{"id":9612,"date":"2022-09-23T22:21:18","date_gmt":"2022-09-23T13:21:18","guid":{"rendered":"https:\/\/y2tech.net\/blog\/?p=9612"},"modified":"2026-02-17T19:56:06","modified_gmt":"2026-02-17T10:56:06","slug":"wordpress-security-improvement-with-waf","status":"publish","type":"post","link":"https:\/\/y2tech.net\/blog\/inet\/web\/wordpress-security-improvement-with-waf-9612\/","title":{"rendered":"AWS\u74b0\u5883\u4e0b\u3067\u306eWordPress\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u5bfe\u7b56\uff08WAF2\u7de8\uff09"},"content":{"rendered":"

AWS WAF2 \u3067Wordpress\u306e\u7ba1\u7406\u753b\u9762\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u5236\u9650\u3059\u308b<\/h3>\r\n
\r\n

WordPress\u30b5\u30a4\u30c8\u3092CloudFront\u7d4c\u7531\u3067\u914d\u4fe1\u3059\u308b\u969b\u306e\u30ad\u30e3\u30c3\u30b7\u30e5\u306e\u5236\u5fa1\u306b\u3064\u3044\u3066\u306f\u3082\u3046\u5c11\u3057\u691c\u8a0e\u3092\u91cd\u306d\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\u304c\u3001CloudFront\u3068\u306e\u7d44\u307f\u5408\u308f\u305b\u306b\u3064\u3044\u3066\u306f\u3042\u308b\u7a0b\u5ea6\u306e\u76ee\u51e6\u304c\u4ed8\u3044\u305f\u306e\u3067\u3001\u4eca\u5ea6\u306fWordpress\u306e\u7ba1\u7406\u753b\u9762\u306b\u5bfe\u3059\u308b\u5236\u5fa1\u306b\u3064\u3044\u3066\u691c\u8a0e\u3059\u308b\u3053\u3068\u306b\u3059\u308b\uff0e<\/p>\r\n
\r\n

WordPress\u30b5\u30a4\u30c8\u3092\u5358\u72ec\u3067\u52d5\u304b\u3057\u3066\u3044\u308b\u5206\u306b\u306f\u3001\u5358\u7d14\u306b\u7ba1\u7406\u753b\u9762\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092”.htaccess” \u7b49\u3067IP\u30a2\u30c9\u30ec\u30b9\u3084\u30c9\u30e1\u30a4\u30f3\u30d9\u30fc\u30b9\u3067\u30a2\u30af\u30bb\u30b9\u5236\u9650\u3092\u639b\u3051\u308b\u3053\u3068\u304c\u53ef\u80fd\u306a\u306e\u3067\u7279\u306b\u554f\u984c\u3068\u306f\u306a\u3089\u306a\u3044\u304c\u3001CloudFront\u3092\u7d4c\u7531\u3055\u305b\u308b\u3068\u3001\u30aa\u30ea\u30b8\u30f3\u5074\u3067\u3042\u308bHTTP\u30b5\u30fc\u30d0\u306f\u5168\u3066\u306eHTTP\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u304cCloudFront\u304b\u3089\u3084\u3063\u3066\u6765\u308b\u305f\u3081\u3001HTTP\u30b5\u30fc\u30d0\u5074\u3067\u306f\u30e6\u30fc\u30b6\u306eIP\u30a2\u30c9\u30ec\u30b9\u3084\u30c9\u30e1\u30a4\u30f3\u60c5\u5831\u3092\u57fa\u306b\u3057\u305f\u5358\u7d14\u306a\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u304c\u3067\u304d\u306a\u304f\u306a\u308b\uff0e<\/p>\r\n
\r\n

\u52ff\u8ad6\u3001”.htaccess”\u306e\u3088\u3046\u306a\u5358\u7d14\u306a\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u304c\u3067\u304d\u306a\u3044\u3051\u308c\u3069\u3001CloudFront\u5074\u3067\u30aa\u30ea\u30b8\u30f3\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30ab\u30b9\u30bf\u30e0\u30dd\u30ea\u30b7\u30fc\u3092\u4f5c\u6210\u3059\u308b\u3053\u3068\u3067\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306eIP\u30a2\u30c9\u30ec\u30b9\u60c5\u5831\u3092\u53d6\u5f97\u3057\u3001\u305d\u306e\u60c5\u5831\u3092HTTP\u30d8\u30c3\u30c0\u30fc\u60c5\u5831\u306b\u8f09\u305b\u3066\u30aa\u30ea\u30b8\u30f3\u5074\u306eHTTP\u30b5\u30fc\u30d0\u3078\u6e21\u3059\u3053\u3068\u304c\u53ef\u80fd\u306a\u306e\u3067\u3001\u30aa\u30ea\u30b8\u30f3\u30b5\u30fc\u30d0\u5074\u306e\u5de5\u592b\u3067\u3001\u30e6\u30fc\u30b6\u306eIP\u60c5\u5831\u306b\u57fa\u3065\u3044\u305f\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u306f\u53ef\u80fd\u3060\uff0e<\/p>\r\n
\r\n

\u53c2\u8003\u8a18\u4e8b\uff1a\u300e[UPDATE] Amazon CloudFront\u3067\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306eIP\u30a2\u30c9\u30ec\u30b9\u3068\u63a5\u7d9a\u30dd\u30fc\u30c8\u3092\u78ba\u8a8d\u3067\u304d\u308bCloudFront-Viewer-Address\u30d8\u30c3\u30c0\u304c\u5229\u7528\u53ef\u80fd\u306b\u306a\u308a\u307e\u3057\u305f<\/a>\u300f\u3000Developers IO <\/p>\r\n
\r\n

\u4eca\u56de\u306f\u3001\u30aa\u30ea\u30b8\u30f3\u5074\u306e\u30b5\u30fc\u30d0\u306b\u306f\u3042\u307e\u308a\u624b\u3092\u639b\u3051\u305f\u304f\u306a\u3044\u306e\u3067\u3001CloudFront\u3068\u7c21\u5358\u306b\u9023\u643a\u53ef\u80fd\u306a AWS WAF2\uff08\u65e7\u30d0\u30fc\u30b8\u30e7\u30f3\u3068\u65b0\u30d0\u30fc\u30b8\u30e7\u30f3\u306e2\u7a2e\u985e\u304c\u3042\u308b\u306e\u3067\u3001\u65b0\u30d0\u30fc\u30b8\u30e7\u30f3\u306e\u65b9\u3092 WAF2 \u3068\u8a18\u8f09\u3059\u308b\u3053\u3068\u306b\u3059\u308b\uff09\u3092\u7528\u3044\u3066\u3001Wordpress\u306e\u7ba1\u7406\u30da\u30fc\u30b8\u306b\u5bfe\u3057\u3066\u30a2\u30af\u30bb\u30b9\u5236\u9650\u3092\u65bd\u3059\u3053\u3068\u306b\u3059\u308b\uff0e<\/p>\r\n
\r\n

AWS WAF2 \u3092\u8a2d\u5b9a\u3057\u3066\u307f\u308b<\/h4>\r\n
\r\n

AWS WAF2 \u306f\u4eca\u56de\u306eCloudFront\u306e\u307b\u304b\u306b\u3001\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\uff08ALB\uff09\u30b5\u30fc\u30d3\u30b9\u3084API Gateway \u306a\u3069\u3068\u7d44\u307f\u5408\u308f\u305b\u308b\u3053\u3068\u304c\u53ef\u80fd\u306a\u30b5\u30fc\u30d3\u30b9\u3067\u30011 Web ACL\u3042\u305f\u308a \u6708\u984d5$(US)\u30011 Rule\u306b\u3064\u304d \u6708\u984d1$(US)\u3001\u305d\u308c\u306b 100\u4e07\u30ea\u30af\u30a8\u30b9\u30c8\u3042\u305f\u308a 0.6$(US) \u306e\u5f93\u91cf\u6599\u91d1\u5236\u3068\u306a\u3063\u3066\u3044\u308b\uff0e<\/p>\r\n
\r\n

\u4eca\u56de\u306e\u69d8\u306a\u7528\u9014\u306b\u3053\u306eWAF\u30b5\u30fc\u30d3\u30b9\u3092\u5229\u7528\u3059\u308b\u306e\u306f\u5927\u8888\u88df\u306a\u306e\u3060\u304c\u3001\u3068\u308a\u3042\u3048\u305a\u691c\u8a3c\u306a\u306e\u3067\u30b3\u30b9\u30c8\u306f\u6c17\u306b\u305b\u305a\u306b\u8a66\u3057\u3066\u307f\u308b\u3053\u3068\u306b\u3059\u308b\uff0e<\/p>\r\n
\r\n

AWS\u306e WAF & Shield \u7ba1\u7406\u30b3\u30f3\u30bd\u30fc\u30eb\u304b\u3089\u3001 “Getting started” \u3067Wizard\u5f62\u5f0f\u3067\u8a2d\u5b9a\u4f5c\u696d\u3092\u9032\u3081\u3066\u884c\u304f\u3053\u3068\u304c\u53ef\u80fd\u3060\u304c\u3001\u4eca\u56de\u306f\u5148\u306b\u3001\u81ea\u5b85\u3084\u7d44\u7e54\u306eIP\u30a2\u30c9\u30ec\u30b9\u60c5\u5831\u3092\u5148\u306b “IP sets” \u3068\u3044\u3046\u5f62\u3067\u767b\u9332\u3059\u308b\u3053\u3068\u304b\u3089\u59cb\u3081\u308b\uff0e<\/p>\r\n
\r\n

IP sets \u306e\u767b\u9332<\/h4>\r\n
\r\n

AWS WAF\u306e\u7ba1\u7406\u30b3\u30f3\u30bd\u30fc\u30eb\u5de6\u7aef\u306e\u30da\u30a4\u30f3\u304b\u3089 “IP sets” \u3092\u9078\u629e\u3057\u3001\u4f5c\u6210\u3059\u308b\u30ea\u30fc\u30b8\u30e7\u30f3\u3092\u9078\u629e\u3059\u308b\uff0e\u4eca\u56de\u306f CloudFront\u3068\u306e\u9023\u643a\u306a\u306e\u3067\u3001\u6771\u4eac\u30ea\u30fc\u30b8\u30e7\u30f3\u3067\u306f\u7121\u304f “Global(CloudFront)” \u3092\u9078\u3076\uff0e<\/p>\r\n

\u4e00\u3064\u306e”IP sets”\u4e2d\u306bIPv4\u3068IPv6\u3092\u6df7\u5728\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u306a\u3044\u3088\u3046\u306a\u306e\u3067\u3001IPv4\u3068IPv6\u306e2\u3064\u306e “IP sets” \u3092\u4f5c\u6210\u3059\u308b\uff0eIP\u30a2\u30c9\u30ec\u30b9\uff08CIDR\u5f62\u5f0f)\u306f\u8907\u6570\u884c\u540c\u6642\u306b\u8a18\u8f09\u53ef\u80fd\u3060\uff0e<\/p>\r\n
\r\n

\r\n\"Create\r\n
\r\n\u5148\u305a\u306fIP sets\u3092\u4f5c\u6210\u3059\u308b<\/span>\r\n
\r\n
\r\n
\r\n\"IPv4<\/a>\r\n
\r\nIPv4\u306e\u30bb\u30c3\u30c8<\/span>\r\n<\/div>\r\n
\r\n\"IPv6<\/a>\r\n
\r\nIPv6\u306e\u30bb\u30c3\u30c8<\/span>\r\n<\/div>\r\n<\/div>\r\n
<\/div>\r\n
\r\n
\r\n
\r\n\"Registered\r\n
\r\n\u767b\u9332\u3057\u305f2\u7d44\u306eIP sets<\/span>\r\n<\/div>\r\n
\r\n
\r\n

WebACLs \u306e\u767b\u9332<\/h4>\r\n
\r\n

IP sets\u306e\u767b\u9332\u304c\u7d42\u308f\u3063\u305f\u3089\u3001\u6b21\u306b\u4eca\u56de\u306eWAF\u306e\u8a2d\u5b9a\u306e\u30e1\u30a4\u30f3\u30d1\u30fc\u30c8\u3068\u306a\u308b WebACL \u306e\u4f5c\u6210\u306b\u9032\u3080\uff0eFirewall\u306a\u3069\u306e\u8a2d\u5b9a\u7d4c\u9a13\u304c\u3042\u308c\u3070\u753b\u9762\u306e\u8a2d\u5b9a\u9805\u76ee\u306b\u3069\u306e\u3088\u3046\u306a\u8a2d\u5b9a\u3092\u3059\u308c\u3070\u826f\u3044\u306e\u304b\u5206\u304b\u308b\u3060\u308d\u3046\uff0e<\/p>\r\n
\r\n

\u4eca\u56de\u306f\u3001\u7ba1\u7406\u767b\u9332\u8005\u304c\u5229\u7528\u3059\u308bIP\u30a2\u30c9\u30ec\u30b9\u3092IP sets \u306b\u767b\u9332\u3057\u3066\u3044\u308b\u306e\u3067\u3001\u30a2\u30af\u30bb\u30b9\u3057\u3066\u304d\u305fIP\u30a2\u30c9\u30ec\u30b9\u304c\u3053\u306eIP Sets\u306e\u30a2\u30c9\u30ec\u30b9\u306b\u542b\u307e\u308c\u3066\u3044\u308c\u3070\u3001\u7121\u6761\u4ef6\u306b\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u3068\u3059\u308b\uff0e\u3053\u306e\u30a2\u30c9\u30ec\u30b9\u306b\u767b\u9332\u3055\u308c\u3066\u3044\u306a\u3051\u308c\u3070\u3001\u4e00\u822c\u30e6\u30fc\u30b6\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u3068\u3044\u3046\u4e8b\u3067\u3042\u308b\u306e\u3067\u3001\u30a2\u30af\u30bb\u30b9\u5148\u304cWordpress\u306e\u7ba1\u7406\u30a8\u30ea\u30a2\u3067\u3042\u308c\u3070\u3001\u30a2\u30af\u30bb\u30b9\u62d2\u5426\u3068\u3057\u3001\u305d\u3046\u3067\u306a\u3051\u308c\u3070\u901a\u5e38\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u30a2\u30af\u30bb\u30b9\u3067\u3042\u308b\u306e\u3067\u3001\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3059\u308b\u3068\u3044\u3046\u8a2d\u5b9a\u3068\u306a\u308b\uff0e<\/p>\r\n
\r\n

\u3053\u306e\u5224\u5b9a\u3092\u5358\u7d14\u5316\u3059\u308b\u305f\u3081\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u52d5\u4f5c\u306f\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\uff08ALlow\uff09\u306b\u8a2d\u5b9a\u3057\u3066\u304a\u304d\u3001\u6b21\u306e\u9806\u756a\u3067\u5224\u5b9a\u3092\u5b9f\u65bd\u3059\u308b\uff0e<\/p>\r\n
\r\n

\r\n  1. IP sets\u3068\u4e00\u81f4\u3059\u308b   \u21d2 \u30a2\u30af\u30bb\u30b9\u8a31\u53ef\uff08Allow\uff09\r\n\u3000\u3000\u3000\u3000\u3000\u2193\r\n  2. \u7ba1\u7406URI\u306b\u4e00\u81f4\u3059\u308b\u3000\u3000\u21d2 \u30a2\u30af\u30bb\u30b9\u62d2\u5426\uff08Block\uff09\r\n\u3000\u3000\u3000\u3000\u3000\u2193\r\n  3. \u30a2\u30af\u30bb\u30b9\u8a31\u53ef\uff08Allow\uff09\r\n<\/pre>\r\n
\r\n
\u3010 Step 1. WebACL\u306e\u4f5c\u6210\u3068AWS\u30ea\u30bd\u30fc\u30b9\u3078\u306e\u95a2\u9023\u4ed8\u3051\u3011<\/h4>\r\n
\r\n
\u4f5c\u6210\u3059\u308bWebACL\u306b\u9069\u5f53\u306a\u540d\u524d\u3092\u4ed8\u3051\u3001”Resource Type” \u3092 CloudFront \u306b\u8a2d\u5b9a\u3059\u308b\uff0e\u305d\u306e\u4e0b\u306b\u3042\u308b\u3001\u201dAssociated AWS resources – optional” \u3067\u3001\u65e2\u306b\u4f5c\u6210\u3057\u3066\u3042\u308b CloudFront \u306eDistribution \u3078\u306e\u7d10\u4ed8\u3051\u3092\u884c\u3046\uff0e<\/p>\r\n
\r\n
\r\n\"Create<\/a>\r\n
\r\nWebACL\u306e\u540d\u524d\u3092\u8a2d\u5b9a\u3057\u3001CloudFront\u306eDistribution\u3078\u306e\u7d10\u4ed8\u3051\u3092\u884c\u3046<\/span>\r\n
\r\n
\r\n<\/div>\r\n
\r\n
\u3010 Step 2. \u30eb\u30fc\u30eb\u306e\u4f5c\u6210\u3011<\/h4>\r\n
\r\n
\u5148\u307b\u3069\u5b9a\u7fa9\u3057\u305f\u3001\u30a2\u30af\u30bb\u30b9\u6761\u4ef6\u5b9a\u7fa9\u3092WebACL\u306e\u30eb\u30fc\u30eb\u3068\u3057\u3066\u5b9f\u88c5\u3059\u308b\uff0eRules\u306e\u8a2d\u5b9a\u304b\u3089\u3001”Add rules” \u30d7\u30eb\u30c0\u30a6\u30f3\u30e1\u30cb\u30e5\u30fc\u304b\u3089”Add my own rules and rule groups” \u3092\u9078\u629e\u3059\u308b\uff0e\u4e0b\u90e8\u306b\u3042\u308b “Default web ACL action for requests that don’t match any rules” \u306b\u3064\u3044\u3066\u306f\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u30a2\u30af\u30b7\u30e7\u30f3\u306f\u8a31\u53ef\u3068\u3059\u308b\u306e\u3067\u3001\u3000”Allow”\u3000\u3092\u9078\u629e\u3059\u308b\uff0e<\/p>\r\n
\r\n
\r\n\"Create\r\n
\r\n Add my own rules and rule groups \u8a2d\u5b9a\u753b\u9762<\/span>\r\n
\r\n
\r\n\"Create\r\n
\r\n Rule Type\u3068\u3057\u3066”Rule Builder” \u3092\u9078\u629e\u3057\u3001\u6700\u521d\u306e\u30eb\u30fc\u30eb\u3092\u4f5c\u6210\u3059\u308b<\/span>\r\n
\r\n
\r\n<\/div>\r\n
 [ \u30eb\u30fc\u30eb #1 : \u7ba1\u7406\u8005\u306eIP\u30a2\u30c9\u30ec\u30b9\u5224\u5b9a ] <\/h5>\r\n
\r\n
\u6700\u521d\u306e\u30eb\u30fc\u30eb\u306f IP sets \u306b\u542b\u307e\u308c\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u306e\u5224\u5b9a\u3092\u884c\u3046\uff0eRule\u540d\u3068\u3057\u3066\u9069\u5f53\u306a\u540d\u524d\u3092\u4ed8\u3051\u3001Type\u306f “regular rule” \u3092\u9078\u629e\u3059\u308b\uff0e\u305d\u306e\u4e0b\u306e “If a request” \u30d7\u30eb\u30c0\u30a6\u30f3\u30e1\u30cb\u30e5\u30fc\u306e\u6761\u4ef6\u3068\u3057\u3066\u8907\u6570\u306e\u6761\u4ef6\u304c\u8a18\u8f09\u3055\u308c\u3066\u304a\u308a\u3001
\r\n
\r\n\u3000\u3000”matches the statement” 
\r\n\u3000\u3000”matches all the statements (AND)” 
\r\n\u3000\u3000”matches at least one of the statements (OR)” 
\r\n\u3000\u3000”dose’t match the statement (NOT)” 
\r\n
\r\n\u306e4\u3064\u304b\u3089\u9078\u629e\u3059\u308b\uff0e\u4eca\u56de\u306f\u3001IPv4 \u3068 IPv6 \u30a2\u30c9\u30ec\u30b9\u306e\u3069\u3061\u3089\u304b\u4e00\u3064\u306b\u4e00\u81f4\u3059\u308b\u304b\u3069\u3046\u304b\u306e\u5224\u5b9a\u306a\u306e\u3067\u3001OR\u6761\u4ef6\u3067\u3042\u308b  “matches at least one of the statements (OR)” \u3092\u9078\u629e\u3059\u308b\uff0e<\/p>\r\n
\r\n
\u3053\u308c\u306b\u3088\u308a\u3001”Statement 1″ \u306e\u4e0b\u90e8\u306b “Statement 2″ \u306e\u9805\u76ee\u304c\u73fe\u308c\u308b\u306e\u3067\u3001”Statement 1” \u3068\u540c\u69d8\u306b “IPv6” \u306e\u6761\u4ef6\u3092\u8a2d\u5b9a\u3059\u308b\uff0e<\/p>\r\n
\r\n
\r\n
\r\n\"WebACL\r\n
\r\n“matches at least one of the statements (OR)” \u3092\u9078\u3073 2\u3064\u306eStatement\u3092”OR” \u3067\u3064\u306a\u3050<\/span>\r\n
\r\n
\r\n<\/div>\r\n
 Inspect \u306e\u30d7\u30eb\u30c0\u30a6\u30f3\u9805\u76ee\u306f\u3001”Originates from an IP address in” \u3092\u9078\u3073\u3001IP sets \u3068\u3057\u3066\u3001\u4e88\u3081\u767b\u9332\u3057\u3066\u3042\u308b IPv4\u306eIP sets\u540d\u304c\u30d7\u30eb\u30c0\u30a6\u30f3\u9805\u76ee\u306b\u73fe\u308c\u308b\u306e\u3067\u3001\u305d\u308c\u3092\u9078\u629e\u3059\u308b\uff0e<\/p>\r\n
\r\n
\u540c\u69d8\u306e\u8a2d\u5b9a\u3092\u3001”Statement 2″ \u306b\u5bfe\u3057\u3066\u3082\u884c\u3046\uff0e<\/p>\r\n
\r\n
\r\n
\r\n\"WebACL\r\n
\r\nIPv6\u306eIP sets\u306e\u5224\u5b9a\u3082\u30eb\u30fc\u30eb\u306b\u52a0\u3048\u308b<\/span>\r\n
\r\n
\r\n<\/div>\r\n
\u6700\u5f8c\u306b\u3001\u3053\u308c\u3089\u306e2\u3064\u306e IP sets \u306e\u3069\u3061\u3089\u304b\u306b\u4e00\u81f4\u3057\u305f\u5834\u5408\u306eAction\uff08\u52d5\u4f5c\uff09\u3092\u8a2d\u5b9a\u3059\u308b\uff0e\u3053\u306e\u5834\u5408\u306f\u7ba1\u7406\u8005\u306e\u30a2\u30af\u30bb\u30b9\u306a\u306e\u3067\u3001\u5b9a\u7fa9\u306b\u5f93\u3063\u3066 “Allow” \u3092\u8a2d\u5b9a\u3059\u308b\uff0e\u3053\u308c\u3067\u6700\u521d\u306e\u30eb\u30fc\u30eb\u306e\u5b9a\u7fa9\u306f\u5b8c\u4e86\u3067\u3042\u308b\uff0e<\/p>\r\n
\r\n
\r\n\"WebACL\r\n
\r\n\u7ba1\u7406\u8005\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u30eb\u30fc\u30eb\u3092\u6e80\u305f\u3057\u305f\u5834\u5408\u306e\u30a2\u30af\u30b7\u30e7\u30f3\u306f “Allow”\uff08\u8a31\u53ef\uff09<\/span>\r\n
\r\n
\r\n<\/div>\r\n
\r\n
 [ \u30eb\u30fc\u30eb #2 : \u7ba1\u7406\u753b\u9762\u306e URL \u30a2\u30af\u30bb\u30b9\u5224\u5b9a ] <\/h5>\r\n
\r\n
\u7ba1\u7406\u8005\u306eIP\u30a2\u30c9\u30ec\u30b9\u306b\u3088\u308b\u5224\u5b9a\u30eb\u30fc\u30eb\u306e\u4f5c\u6210\u306e\u6b21\u306b\u3001Wordpress\u306e\u7ba1\u7406\u753b\u9762\u306eURI\u3078\u306e\u30a2\u30af\u30bb\u30b9\u304b\u3069\u3046\u304b\u3092\u5224\u5b9a\u3059\u308b\u30eb\u30fc\u30eb\u3092\u52a0\u3048\u308b\uff0e\u5148\u307b\u3069\u3068\u540c\u3058\u3088\u3046\u306b\u3001Rule Type\u306b”Rule Builder” \u3092\u9078\u3073\u3001\u540c\u3058\u3088\u3046\u306b \u4f5c\u6210\u3059\u308b\u30eb\u30fc\u30eb\u306bWordpress\u306e\u7ba1\u7406\u753b\u9762\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3068\u5bb9\u6613\u306b\u5206\u304b\u308b\u3088\u3046\u306a\u9069\u5f53\u306a\u540d\u524d\u3092\u4ed8\u3051\u308b\uff0e<\/p>\r\n
\r\n
\u4eca\u56de\u306f\u3001”wp-login.php” \u30d5\u30a1\u30a4\u30eb\u306eURI\u3068 “\/wp-admin\/” \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u914d\u4e0b\u306eURI\u304b\u3069\u3046\u304b\u306e\u5224\u5b9a\u306a\u306e\u3067\u3001\u5148\u307b\u3069\u306e IP \u30a2\u30c9\u30ec\u30b9\u5224\u5b9a\u3068\u540c\u3058\u3088\u3046\u306b\u3001 “OR” \u6761\u4ef6\u3067 Statement 1 ( “\/wp-admin” )\u3068Statement 2 \uff08 “wp-login.php”\u3000\uff09 \u3092\u3064\u306a\u3050\uff0e<\/p>\r\n
\r\n
URI\u306e\u5224\u5b9a\u306f\u3001IP\u30a2\u30c9\u30ec\u30b9\u306e\u5224\u5b9a\u3088\u308a\u3082\u5c11\u3057\u5384\u4ecb\u3067\u3001\u30e6\u30fc\u30b6\uff08\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306eWEB\u30d6\u30e9\u30a6\u30b6\uff09\u304c\u3069\u306e\u3088\u3046\u306aURI\u3067\u5b9f\u969b\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3066\u6765\u308b\u306e\u304b\u898b\u6975\u3081\u306a\u3044\u3068\u3001\u6b63\u78ba\u306aURI\u30a2\u30af\u30bb\u30b9\u306e\u5224\u5b9a\u304c\u3067\u304d\u306a\u3044\uff0e\u5927\u6587\u5b57\u5c0f\u6587\u5b57\u306e\u6271\u3044\u3084URI\u30a8\u30f3\u30b3\u30fc\u30c7\u30a3\u30f3\u30b0\u3001\u6587\u5b57\u5217\u306e\u4e00\u81f4\u6761\u4ef6\u306a\u3069\u8a2d\u5b9a\u3059\u308b\u9805\u76ee\u306f\u591a\u3044\uff0e<\/p>\r\n
\r\n
IP sets\u3068\u540c\u69d8\u306b\u3001\u4e88\u3081\u6b63\u898f\u8868\u73fe\u30d1\u30bf\u30fc\u30f3\u3092\u767b\u9332\u3057\u3066\u304a\u304f\u3053\u3068\u304c\u53ef\u80fd\u306a\u306e\u3067\u3001\u3088\u304f\u4f7f\u3046\u6b63\u898f\u8868\u73fe\u30d1\u30bf\u30fc\u30f3\u306f\u767b\u9332\u3057\u3066\u304a\u304f\u3068\u826f\u3044\u3060\u308d\u3046\uff0e<\/p>\r\n
\r\n
\u3053\u306eURI\u306e\u5224\u5b9a\u6761\u4ef6\u306e\u4f5c\u6210\u306f\u3001\u6163\u308c\u308b\u307e\u3067\u306f\u3042\u308b\u7a0b\u5ea6\u8a66\u884c\u932f\u8aa4\u304c\u5fc5\u8981\u3068\u306a\u308b\u3060\u308d\u3046\uff0e<\/p>\r\n
\r\n
 \u3010\u6ce8\u610f\u3011\u4eca\u56de\u306eURI\u306e\u5224\u5b9a\u6761\u4ef6\u306f\u3053\u306e\u30d6\u30ed\u30b0\u306e\u7d20\u6750\u4f5c\u6210\u306e\u305f\u3081\u306b\u3068\u308a\u3042\u3048\u305a\u8a2d\u5b9a\u3057\u305f\u3001\u3044\u3044\u52a0\u6e1b\u306a\u3082\u306e\u306a\u306e\u3067\u3001\u5b9f\u969b\u306b\u30eb\u30fc\u30eb\u3092\u4f5c\u6210\u3059\u308b\u5834\u5408\u306f\u5404\u81ea\u306eWordpress\u74b0\u5883\u306b\u5408\u308f\u305b\u305f\u6b63\u78ba\u306a\u5224\u5b9a\u6761\u4ef6\u3092\u4f5c\u6210\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\uff0e<\/b><\/strong><\/p>\r\n
\r\n
\r\n
\r\n\"WebACL\r\n
\r\n
WordPress\u306e\u7ba1\u7406\u753b\u9762URI\u3078\u306e\u30a2\u30af\u30bb\u30b9\u30eb\u30fc\u30eb\u3092\u4f5c\u6210\u3059\u308b<\/p>\r\n
\r\n
\r\n\"WebACL\r\n
\r\n2\u3064\u306eURI\u30eb\u30fc\u30eb\u306e\u3069\u3061\u3089\u304b\u306b\u5408\u81f4\u3059\u308b\u3059\u308b\u5834\u5408\u306f\u3001”Block” \uff08\u62d2\u5426\uff09\u3068\u3059\u308b<\/span>\r\n
\r\n
\r\n<\/div>\r\n
\r\n
 [ \u30c7\u30d5\u30a9\u30eb\u30c8\u30a2\u30af\u30b7\u30e7\u30f3\u306e\u8a2d\u5b9a ] <\/h5>\r\n
\r\n
WebACL\u4f5c\u6210\u306e\u6700\u521d\u306e\u6bb5\u968e\u3067\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u30a2\u30af\u30b7\u30e7\u30f3\u3092\u8a2d\u5b9a\u3057\u3066\u3042\u308b\u304c\u3001\u4f5c\u6210\u3057\u305f2\u3064\u306e\u30eb\u30fc\u30eb\u306b\u8a72\u5f53\u3057\u306a\u3044\u5834\u5408\u306f\u3001\u4e00\u822c\u304b\u3089\u306e\u6b63\u5e38\u306aWordpress\u30b3\u30f3\u30c6\u30f3\u30c4\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3067\u3042\u308b\u306e\u3067\u3001\u5168\u3066 “Allow” \uff08\u8a31\u53ef\uff09\u3068\u3059\u308b\uff0e<\/p>\r\n
\r\n
\r\n\"WebACL\r\n
\r\n \u30c7\u30d5\u30a9\u30eb\u30c8\u30a2\u30af\u30b7\u30e7\u30f3\u3092 “Allow” \u306b\u8a2d\u5b9a\u3059\u308b<\/span>\r\n
\r\n
\r\n<\/div>\r\n
\r\n
 [ Step 3. \u5404\u30eb\u30fc\u30eb\u306e\u512a\u5148\u9806\u4f4d\u306e\u8a2d\u5b9a ] <\/h5>\r\n
\r\n
\u4eca\u56de\u306f\u30012\u3064\u306e\u30eb\u30fc\u30eb\u3057\u304b\u306a\u3044\u304c\u3001\u6700\u521d\u306e\u7ba1\u7406\u8005IP\u30a2\u30c9\u30ec\u30b9\u5224\u5b9a\u30eb\u30fc\u30eb\u30922\u756a\u76ee\u306eWordpress\u306e\r\n\u7ba1\u7406URI\u5224\u5b9a\u30eb\u30fc\u30eb\u3088\u308a\u3082\u512a\u5148\u3055\u308c\u308b\u5fc5\u8981\u304c\u3042\u308b\uff0e\u4e0a\u8a18\u306e\u9806\u756a\u901a\u308a\u4f5c\u6210\u3057\u3066\u3044\u308c\u3070\u3001\u6700\u521d\u306b\u4f5c\u6210\u3057\u305f\u30eb\u30fc\u30eb\u304c\u4e0a\u4f4d\uff08\u512a\u5148\u5ea6\u304c\u9ad8\u3044\uff09\u306b\u914d\u7f6e\u3055\u308c\u3066\u3044\u308b\u7b48\u306a\u306e\u3067\u3001\u512a\u5148\u9806\u4f4d\u3092\u5909\u66f4\u3059\u308b\u5fc5\u8981\u306f\u306a\u3044\u304c\u3001\u30eb\u30fc\u30eb\u3092\u8ffd\u52a0\u3057\u305f\u308a\u6761\u4ef6\u3092\u5909\u66f4\u3059\u308b\u5834\u5408\u306f\u3001\u30eb\u30fc\u30eb\u9593\u306e\u9806\u4f4d\u95a2\u4fc2\u3092\u8003\u616e\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\uff0e<\/p>\r\n
\r\n
\u3053\u306e\u8fba\u306e\u30eb\u30fc\u30eb\u306e\u9806\u4f4d\u3084\u30c7\u30d5\u30a9\u30eb\u30c8\u30a2\u30af\u30b7\u30e7\u30f3\u3068\u306e\u517c\u306d\u5408\u3044\u306f\u3001\u65e5\u9803\u304b\u3089Firewall\u306e\u8a2d\u5b9a\u3092\u884c\u3063\u3066\u3044\u306a\u3044\u3068\u96e3\u3057\u3044\u304b\u3082\u3057\u308c\u306a\u3044\uff0e\u672c\u756a\u74b0\u5883\u306b\u30eb\u30fc\u30eb\u3092\u9069\u7528\u3059\u308b\u524d\u306b\u3001\u30c6\u30b9\u30c8\u74b0\u5883\u3067\u60f3\u5b9a\u901a\u308a\u306b\u52d5\u4f5c\u3059\u308b\u4e8b\u3092\u78ba\u304b\u3081\u3066\u304a\u304f\u3053\u3068\u3092\u63a8\u5968\u3059\u308b\uff0e<\/p>\r\n
\r\n
\r\n
\r\n\"WebACL\r\n
\r\n\u5404\u30eb\u30fc\u30eb\u306e\u512a\u5148\u9806\u4f4d\u3092\u9069\u5207\u306b\u8a2d\u5b9a\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b<\/span>\r\n
\r\n
\r\n<\/div>\r\n
\r\n
\u3010\u5404\u7a2e\u30e1\u30c8\u30ea\u30c3\u30af\u306e\u8a2d\u5b9a\u3011<\/h4>\r\n
\r\n
\u3053\u306e\u8a2d\u5b9a\u306f\u5fc5\u9808\u3067\u306f\u306a\u3044\u304c\u3001WAF\u3092AWS\u306eCloudWatch\u30b5\u30fc\u30d3\u30b9\u3068\u9023\u643a\u3055\u305b\u3066 WAF2\u306e\u52d5\u4f5c\u72b6\u6cc1\u3092\u9069\u5207\u306b\u76e3\u8996\u3055\u305b\u308b\u3053\u3068\u304c\u53ef\u80fd\u3060\uff0e\u4eca\u56de\u767b\u9332\u3057\u305fWebACL\u30eb\u30fc\u30eb\u3092CloudWatch\u306e\u30e1\u30c8\u30ea\u30c3\u30af\u306b\u767b\u9332\u3057\u3066\u304a\u304f\uff0e<\/p>\r\n
\r\n
\r\n\"Register\r\n
\r\n\u4f5c\u6210\u3057\u305f2\u3064\u306eWebACL\u3092CloudWatch\u306e\u30e1\u30c8\u30ea\u30c3\u30af\u30b9\u306b\u52a0\u3048\u3066\u76e3\u8996\u5bfe\u8c61\u306b\u3059\u308b<\/span>\r\n
\r\n
\r\n<\/div>\r\n
\r\n
\r\n
\u3010 Step 5. \u8a2d\u5b9a\u306e\u30ec\u30d3\u30e5\u30fc \u3011<\/h4>\r\n
\r\n
WebACL\u306e\u4f5c\u6210\u30a6\u30a3\u30b6\u30fc\u30c9\u306b\u5f93\u3063\u3066\u8a2d\u5b9a\u3092\u884c\u3046\u6700\u5f8c\u306e\u4f5c\u696d\u304c\u3001\u3053\u308c\u307e\u3067\u306e\u8a2d\u5b9a\u4f5c\u696d\u5185\u5bb9\u306e\u30ec\u30d3\u30e5\u30fc\u3092\u884c\u3044\u3001\u8a2d\u5b9a\u304c\u6b63\u3057\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3057\u305f\u5f8c\u3001\u753b\u9762\u53f3\u4e0b\u306e”Create web ACL” \u30dc\u30bf\u30f3\u3092\u5b9f\u884c\u3057\u3066\u3001WebACL\u3092\u767b\u9332\uff08CloudFront\u3078\u306e\u7d10\u4ed8\u3051\uff09\u3059\u308b\uff0e<\/p>\r\n
\r\n
\r\n
\r\n\"WebACL\r\n
\r\n\u8a2d\u5b9a\u3057\u305fWebACL\u306e\u5185\u5bb9\u3092\u78ba\u8a8d\u3059\u308b<\/span>\r\n
\r\n
\r\n\"WebACL \r\n
\r\n\u8a2d\u5b9a\u5185\u5bb9\u306b\u554f\u984c\u304c\u306a\u3051\u308c\u3070\u8a2d\u5b9a\u3057\u305fWebACL\u3092\u6709\u52b9\u5316\u3057CloudFront\u3078\u7d10\u4ed8\u3051\u308b<\/span>\r\n
\r\n
\r\n<\/div>\r\n
\r\n
\r\n\"CloudWatch \r\n
\r\nWAF2\u306e\u7ba1\u7406\u30b3\u30f3\u30bd\u30fc\u30eb\u753b\u9762\u304b\u3089WebACL\u3078\u306e\u30a2\u30af\u30bb\u30b9\u72b6\u6cc1\u3092\u898b\u308b\u3053\u3068\u304c\u3067\u304d\u308b<\/span>\r\n
\r\n
\r\n\"WebACL \r\n
\r\nWebACL\u306b\u5bfe\u3059\u308b\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u3082\u78ba\u8a8d\u53ef\u80fd<\/span>\r\n
\r\n
\r\n<\/div>\r\n
\r\n
\r\n
\u81ea\u5b85\u5916\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\uff08\u4eca\u56de\u306fLTE\u63a5\u7d9a\u306eiPad\uff09\u3057\u3066\u3001Wordpress\u306e\u7ba1\u7406\u753b\u9762\u3078\u306e\u30a2\u30af\u30bb\u30b9\u304c\u60f3\u5b9a\u901a\u308a\u306e\u52d5\u304d\u306b\u306a\u3063\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u307f\u308b\uff0e<\/p>\r\n
\r\n
\r\n\"Forbidden\r\n
\r\n\u5916\u90e8\u304b\u3089\u7ba1\u7406\u30da\u30fc\u30b8 “wp-login.php”\u3078\u306e\u30a2\u30af\u30bb\u30b9\u306f “403 Forbidden” \u3092\u8fd4\u3059\u3053\u3068\u3092\u78ba\u8a8d<\/span>\r\n
\r\n
\r\n<\/div>\r\n
\r\n
\u3010\u30aa\u30ea\u30b8\u30f3\u3078\u306e\u76f4\u63a5\u30a2\u30af\u30bb\u30b9\u3092\u7981\u6b62\u3059\u308b\u3011<\/h4>\r\n
\r\n
\u3053\u308c\u307e\u3067\u306e\u8a2d\u5b9a\u3067\u3001Wordpress\u30b5\u30a4\u30c8\u3092CloudFront\u3068AWS WAF\u306e\u7d44\u307f\u5408\u308f\u305b\u3067\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u5bfe\u7b56\u3092\u3042\u308b\u7a0b\u5ea6\u65bd\u3057\u305f\u4e0a\u3067\u3001CloudFront\u306e\u30ad\u30e3\u30c3\u30b7\u30e5\u306e\u6069\u6075\u306b\u3082\u6388\u304b\u308c\u308b\u74b0\u5883\u3092\u69cb\u7bc9\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u305f\u304c\u3001\u6700\u5f8c\u306b\u3082\u3046\u4e00\u3064\u3084\u3089\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\u3001\u91cd\u8981\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u5bfe\u7b56\u304c\u3042\u308b\uff0e<\/p>\r\n
\r\n
\u305d\u306e\u6700\u5f8c\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u5bfe\u7b56\u306f\u3001\u4eca\u56de\u306e\u30aa\u30ea\u30b8\u30f3\u30b5\u30fc\u30d0\u3067\u3042\u308b\u3001AWS\u306eEC2\u30b5\u30fc\u30d0\u306b\u5bfe\u3057\u3066\u3001\u5916\u90e8\u304b\u3089\u306eHTTP\/HTTPS\u30a2\u30af\u30bb\u30b9\uff08\u52ff\u8ad6\u305d\u306e\u4ed6\u306e\u30b5\u30fc\u30d3\u30b9\u30dd\u30fc\u30c8\u3082\u542b\u3081\u3066\uff09\u3092\u906e\u65ad\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\uff0e<\/p>\r\n
\r\n
\u5916\u90e8\u304b\u3089\u30aa\u30ea\u30b8\u30f3\u30b5\u30fc\u30d0\u3078\u306e\u30a2\u30af\u30bb\u30b9\u306f\u3001\u5168\u4e16\u754c\u306eCloudFront\u30a8\u30c3\u30b8\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u304c\u6765\u308b\u305f\u3081\u3001CloudFront\u306eIP\u30a2\u30c9\u30ec\u30b9\u30ec\u30f3\u30b8\u3092\u5168\u3066\u628a\u63e1\u3057\u305f\u4e0a\u3067\u3001\u305d\u306eIP\u30a2\u30c9\u30ec\u30b9\u306e\u307f\u304b\u3089HTTP\u30a2\u30af\u30bb\u30b9\u3092\u53d7\u3051\u4ed8\u3051\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\uff0e<\/p>\r\n
\r\n
AWS\u3067\u306fCloudFront\u306e\u30a8\u30c3\u30b8\u30b5\u30fc\u30d0\u306eIP\u30ea\u30b9\u30c8<\/a>\u3092\u516c\u958b\u3057\u3066\u3044\u308b\u69d8\u3060\u304c\u3001\u305d\u308c\u3089\u3092\u81ea\u5206\u3067\u53d6\u5f97\u3057\u3066\u30ea\u30b8\u30f3\u30b5\u30fc\u30d0\u5074\u3078\u53cd\u6620\u3055\u305b\u308b\u306e\u306f\u304b\u306a\u308a\u624b\u9593\u306e\u639b\u304b\u308b\u4f5c\u696d\u3067\u3042\u308a\u3001CloudFront\u30b5\u30fc\u30d0\u306e\u8ffd\u52a0\u3084\u69cb\u6210\u5909\u66f4\u306e\u5ea6\u306b\u3053\u308c\u3089\u306e\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u3092\u66f4\u65b0\u3057\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\uff0e<\/p>\r\n
\r\n
CloudFront\u306eIP\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u3092\u5229\u7528\u3059\u308b\u4ee5\u5916\u306b\u3001CloudFront\u5074\u304b\u3089\u9001\u51fa\u3055\u308c\u308b\u30aa\u30ea\u30b8\u30f3\u3078\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u30d8\u30c3\u30c0\u30fc\u306b\u624b\u3092\u52a0\u3048\u3066\u3001\u30aa\u30ea\u30b8\u30f3\u5074\u3067CLoudFront\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u3067\u3042\u308b\u3053\u3068\u3092\u5224\u5225\u3055\u305b\u308b\u3053\u3068\u3082\u53ef\u80fd\u3060\uff0e\uff08\u300e\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u30ab\u30b9\u30bf\u30e0 HTTP \u30d8\u30c3\u30c0\u30fc\u3092\u8ffd\u52a0\u3059\u308b\u305f\u3081\u306e CloudFront \u8a2d\u5b9a<\/a>\u300f\uff09<\/p>\r\n
\r\n
Lambda@Edge\u3092CloudFront\u306b\u9069\u7528\u3057\u3066\u3001\u304b\u306a\u308a\u7d30\u304b\u306a\u5236\u5fa1\u3092\u884c\u3046\u3053\u3068\u3082\u53ef\u80fd\u306a\u3088\u3046\u3060\uff0e\u3053\u306e\u8fba\u306e\u5bfe\u7b56\u306b\u3064\u3044\u3066\u306f\u3001\u5148\u4eba\u9054\u306e\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u304c\u516c\u958b\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u305d\u308c\u3089\u3092\u53c2\u8003\u306b\u3059\u308b\u3068\u826f\u3044\u3060\u308d\u3046\uff0e<\/p>\r\n
\r\n
\u4eca\u56de\u306f\u3001DevelopersIO \u306e\u300e\u3010\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3011Amazon CloudFront \u3092\u7d4c\u7531\u3057\u306a\u3044\u30a2\u30af\u30bb\u30b9\u306e\u30d6\u30ed\u30c3\u30af\u304c\u7c21\u5358\u306b\u306a\u308a\u307e\u3057\u305f<\/a>\u300f\u3092\u53c2\u8003\u306b\u3001\u30aa\u30ea\u30b8\u30f3\u5074\u306e\u30b5\u30fc\u30d0\u4e0a\u3067CloudFront\u4ee5\u5916\u306e\u30a2\u30af\u30bb\u30b9\u3092\u7981\u6b62\u3059\u308b\u3053\u3068\u306b\u3059\u308b\uff0e<\/p>\r\n
\r\n
AWS\u306eEC2\u3092\u4f7f\u3046\u5834\u5408\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u30b0\u30eb\u30fc\u30d7\u3092\u5229\u7528\u3057\u3066\u30a2\u30af\u30bb\u30b9\u5236\u9650\u3092\u639b\u3051\u308b\u3053\u3068\u304c\u4e00\u822c\u7684\u306b\u884c\u308f\u308c\u3066\u3044\u308b\u304c\u3001\u4eca\u56deCloudFront\u4ee5\u5916\u306e\u30a2\u30af\u30bb\u30b9\u3092\u7981\u6b62\u3059\u308b\u305f\u3081\u306e\u4ed5\u7d44\u307f\u3068\u3057\u3066\u3001AWS\u5074\u3067CloudFront\u306e\u30a2\u30c9\u30ec\u30b9\u60c5\u5831\u3092\u3001Managed Prefix Lists \u3068\u3057\u3066\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u30b0\u30eb\u30fc\u30d7\u3067\u5229\u7528\u53ef\u80fd\u306a\u5f62\u5f0f\u3067\u63d0\u4f9b\u3057\u3066\u304f\u308c\u3066\u3044\u308b\uff0e<\/p>\r\n
\r\n
\u5148\u305a\u306f\u3001AWS\u7ba1\u7406\u30b3\u30f3\u30bd\u30fc\u30eb\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3066\u3001VPC\u30b5\u30fc\u30d3\u30b9\u306e\u5de6\u7aef\u306e\u30da\u30fc\u30f3\u306b\u3042\u308b\u3001”Managed prefix lists” \u3092\u9078\u629e\u3059\u308b\u3068\u3001\u6570\u500b\uff08\u4eca\u56de\u306f4\u500b\uff09\u306eprefix\u30ea\u30b9\u30c8\u304c\u4e00\u89a7\u8868\u793a\u3055\u308c\u308b\uff0e\u305d\u306e\u4e2d\u306b\u3001pl-58a04531 – com.amazonaws.global.cloudfront.origin-facing\u3000\u3068\u3044\u3046prefix list\u304c\u3001\u4eca\u56de\u306eCloudFront\u306e\u30a8\u30c3\u30b8\u30b5\u30fc\u30d0\u306eIP\u30ea\u30b9\u30c8\u3060\uff0e<\/p>\r\n
\r\n
\u6b8b\u5ff5\u306a\u304c\u3089\u73fe\u6642\u70b9\u3067\u306fIPv4\u30a2\u30c9\u30ec\u30b9\u306eprefix lists\u306f\u7528\u610f\u3055\u308c\u3066\u3044\u308b\u3088\u3046\u3060\u304c\u3001IPv6\u306eprefix lists\u304c\u898b\u5f53\u305f\u3089\u306a\u3044\uff0eCloudFront\u304b\u3089\u30aa\u30ea\u30b8\u30f3\u3078\u306e\u901a\u4fe1\u304cIPv4\u3060\u3051\u3067\u3042\u308c\u3070\u7279\u306b\u554f\u984c\u306f\u306a\u3044\u306e\u3060\u304c\uff0e\uff0e\uff0e<\/p>\r\n
\r\n
\r\n\"VPC\r\n
\r\nManaged prefix lists \u304b\u3089 “pl-58a05531” “com.amazonaws.global.cloudfront.origin-facing” \u3092\u958b\u304f<\/span>\r\n
\r\n
\r\n\"CF\r\n
\r\nCloudFront\u306e\u30a8\u30c3\u30b8\u30b5\u30fc\u30d0\u306eIP\u30ea\u30b9\u30c8\u304c\u4f5c\u6210\u3055\u308c\u3066\u3044\u308b<\/span>\r\n
\r\n
\r\n<\/div>\r\n
\r\n
\u4e88\u3081\u81ea\u5206\u3067\u767b\u9332\u3057\u3066\u3042\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u30b0\u30eb\u30fc\u30d7\u306b\u3001\u3053\u306eAWS\u5074\u3067\u4f5c\u6210\u3057\u3066\u3044\u308bManaged prefix lists\u304b\u3089\u306eHTTP\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3059\u308b\u8a2d\u5b9a\u3092\u8ffd\u52a0\u3059\u308b\uff0e\u4eca\u56de\u306f\u81ea\u5b85\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u306e\u307fVPC\u5185\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3057\u3066\u3044\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u30b0\u30eb\u30fc\u30d7\u306b\u5bfe\u3057\u3066\u8a2d\u5b9a\u3092\u884c\u3046\uff0e<\/p>\r\n
\r\n
\u5bfe\u8c61\u3068\u306a\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u30b0\u30eb\u30fc\u30d7\u306einbound \u30eb\u30fc\u30eb\u306b\u3001CloudFront\u304b\u3089\u306eHTTP\u30a2\u30af\u30bb\u30b9\u306e\u307f\u3092\u8a31\u53ef\u3059\u308b\u8a2d\u5b9a\u3092\u8ffd\u52a0\u3059\u308b\uff0eSource \u3092Custom\u306b\u3059\u308b\u3068\u691c\u7d22\u30ea\u30b9\u30c8\u306b\u4e0a\u8a18\u306eCloudFront\u306eManeged IP List \u540d\uff08pl-58a05531\uff09\u304c\u73fe\u308c\u308b\u306e\u3067\u3001\u305d\u308c\u3092\u9078\u3093\u3067Source Address\u3068\u3057\u3066\u8a2d\u5b9a\u3059\u308b\uff0e<\/p>\r\n
\r\n
\r\n
\r\n\"My\r\n
\r\n\u4e88\u3081\u4f5c\u6210\u6e08\u307f\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u30b0\u30eb\u30fc\u30d7\u306e\u30ea\u30b9\u30c8<\/span>\r\n
\r\n
\r\n\"Adding\r\n
\r\n\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u30b0\u30eb\u30fc\u30d7\u306e\u30ea\u30b9\u30c8\u306bCloudFront\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u3092\u52a0\u3048\u308b<\/span>\r\n
\r\n
\r\n<\/div>\r\n
\u3053\u308c\u3067\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u30b0\u30eb\u30fc\u30d7\u306b\u3001CloudFront\u306e\u30a8\u30c3\u30b8\u30b5\u30fc\u30d0\u304b\u3089\u306eHTTP\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u304c\u8ffd\u52a0\u3055\u308c\u305f\uff0e<\/p>\r\n
\r\n
\r\n\"Access\r\n
\r\n\u81ea\u5b85\u5916\u304b\u3089\u30aa\u30ea\u30b8\u30f3\u30b5\u30fc\u30d0(EC2)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u304c\u3067\u304d\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d<\/span>\r\n
\r\n
\r\n<\/div>\r\n
\u3068\u308a\u3042\u3048\u305aAWS\u4e0a\u306b\u69cb\u7bc9\u3057\u305fWordpress\u30b5\u30a4\u30c8\u3092CloudFront, AWS WAF\u3068\u306e\u7d44\u307f\u5408\u308f\u305b\u3067\u3001\u6bd4\u8f03\u7684\u30bb\u30ad\u30e5\u30a2\u306a\u74b0\u5883\u3067\u7a3c\u50cd\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u305f\uff0e<\/p>\r\n
\r\n
WordPress\u3092\u5358\u7d14\u306b\u4f7f\u3063\u3066\u3044\u308b\u5206\u306b\u306f\u554f\u984c\u306f\u306a\u3044\u304c\u3001\u3061\u3087\u3063\u3068\u3067\u3082\u8907\u96d1\u306a\u3053\u3068\u3092\u3084\u308d\u3046\u3068\u3059\u308b\u3068\u3001\u9014\u7aef\u306bWordpress\u7279\u6709\u306e\u58c1\u306b\u3076\u3061\u5f53\u305f\u3063\u3066\u3057\u307e\u3046\uff0eCMS\u6a5f\u80fd\u3068Web\u30d5\u30ed\u30f3\u30c8\u30a8\u30f3\u30c9\u304c\u6e3e\u7136\u4e00\u4f53\u306a\u305f\u3081\u3001Wordpress\u5185\u90e8\u306bFQDN\u60c5\u5831\u3092\u6301\u3064\u306a\u3069\u3001WEB\u30a8\u30f3\u30b8\u30cb\u30a2\u3084\u7ba1\u7406\u3059\u308b\u7acb\u5834\u304b\u3089\u898b\u308b\u3068Wordpress\u74b0\u5883\u3092\u7dad\u6301\u30fb\u904b\u7528\u3057\u3066\u3044\u304f\u306e\u306f\u3068\u3066\u3082\u9aa8\u306e\u6298\u308c\u308b\u4f5c\u696d\u3060\uff0e<\/p>\r\n
\r\n
\u4f55\u3067\u3001CMS\u304c\u5185\u90e8\u306bFQDN\u3092\u62b1\u3048\u3066\u3044\u308b\u306e\u304b\u7406\u89e3\u306b\u82e6\u3057\u3080\u304c\u3001\u9577\u5e74\u4f7f\u3044\u7d9a\u3051\u3066\u304d\u305fWordpress\u541b\u3068\u3082\u305d\u308d\u305d\u308d\u304a\u5225\u308c\u3057\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\u6642\u304c\u6765\u305f\u3088\u3046\u3060\uff0eWEB\u30a8\u30f3\u30b8\u30cb\u30a2\u30ea\u30f3\u30b0\u306e\u4e16\u754c\u3067\u306f\u65e2\u306b\u9759\u7684\u30b3\u30f3\u30c6\u30f3\u30c4\u30b8\u30a7\u30cd\u30ec\u30fc\u30b7\u30e7\u30f3\u3078\u306e\u79fb\u884c\u304c\u30e1\u30b8\u30e3\u30fc\u306a\u6d41\u308c\u3068\u306a\u3063\u3066\u3044\u308b\u3088\u3046\u306a\u306e\u3067\u3001\u3053\u306e\u30b5\u30a4\u30c8\u3082\u6298\u308a\u3092\u898b\u3066\u305d\u3061\u3089\u306e\u65b9\u5411\u3078\u79fb\u884c\u3057\u3088\u3046\u3068\u601d\u3046\uff0e<\/p>\r\n
\r\n
\u4eca\u56de\u691c\u8a3c\u3057\u3066\u3044\u308b WordPress + CloudFront + AWS WAF \u306e\u74b0\u5883\u304c\u307e\u3068\u3082\u306b\u7a3c\u50cd\u3057\u3066\u304f\u308c\u308b\u3088\u3046\u306a\u3089\u3001\u6b21\u306e\u65b0\u3057\u3044\u74b0\u5883\u3078\u306e\u3064\u306a\u304e\u3068\u3057\u3066\u4f7f\u3063\u3066\u307f\u3088\u3046\u304b\u3068\u601d\u3046\uff0e<\/p>\r\n
\r\n
\u305d\u308c\u306b\u3057\u3066\u3082\u3001Wordpress\u3068CDN\u306e\u7d44\u307f\u5408\u308f\u305b\u306f\u76f8\u6027\u304c\u60aa\u305d\u3046\u3060\uff0e\u307b\u3093\u306e\u6570\u65e5\u306e\u691c\u8a3c\u3067\u3082\u8272\u3005\u3068\u4e0d\u5177\u5408\u3084\u5909\u306a\u6319\u52d5\u306b\u898b\u821e\u308f\u308c\u305f\uff0e\u3082\u3046\u5c11\u3057\u69d8\u5b50\u3092\u898b\u3066\u304b\u3089\u3001\u4eca\u56de\u306e\u691c\u8a3c\u74b0\u5883\u304c\u4f7f\u3044\u7269\u306b\u306a\u308b\u304b\u3069\u3046\u304b\u5224\u5b9a\u3059\u308b\u3053\u3068\u306b\u3057\u3088\u3046\uff0e<\/p>\r\n
\r\n\r\n
\r\n
\r\n
\u3010\u5f8c\u65e5\u8ac7\u3011AWS\u306e\u6a5f\u80fd\u3092\u99c6\u4f7f\u3057\u3066\u30bb\u30ad\u30e5\u30a2\u306aWordpress\u74b0\u5883\u3092\u7dad\u6301\u3059\u308b\u306e\u306f\u9aa8\u306e\u6298\u308c\u308b\u4f5c\u696d\u304c\u5fc5\u8981\u3060\uff0e\u4eca\u56de\u306f\u6280\u8853\u7684\u306a\u691c\u8a3c\u304c\u76ee\u7684\u3060\u3063\u305f\u306e\u3067\r\nWordpress + CloudFront + AWS WAF\u3068\u3044\u3046\u7d44\u307f\u5408\u308f\u305b\u3067\u69cb\u7bc9\u3057\u3066\u307f\u305f\u304c\u3001\u3053\u306e\u74b0\u5883\u3092\u672c\u756a\u74b0\u5883\u3068\u3057\u3066\u4eca\u5f8c\u3082\u904b\u7528\u3092\u7d9a\u3051\u3066\u884c\u304f\u6c17\u306b\u306f\u3068\u3066\u3082\u306a\u308c\u306a\u3044\uff0e<\/p>\r\n
\r\n
\u3084\u306f\u308a\u3053\u306e\u30d6\u30ed\u30b0\u306e\u69d8\u306a\u500b\u4eba\u30ec\u30d9\u30eb\u306eWordpress\u30b5\u30a4\u30c8\u3067\u306f\u3001\u904b\u7528\u30b3\u30b9\u30c8\u3084\u904b\u7528\u306b\u639b\u304b\u308b\u52b4\u529b\u3092\u8003\u3048\u308b\u3068\u3068\u3066\u3082\u3058\u3083\u306a\u3044\u304c\u3084\u3063\u3066\u3089\u308c\u306a\u3044\u3068\u3044\u3046\u306e\u304c\u672c\u5f53\u306e\u3068\u3053\u308d\u3060\uff0e\uff0e\uff0e\uff0e\u3068\u3044\u3046\u8a33\u3067\u73fe\u5728\u306f\u3001\u3053\u306e\u30b5\u30a4\u30c8\u306fAWS\u3092\u96e2\u308c\u3066\u3001\u8cbb\u7528\u306e\u5b89\u3044\u56fd\u7523VPS\u30b5\u30fc\u30d0\u3067\u904b\u7528\u3057\u3066\u3044\u308b\u306e\u304c\u5b9f\u60c5\u3060\uff0e<\/p>\r\n","protected":false},"excerpt":{"rendered":"Wordpress\u30b5\u30a4\u30c8\u3092CloudFront\u7d4c\u7531\u3067\u914d\u4fe1\u3059\u308b\u969b\u306e\u30ad\u30e3\u30c3\u30b7\u30e5\u306e\u5236\u5fa1\u306b\u3064\u3044\u3066\u306f\u3082\u3046\u5c11\u3057\u691c\u8a0e\u3092\u91cd\u306d\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\u304c\u3001CloudFront\u3068\u306e\u7d44\u307f\u5408\u308f\u305b\u306b\u3064\u3044\u3066\u306f\u3042\u308b\u7a0b\u5ea6\u306e\u76ee\u51e6\u304c\u4ed8\u3044\u305f\u306e\u3067\u3001\u4eca\u5ea6\u306fWordpress\u306e\u7ba1\u7406\u753b\u9762\u306b\u5bfe\u3059\u308b\u5236\u5fa1\u306b\u3064\u3044\u3066\u691c\u8a0e\u3059\u308b\u3053\u3068\u306b\u3059\u308b\uff0e","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[13,949,11,12],"tags":[950,893,951,952],"class_list":["post-9612","post","type-post","status-publish","format-standard","hentry","category-sysadmin","category-cloud","category-web","category-wp","tag-aws-waf","tag-cloudfront","tag-managed-prefix-lists","tag-wordpress-security"],"_links":{"self":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts\/9612","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/comments?post=9612"}],"version-history":[{"count":2,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts\/9612\/revisions"}],"predecessor-version":[{"id":10567,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts\/9612\/revisions\/10567"}],"wp:attachment":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/media?parent=9612"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/categories?post=9612"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/tags?post=9612"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}