{"id":2243,"date":"2020-12-19T13:51:05","date_gmt":"2020-12-19T04:51:05","guid":{"rendered":"https:\/\/raspi-katsuyou.com\/?p=2243"},"modified":"2020-12-19T17:58:18","modified_gmt":"2020-12-19T08:58:18","slug":"http%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%83%98%e3%83%83%e3%83%80%e3%83%bc%e3%82%92%e8%bf%bd%e5%8a%a0","status":"publish","type":"post","link":"https:\/\/raspi-katsuyou.com\/index.php\/2020\/12\/19\/13\/51\/05\/2243\/","title":{"rendered":"HTTP\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d8\u30c3\u30c0\u30fc\u3092\u8ffd\u52a0"},"content":{"rendered":"\n

HTTP\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d8\u30c3\u30c0\u3068\u306f<\/p>\n\n\n\n

HTTP\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d8\u30c3\u30c0\u306f\u3001Web\u30d6\u30e9\u30a6\u30b6\u3067\u30db\u30fc\u30e0\u30da\u30fc\u30b8\u3092\u898b\u308b\u3068\u304d\u3001\u3069\u306e\u3088\u3046\u306b\u632f\u821e\u3046\u304b\u3092\u30d6\u30e9\u30a6\u30b6\u306b\u901a\u77e5\u3057\u307e\u3059\u3002HTTP\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d8\u30c3\u30c0\u3092\u6b63\u3057\u304f\u8ffd\u52a0\u3059\u308b\u3053\u3068\u3067\u3001Web\u30b5\u30a4\u30c8\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5f37\u5316\u3059\u308b\u3053\u3068\u304c\u53ef\u80fd\u306b\u306a\u308a\u307e\u3059\u3002\u305b\u3063\u304b\u304fSSL\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3057\u305f\u306e\u306b\u3001\u521d\u671f\u8a2d\u5b9a\u306e\u307e\u307e\u4f7f\u3063\u3066\u3044\u308b\u3068\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u3088\u304f\u306a\u3044\u3068\u601d\u3044\u3001HTTP\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d8\u30c3\u30c0\u8a2d\u5b9a\u3092\u8ffd\u52a0\u3057\u305f\u306e\u3067\u7d39\u4ecb\u3057\u307e\u3059\u3002<\/p>\n\n\n\n

\u4eca\u56de\u8ffd\u52a0\u3057\u305f\u8a2d\u5b9a\u306f\u4ee5\u4e0b\u3067\u3059\u3002<\/p>\n\n\n\n

HTTP STRICT TRANSPORT SECURITY(HSTS)<\/strong><\/p>\n\n\n\n

Web\u30d6\u30e9\u30a6\u30b6\u304b\u3089\u306e\u901a\u4fe1\u3092HTTPS\u7d4c\u7531\u3067\u306e\u307f\u901a\u4fe1<\/strong>\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u307e\u3059\u3002HTTP\u7d4c\u7531\u3067\u30b5\u30a4\u30c8\u306e\u95b2\u89a7\u304c\u3067\u304d\u306a\u304f\u306a\u308b<\/strong>\u306e\u3067\u3001SSL\u8a3c\u660e\u66f8\u3092\u8a2d\u5b9a\u3057\u3066\u304b\u3089\u6709\u52b9\u306b\u3057\u3066\u304f\u3060\u3055\u3044<\/strong>\u3002max-age\u3067\u6307\u5b9a\u3055\u308c\u305f\u6642\u9593(\u79d2) HSTS\u8a2d\u5b9a\u3092\u30d6\u30e9\u30a6\u30b6\u4e0a\u306b\u30ad\u30e3\u30c3\u30b7\u30e5\u3057\u3066\u304f\u308c\u307e\u3059\u3002<\/p>\n\n\n\n

Header set Strict-Transport-Security \"max-age=31536000\" env=HTTPS<\/pre>\n\n\n\n
X-FRAME OPTIONS<\/strong><\/p>\n\n\n\n
\u30af\u30ea\u30c3\u30af\u30b8\u30e3\u30c3\u30ad\u30f3\u30b0<\/strong>\u3092\u9632\u6b62\u3059\u308b\u305f\u3081\u306e\u8a2d\u5b9a\u3067\u3001Web\u30b5\u30a4\u30c8\u5074\u3067X-FRAME-OPTIONS\u8a2d\u5b9a\u3059\u308b\u3053\u3068\u3067\u3001\u4ed6\u306e\u30b5\u30a4\u30c8\u306e\u30d5\u30ec\u30fc\u30e0\u3092\u547c\u3073\u51fa\u3055\u306a\u3044\u3088\u3046\u306b\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
\u30af\u30ea\u30c3\u30af\u30b8\u30e3\u30c3\u30ad\u30f3\u30b0<\/strong>\uff1a\u30dc\u30bf\u30f3\u3084\u30ea\u30f3\u30af\u306a\u3069\u3092\u898b\u3048\u306a\u3044\u72b6\u614b\u3067\u914d\u7f6e\u3057\u3066\u30af\u30ea\u30c3\u30af\u3055\u305b\u308b\u3002<\/p>\n\n\n\n
SAMEORIGIN\uff1a\u30d5\u30ec\u30fc\u30e0\u5185\u306e\u30da\u30fc\u30b8\u8868\u793a\u3092\u540c\u4e00\u30c9\u30e1\u30a4\u30f3\u5185\u306e\u307f\u8a31\u53ef<\/p>\n\n\n\n
Header always append X-Frame-Options SAMEORIGIN<\/pre>\n\n\n\n
X-XSS-Protection<\/strong><\/p>\n\n\n\n
\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u653b\u6483\u304c\u691c\u51fa\u3055\u308c\u305f\u5834\u5408\u3001\u8868\u793a\u3092\u30d6\u30ed\u30c3\u30af\u3059\u308b\u3088\u3046\u306b\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
Header set X-XSS-Protection \"1; mode=block\" <\/pre>\n\n\n\n
X-Content-Type-Options<\/strong><\/p>\n\n\n\n
\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d8\u30c3\u30c0\u30fc\u300cX-Content-Type-Options: nosniff\u300d\u3092\u6307\u5b9a\u3067\u3001\u30b3\u30f3\u30c6\u30f3\u30c4\u30bf\u30a4\u30d7\u306e\u81ea\u52d5\u5224\u5225\u3092\u7121\u52b9\u306b\u3059\u308b\u3053\u3068\u3067\u3001\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0(XSS)\u3092\u6291\u5236\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
Header always set X-Content-Type-Options nosniff<\/pre>\n\n\n\n
\u4ee5\u4e0b\u3082\u8ffd\u52a0\u3067\u8a2d\u5b9a\u3057\u3066\u304a\u304d\u307e\u3057\u305f\u3002<\/p>\n\n\n\n
Web\u30da\u30fc\u30b8\u5185\u306ehttp:\/\/\u3092https:\/\/\u3068\u3057\u3066\u6271\u3063\u3066\u304f\u308c\u308b\u3002<\/p>\n\n\n\n
Header always set Content-Security-Policy \"upgrade-insecure-requests\" <\/pre>\n\n\n\n
\u8a8d\u8a3c\u900f\u904e\u6027\u30dd\u30ea\u30b7\u30fc\u306b\u9055\u53cd\u3059\u308b\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u3092\u62d2\u5426\u3059\u308b\u3002<\/p>\n\n\n\n
Header always set Expect-CT \"max-age=7776000, enforce\" <\/pre>\n\n\n\n
\u30dd\u30ea\u30b7\u30fc\u304c\u6307\u5b9a\u3055\u308c\u3066\u3044\u306a\u3044\u5834\u5408\u3084\u5024\u304c\u7121\u52b9\u306a\u5834\u5408\u306b\u3001\u30d7\u30ed\u30c8\u30b3\u30eb\u6c34\u6e96\u304c\u4f4e\u4e0b\u3059\u308b\u5834\u5408\u306f\u30ea\u30d5\u30a1\u30e9\u30fc<\/strong>\u3092\u9001\u4fe1\u3057\u306a\u3044\u3002<\/p>\n\n\n\n
\u30ea\u30d5\u30a1\u30e9\u30fc<\/strong>\u306fHTTP\u30d8\u30c3\u30c0\u306e\uff11\u3064\u3067\u3001\u305d\u308c\u306b\u30ea\u30f3\u30af\u3057\u3066\u3044\u308b\u30a6\u30a7\u30d6\u30da\u30fc\u30b8\u3084\u30ea\u30bd\u30fc\u30b9\u306e\u30a2\u30c9\u30ec\u30b9\u3092\u6307\u3057\u3066\u3044\u308b\u3002\u30ea\u30d5\u30a1\u30e9\u3092\u898b\u308b\u3053\u3068\u3067\u3001\u3069\u3053\u304b\u3089\u305d\u306e\u30da\u30fc\u30b8\u306b\u8981\u6c42\u304c\u6765\u305f\u306e\u304b\u3092\u77e5\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3002<\/p>\n\n\n\n
Header always set Referrer-Policy \"no-referrer-when-downgrade\"<\/pre>\n\n\n\n
\u4e0a\u8a18\u8a2d\u5b9a\u3092\u8ffd\u52a0\u3057\u3066\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d8\u30c3\u30c0\u306e\u30c1\u30a7\u30c3\u30af\u3057\u3066\u307f\u307e\u3057\u305f\u3002<\/p>\n\n\n\n
Analyse your HTTP response headers (securityheaders.com)<\/a><\/p>\n\n\n\n
\u5224\u5b9a\u7d50\u679c\u306f\u300cA\u300d\u3067\u3001\u8a2d\u5b9a\u3057\u305f\u5185\u5bb9\u304c\u610f\u56f3\u901a\u308a\u306b\u53cd\u6620\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\u8a2d\u5b9a\u304c\u53cd\u6620\u3055\u308c\u306a\u3044\u5834\u5408\u306f\u3001Apache\u306e\u201dmod_headers\u201d\u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u304b\u78ba\u8a8d\u3057\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002\u3042\u3068\u3001.htaccess\u306e\u8a2d\u5b9a\u3092\u6709\u52b9\u306b\u3059\u308b\u306e\u3092\u5fd8\u308c\u305a\u306b\u3002<\/p>\n\n\n\n
$sudo a2enmod headers\n$sudo apache2ctl restart<\/pre>\n\n\n\n
<\/p>\n