{"id":28994,"date":"2015-09-16T22:49:31","date_gmt":"2015-09-16T13:49:31","guid":{"rendered":"http:\/\/ur.edu-connect.net\/?p=28994"},"modified":"2024-02-03T23:10:45","modified_gmt":"2024-02-03T14:10:45","slug":"%e3%83%9d%e3%83%bc%e3%83%88%e3%83%99%e3%83%bc%e3%82%b9virtualhost%e3%81%a7hsts%e3%82%92%e6%9c%89%e5%8a%b9%e3%81%ab%e3%81%99%e3%82%8b%e3%81%a8%e5%85%a8%e3%81%a6%e3%81%aevirtualhost%e3%81%b8%e3%81%ae-2","status":"publish","type":"post","link":"https:\/\/ur.edu-connect.net\/archives\/28994","title":{"rendered":"\u30dd\u30fc\u30c8\u30d9\u30fc\u30b9Virtualhost\u3067HSTS\u3092\u6709\u52b9\u306b\u3059\u308b\u3068\u5168\u3066\u306eVirtualhost\u3078\u306e\u901a\u4fe1\u304chttps\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u3066\u3057\u307e\u3046"},"content":{"rendered":"\n

ownCloud\u30928.1\u306b\u30a2\u30c3\u30d7\u30b0\u30ec\u30fc\u30c9\u3059\u308b\u3068\uff0c<\/p>\n\n\n\n

\n

The “Strict-Transport-Security” HTTP header is not configured to least “15768000” seconds. For enhanced security we recommend enabling HSTS as described in our security tips.<\/p>\n<\/blockquote>\n\n\n\n

\u3068\u3044\u3046Warning\u304c\u51fa\u307e\u3059\uff0eownCloud\u306e\u30de\u30cb\u30e5\u30a2\u30eb<\/a>\u306b\u306f\u4e0b\u8a18\u306e\u30b3\u30fc\u30c9\u3092VirtualHost\u306b\u8a18\u8ff0\u3059\u308b\u3088\u3046\u306b\u8a18\u8f09\u304c\u3042\u308a\u307e\u3059\uff0e<\/p>\n\n\n\n

Header always add Strict-Transport-Security \"max-age=15768000\"<\/code><\/pre>\n\n\n\n

\u3053\u308c\u306fHSTS\uff08HTTP Strict Transport Security\uff09\u3068\u547c\u3070\u308c\uff0chttp\u3067\u901a\u4fe1\u3055\u308c\u305f\u969b\u306b\uff0c\u30b5\u30fc\u30d0\u304c\u30d6\u30e9\u30a6\u30b6\u306bhttps\u306b\u5909\u66f4\u3059\u308b\u3088\u3046\u306b\u4f1d\u3048\u308b\u4ed5\u7d44\u307f\u3060\u305d\u3046\u3067\u3059\uff0e\u6700\u521d\u306e\u4e00\u56de\u306fhttp\u3067\u901a\u4fe1\u3055\u308c\u305f\u3068\u3057\u3066\u3082\uff0c2\u56de\u76ee\u4ee5\u964d\u306e\u901a\u4fe1\u306f\u5f37\u5236\u7684\u306bhttps\u306b\u5909\u66f4\u3055\u308c\uff0c\u30d6\u30e9\u30a6\u30b6\u306fHSTS\u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u30b5\u30a4\u30c8\u3068\u3057\u3066\u8a18\u61b6\u3057\u307e\u3059 <\/p>\n\n\n1<\/a><\/sup>\u00a0\u5404\u30d6\u30e9\u30a6\u30b6\u306eHSTS\u30ec\u30b3\u30fc\u30c9\u3092\u524a\u9664\u3059\u308b\u65b9\u6cd5\uff1a\u00a0How to clear HSTS Settings in Major Browsers | that’s so \u2026 classically.me<\/a> <\/span>\n\n\n\n

\uff0eSSL\u3067\u901a\u4fe1\u3059\u308b\u306b\u8d8a\u3057\u305f\u3053\u3068\u306f\u306a\u3044\u306e\u3067\uff0c\u3055\u3063\u305d\u304f\u4e0a\u8a18\u8a2d\u5b9a\u3092\u6709\u52b9\u306b\u3057\u305f\u3068\u3053\u308d\uff0c\u30dd\u30fc\u30c8\u30d9\u30fc\u30b9VirtualHost\u3067\u904b\u7528\u3057\u3066\u3044\u308b\u4ed6\u306e\u30b5\u30a4\u30c8\u3082https\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u3057\u307e\u3044\u307e\u3057\u305f\uff0e<\/p>\n\n\n\n

\u4ed6\u306b\u3082\u3044\u308d\u3044\u308d\u4fee\u6b63\u3057\u305f\u7b87\u6240\u304c\u3042\u3063\u305f\u305f\u3081\uff0c\u5f53\u521d\u306f\u3069\u3053\u306b\u554f\u984c\u304c\u3042\u308b\u304b\u5206\u304b\u3089\u305a\uff0c\u8a66\u884c\u932f\u8aa4\u3092\u7e70\u308a\u8fd4\u3057\u305f\u306e\u3061\u306b\uff0c\u53c2\u8003\u30b5\u30a4\u30c8\uff1ahttp \u306e\u30ea\u30af\u30a8\u30b9\u30c8\u304c\u52dd\u624b\u306b https \u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u308b\u3068\u304d\u306f Strict-Transport-Security \u3092\u7591\u304a\u3046<\/a> \u306e\u304a\u304b\u3052\u3067HSTS\u304c\u539f\u56e0\u3067\u3042\u308b\u3053\u3068\u306b\u6c17\u3065\u304d\u307e\u3057\u305f\uff0e\u8abf\u3079\u305f\u3068\u3053\u308d\uff0cHSTS\u3092\u6709\u52b9\u306b\u3059\u308b\u3068\uff0c\u5bfe\u8c61\u30c9\u30e1\u30a4\u30f3\u306e\u5168\u3066\u306e\u30dd\u30fc\u30c8\u306b\u304a\u3051\u308bhttp\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u5bfe\u3057\u3066\uff0chttps\u3078\u306e\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3092\u5f37\u5236\u3059\u308b<\/strong>  <\/p>\n\n\n2<\/a><\/sup> \u53c2\u7167\uff1ahttps:\/\/tools.ietf.org\/html\/draft-ietf-websec-strict-transport-sec-14<\/a> <\/span>\n\n\n\n

\u305d\u3046\u3067\u3059\uff0e\u3057\u305f\u304c\u3063\u3066\uff0c\u30dd\u30fc\u30c8\u30d9\u30fc\u30b9\u306eVirtualHost\u3092\u904b\u7528\u3057\u3066\u3044\u308b\u5834\u5408 3<\/a><\/sup> \u540d\u524d\u30d9\u30fc\u30b9\u306eVirtualHost\u306b\u304a\u3044\u3066\uff0cHSTS\u306f\u5225\u30c9\u30e1\u30a4\u30f3\u306b\u5bfe\u3057\u3066\u81ea\u52d5\u7684\u306b\u306f\u6709\u52b9\u306b\u306a\u3089\u306a\u3044\u6a21\u69d8 <\/span> \u306f\uff0c\u5168\u3066\u306eVirtualHost\u304chttps\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u3066\u3057\u307e\u3044\u307e\u3059 4<\/a><\/sup> \u3082\u3057\u304b\u3057\u305f\u3089\u56de\u907f\u7b56\u304c\u3042\u308b\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u304c\uff0c\u898b\u3064\u3051\u3089\u308c\u3066\u3044\u307e\u305b\u3093 <\/span> \uff0e<\/p>\n\n\n\n

\u5168\u3066\u306e\u30b5\u30a4\u30c8\u3092SSL\u3067\u904b\u7528\u3057\u3066\u308b\u5834\u5408\u306f\u826f\u3044\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u304c\uff0c\u305d\u3046\u3067\u306a\u3044\u5834\u5408\u306b\u306f\u3053\u308c\u306f\u56f0\u308a\u307e\u3059\uff0e\u81ea\u5206\u306e\u5834\u5408\u306f\uff0c\u305d\u3082\u305d\u3082http80\u756a\u3067\u901a\u4fe1\u3067\u304d\u308b\u3088\u3046\u306b\u306f\u3057\u3066\u304a\u3089\u305a\uff08http\u7528\u306e\u30dd\u30fc\u30c8\u3092\u958b\u3051\u3066\u3044\u306a\u3044\u306e\u3067http\u3067\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068Bad Request\u3068\u306a\u308b\uff09\uff0c\u9055\u3046\u30dd\u30fc\u30c8\u3067\u5225\u306e\u30b5\u30a4\u30c8\u3092\u904b\u7528\u3057\u3066\u3044\u308b\u305f\u3081\uff0cHSTS\u306e\u8a2d\u5b9a\u306f\u5916\u3057\u307e\u3057\u305f\uff0e\u30de\u30cb\u30e5\u30a2\u30eb\u306b\u66f8\u304b\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u9d5c\u5451\u307f\u306b\u3057\u3066\uff0c\u304d\u3061\u3093\u3068\u5185\u5bb9\u3092\u7406\u89e3\u3057\u3066\u3044\u306a\u3044\u3068\uff0c\u601d\u308f\u306c\u843d\u3068\u3057\u7a74\u306b\u30cf\u30de\u308a\u307e\u3059\u306d\u30fb\u30fb\u30fb<\/p>\n