/bof/20071119/dnsrebinding-20071119.pdf Protecting Browsers from DNS Rebinding Attacks https://crypto.stanford.edu/dns/ DNS Rebinding ~今日の用語特別版~ | 徳丸浩の日記 https://blog.tokumaru.org/2007/11/dns-rebinding.html DNS リバインディング

Slide 72

Slide 72 text

77 参考文献 Guard against DNS rebinding attacks by permitting hosts by gsamokovarov · Pull Request #33145 · rails/rails https://github.com/rails/rails/pull/33145/ #3397 ([PATCH] CgiRequest returns incorrect host name in event of multiple proxies) - Rails Trac - Trac https://web.archive.org/web/20100618053001/http://dev.rubyonrails.org/ticket/3397 X-Forwarded-Host - HTTP | MDN https://developer.mozilla.org/ja/docs/Web/HTTP/Headers/X-Forwarded-Host ターゲットグループのヘルスチェック - Elastic Load Balancing https://docs.aws.amazon.com/ja_jp/elasticloadbalancing/latest/network/target-group-health- checks.html Application Load Balancer のヘルスチェック失敗のトラブルシューティング https://aws.amazon.com/jp/premiumsupport/knowledge-center/elb-fix-failing-health-checks-alb/ ActionDispatch::HostAuthorization(1/2)

Slide 73

Slide 73 text

78 参考文献 Practical Web Cache Poisoning | PortSwigger Research https://portswigger.net/research/practical-web-cache-poisoning How to Configure Symfony to Work behind a Load Balancer or a Reverse Proxy (Symfony Docs) https://symfony.com/doc/current/deployment/proxies.html ActionDispatch::HostAuthorization(2/2)