Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to build/ops websites safety (2020-12-10)

Avatar for Daiji Hirata Daiji Hirata
December 10, 2020
Business
0
110

How to build/ops websites safety (2020-12-10)

ウェブサイト運用にともなうリスクと安定運用のコツ
2020.12.10 シックス・アパート オンラインミニセミナー スライド

Avatar for Daiji Hirata

Daiji Hirata

December 10, 2020
Tweet

More Decks by Daiji Hirata

See All by Daiji Hirata
WebCMS 概観 MTDDC Meetup TOHOKU 2025
Avatar for Daiji Hirata hirata
0
15
MTDDC Meetup TOKYO 2024 Keynote
Avatar for Daiji Hirata hirata
1
670
MTDDC Meetup TOHOKU 2024 Keynote Speech
Avatar for Daiji Hirata hirata
1
690
MTDDC Meetup Tokyo 2023 Keynote
Avatar for Daiji Hirata hirata
0
900
MTDDC Meetup Tokyo 2022 Keynote
Avatar for Daiji Hirata hirata
0
90
MTDDC meetup Tokyo 2021 Keynote
Avatar for Daiji Hirata hirata
0
1.4k
How to build a Robust Website for Peak Traffics (2021-02-12)
Avatar for Daiji Hirata hirata
0
90
MTDDC Meetup Tokyo 2020 Keynote
Avatar for Daiji Hirata hirata
0
200
MTDDC Meetup Tokyo 2019 Closing Session
Avatar for Daiji Hirata hirata
0
1.4k

Other Decks in Business

See All in Business
AWS Summit Japan 2025 社内コミュニティによる企業文化創り ~MAWS-UGの挑戦とこれから~
Avatar for YukiOgawa yukiogawa
2
930
心と心に橋を架けよう
Avatar for viva_tweet_x viva_tweet_x
0
1.3k
AIで「お客様のことだけを考える」 時間を増やすためには
Avatar for Teppei Kosaki kosakiteppei
0
150
6 Fast and Easy ways to contact Quickbooks Desktop Support
Avatar for nalix91224 nalix91224
0
170
CC採用候補者向けピッチ資料
Avatar for CrossCommunication crosscommunication
2
52k
メタデータ通りの趣旨と進め方
Avatar for データ横丁 datayokocho
0
130
株式会社ネイチャーズウェイ会社説明資料
Avatar for 株式会社ネイチャーズウェイ naturesway
1
420
株式会社PROOF_エンジニア向け採用資料
Avatar for PROOF proof
0
210
처음 시작하는 사람들을 위한 GA4 핸즈온 | 2025년 7월 세미나
Avatar for 데이터리안 datarian
0
670
【DearOne】Dear Newest Member
Avatar for DearOne hrm
2
11k
アウトカムファーストな専門技術組織の構築と運用のための取り組み / Efforts to Build and Operate an Outcome-First Technical Expertise Organization
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
5
500
ラッコキーワード サービス紹介資料
Avatar for ラッコ株式会社 rakko
0
41k

Featured

See All Featured
Building Adaptive Systems
Avatar for Chris Keathley keathley
43
2.7k
Faster Mobile Websites
Avatar for Dean Hume deanohume
308
31k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
1.8k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
8
370
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
656
60k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
207
24k
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.5k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
189
11k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
173
14k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.2k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
15
1.6k

Transcript

  1. γοΫεɾΞύʔτ ฏా େ࣏ ΢ΣϒαΠτӡ༻ʹͱ΋ͳ͏ϦεΫͱ҆ఆӡ༻ͷίπ ΢ΣϒαΠτΛ҆৺ͯ͠׆༻͢ΔͨΊʹ஌͓͖͍ͬͯͨ͜ͱ

  2. ͻΒ͍ͨͩ͡ 4JY"QBSU %JSFDUPS $50 !IJSBUB

  3. ࠓ೔ͷ࿩ • ΢ΣϒαΠτӡ༻্ͷϦεΫͱݪҼ • جຊతͳରࡦ • ରࡦͷҰྫɺެ։αʔόͷ෼཭ • ͦͷଞɺؾΛ͚ͭΔ͜ͱ

  4. ΢ΣϒαΠτͷϦεΫ͍Ζ͍Ζ • αΠτͷվ᜵ɺ৐ͬऔΓ • αΠτͷμ΢ϯ • ৘ใ࿙Ӯ • ౿Έ୆ʹ࢖ΘΕ͍ͯͨ •

    ߋ৽͕Ͱ͖ͳ͘ͳͬͨ

  5. αΠτͷվ᜵ɺ৐ͬऔΓ • ৘ใͷૢ࡞ • Ϛϧ΢ΣΞ͕഑෍͞Ε͍ͯͨ • ѱҙͷ͋ΔϓϩάϥϜΛΫϥΠΞϯτʹ࣮ߦͤ͞Δ • ϑΟογϯά࠮ٗʹ࢖ΘΕ͍ͯͨ •

    ݸਓ৘ใ΍ΫϨδοτΧʔυ৘ใΛ౪·ΕΔ
  6. None

  7. ෛͷ࿈࠯ • Ϛϧ΢ΣΞ / ϑΟογϯάʹ࢖ΘΕΔ • ϒϩοΫϦετʹొ࿥͞ΕΔ • Safe Browsing

    ػೳͰαΠτ͕දࣔ͞Εͳ͘ͳΔ…

  8. αΠτͷμ΢ϯ • αΠτ͕ਅͬനʹͳͬͨ • 404 Not Found ΍φκͷΤϥʔը໘

  9. ৘ใ࿙Ӯ • αʔόʹอଘ͍ͯͨ͠ݸਓ৘ใ͕… • ·ͩެ։͍ͯ͠ͳ͍͸ͣͷ PDF ϑΝΠϧ͕…

  10. ౿Έ୆ʹ͞Ε͍ͯͨ? ඪతܕ߈ܸʹ࢖ΘΕͨྫ • ஌Βͳ͍ϑΝΠϧ͕ࣾ಺͔ΒΞοϓϩʔυ͞Ε͍ͯͨ • ஌Βͳ͍αʔό͔ΒͷΞΫηεͰμ΢ϯϩʔυ͞Ε͍ͯͨ • ஌Βͳ͍ϑΝΠϧ͕ࣾ֎͔ΒΞοϓϩʔυ͞Ε͍ͯͨ • ࣾ಺ͷPC͔ΒφκͷΞΫηε͕…

  11. ߋ৽͕Ͱ͖ͳ͍ • CMS ͷ؅ཧը໘ʹϩάΠϯͰ͖ͳ͍ • αʔόͷΞΧ΢ϯτ͕Θ͔Βͳ͍

  12. ͞·͟·ͳݪҼ • ֎෦͔ΒͷͳΜΒ͔ͷΞΫγϣϯ (߈ܸ) • ނো • ୯७ͳϛε • ಺෦൜ߦ

    • ͳʹ΋͍ͯ͠ͳ͍ͷʹ……

  13. جຊతͳରࡦͷߟ͔͑ͨ • ݪҼΛ༧૝͠ɺͦΕͧΕͷରࡦΛߟ͑Δ • ϦεΫΛࣄલʹݮΒ͢ • ΋͠ൃੜͨ͠ͱ͖ͷϦΧόϦʔํ๏Λࣄલʹ༻ҙ͓ͯ͘͠ • ӡ༻ʹؾΛ෷͏ •

    αʔόɺΞϓϦέʔγϣϯΛ҆શʹอͭ • े෼ͳϦιʔεΛख౰͢Δ • ීஈ͔ΒϦεΫʹඋ͑Δ

  14. Ұൠతͳ΢ΣϒαΠτͰͷߟ͔͑ͨ • Ұൠ΁ͷ৘ใఏڙͷͨΊͷ΢Σϒαʔό • ίʔϙϨʔταΠτͳͲ • ߋ৽͸ਵ࣌ɺσβΠϯมߋͳͲ͸සൟͰ͸ͳ͍ • ड͚Δͷ͸໰͍߹ΘͤϑΥʔϜఔ౓

  15. Ұൠతͳ΢ΣϒαΠτͰͷߟ͔͑ͨ • ެ։༻αʔόͱΞϓϦέʔγϣϯ༻αʔόΛ෼཭͢Δ • CMS αʔό͸Ұൠ͔ΒΞΫηεͰ͖ͳ͍Α͏ʹɺ੍ݶ͢Δ • ΞΫηε੍ݶɺωοτϫʔΫͷ෼཭ • ެ։༻αʔόʹ͸ɺඞཁͳΞϓϦέʔγϣϯͷΈઃஔ͢Δ

    • ੩తίϯςϯπͷΈͩͱɺ͔ͳΓ҆શ

  16. 010111……… ެ։ྖҬ CMS 1୆ͷαʔόʹ͢΂ͯࠞࡏ html, image, css, js, etc.

  17. ެ։༻αʔό CMS ެ։ྖҬ 010111……… ެ։༻αʔόͱ CMS Λ෼཭͢Δ

  18. ެ։༻αʔόͷ෼཭ • αΠτΛ੩తίϯςϯπͱͯ͠४උ͠ɺެ։༻αʔόʹసૹ͢Δ • MT ͩͱϓϥάΠϯΛར༻͢Δ͜ͱ͕Ұൠత • Uploader, SmartSyncPack, Movable

    Type Premium (SiteSync) • MT Ϋϥ΢υʹ͸ඪ४Ͱαʔό഑৴Λ༻ҙ͍ͯ͠Δ • సૹઌͱରԠ͢Δϓϩτίϧʹ஫ҙ • FTPS, SFTP, rsync, S3 (AWS) ͳͲ

  19. ެ։༻αʔό CMS ެ։ྖҬ 010111……… ඇެ։ྖҬ ഑৴ ࠶ߏங (੩తϑΝΠϧߏங)

  20. ഑৴ػೳͷϝϦοτ • ഑৴ઌΛෳ਺༻ҙ͢Δ͜ͱͰɺεςʔδϯάͷΑ͏ʹར༻Ͱ͖Δ • ίϯςϯπΛ෼཭ͯ͠؅ཧ͢Δ͜ͱ͕Ͱ͖Δ • େن໛αΠτͷҰ෦͚ͩΛ MT Ϋϥ΢υͰ؅ཧ͢Δ •

    ෦໳ຖʹ഑৴Λ෼͚Δ

  21. ެ։༻αʔό ඇެ։ྖҬ ഑৴ ֬ೝ༻αʔό ഑৴ CMS

  22. ެ։༻αʔό CMS ඇެ։ྖҬ Ұ෦ͷྖҬʹ͚ͩ഑৴

  23. CMS ͷΞΫηε੍ݶ΍ηΩϡϦςΟڧԽ • IP ΞυϨεͷ੍ݶ • ύεϫʔυอޢ • WAF ͷར༻

  24. CMS ͷӅṭ • CMS ΞϓϦέʔγϣϯ΁ͷΞΫηεΛ੍ݶ͢Δ • ϗετͷӅṭ • ϓϥΠϕʔτωοτϫʔΫʹઃஔͯ͠ VPN

    ܦ༝ͰΞΫηε • ެ։αʔό΁ͷίϯςϯπ഑৴Ҏ֎ΛڐՄ͠ͳ͍ • ֎෦΁ͷτϥϑΟοΫͷ؂ࢹ͕༰қʹ
 ౿Έ୆ʹͳΔϦεΫΛܰݮͰ͖Δ

  25. ެ։༻αʔό CMS VPN ͳͲͰΞΫηεΛ੍ݶɾ؅ཧ ഑৴ (Ұํ޲) ֎෦͔Βͷ௨৴͸ःஅ 010111………

  26. ެ։αʔόͷߏ੒ྫ • Apache • SSI ΍ htaccess ͸࢖͍͍ͨ • Amazon

    S3 • + CDN • + CDN + WAF + DDoS ରࡦ

  27. ެ։༻αʔόΛηΩϡΞʹ • ΞϓϦέʔγϣϯͷઃஔΛߦΘͳ͍ɺ΋͘͠͸੍ݶ͢Δ • PHP ͷར༻΍εΫϦϓτͷઃஔ͸ܧଓϝϯςφϯεͰ͖Δ͔Ͳ͏͔ • SSI ΍ .htaccess

    ΋࢖Θͳ͍ͳΒɺS3 ͷར༻΋ࢹ໺ʹೖΔ • ϑΥʔϜɺݕࡧͳͲ͸αʔϏεΛར༻͢Δ͜ͱΛߟ͑Δ • ಠࣗΞϓϦέʔγϣϯ͸αʔόΛ෼཭ͯ͠
 CORS ΍ ReverseProxy Ͱͷӡ༻΋ߟ͑Δ

  28. ެ։༻αʔό iframe Ͱ૊ΈࠐΈ

  29. ެ։༻αʔόΛηΩϡΞʹ • ΞϓϦέʔγϣϯͷઃஔΛߦΘͳ͍ɺ΋͘͠͸੍ݶ͢Δ • PHP ͷར༻΍εΫϦϓτͷઃஔ͸ܧଓϝϯςφϯεͰ͖Δ͔Ͳ͏͔ • SSI ΍ .htaccess

    ΋࢖Θͳ͍ͳΒɺS3 ͷར༻΋ࢹ໺ʹೖΔ • ϑΥʔϜɺݕࡧͳͲ͸αʔϏεΛར༻͢Δ͜ͱΛߟ͑Δ • ಠࣗΞϓϦέʔγϣϯ͸αʔόΛ෼཭ͯ͠
 CORS ΍ ReverseProxy Ͱͷӡ༻΋ߟ͑Δ

  30. ΑΓ஫ҙ͢Δ͜ͱ • ނো΍ࣄނʹඋ͑ͨ৑௕ߏ੒ • ೋॏԽ…ϗετɺωοτϫʔΫɺσʔληϯλ • γεςϜͷఆظతͳϝϯςφϯε • ϛυϧ΢ΣΞ΍ΞϓϦέʔγϣϯͷΞοϓσʔτɺઃఆͷ֬ೝ •

    ϩάͷ֬ೝ • ఆظతͳόοΫΞοϓ • όοΫΞοϓͷೖखੑɺੈ୅ • ϦετΞखॱͷ֬ೝ΍τϨʔχϯά

  31. ࣗ෼Ͱ΍Δͷ͕େมͩͱࢥͬͨΒ • ϚωʔδυαʔϏε΍ SaaS ͷ CMS Λར༻͢Δ • Movable Type

    Ϋϥ΢υ൛ • αʔό഑৴ػೳΛඪ४૷උ • MovableType.net • αʔϏεͱͯ͠ɺ͞·͟·ͳϦεΫʹ഑ྀͯ͠ӡӦ͍ͯ͠·͢

  32. ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠