{"id":2663,"date":"2016-07-20T02:52:20","date_gmt":"2016-07-19T17:52:20","guid":{"rendered":"http:\/\/tech.akat.info\/?p=2663"},"modified":"2016-07-19T23:53:52","modified_gmt":"2016-07-19T14:53:52","slug":"httpoxy","status":"publish","type":"post","link":"https:\/\/tech.akat.info\/?p=2663","title":{"rendered":"httpoxy"},"content":{"rendered":"

\u6982\u8981<\/h1>\n

HTTP\u30a2\u30af\u30bb\u30b9\u6642\u306b”proxy:”\u30d8\u30c3\u30c0\u3092\u3064\u3051\u308b\u3068
\n\u30b5\u30fc\u30d0\u5074\u3067 HTTP_PROXY \u3068\u3057\u3066\u8a8d\u8b58\u3055\u308c\u308b(\u30d8\u30c3\u30c0\u306eproxy\u304c\u5927\u6587\u5b57\u306b\u5909\u63db\u3055\u308c\u3001HTTP_\u304c\u4ed8\u4e0e\u3055\u308c\u308b)
\nCGI\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306f\u3053\u306e\u5024\u3092HTTP\u30d7\u30ed\u30ad\u30b7\u306e\u5024\u3068\u3057\u3066\u8a8d\u8b58\u3057
\n\u4f8b\u3048\u3070PHP\u306f\u5916\u90e8\u63a5\u7d9a\u6642\u306bHTTP_PROXY\u3092\u5229\u7528\u3057\u3066\u901a\u4fe1\u3059\u308b<\/p>\n

\u5f71\u97ff<\/h1>\n

\u30b5\u30fc\u30d0\u304b\u3089\u5916\u90e8\u306bHTTP\u901a\u4fe1\u6642\u306b\u30d7\u30ed\u30ad\u30b7\u3092\u7d4c\u7531\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u308b
\n\u3064\u307e\u308a\u901a\u4fe1\u5185\u5bb9\u3092\u508d\u53d7\u53ef\u80fd\u3068\u306a\u308b
\n\"2016-07-19_220225\"<\/a>
\nMitigating the HTTPoxy Vulnerability with NGINX<\/a><\/p>\n

\u5bfe\u7b56<\/h1>\n

\u30fb\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u542b\u307e\u308c\u308b Proxy \u30d8\u30c3\u30c0\u3092\u7121\u52b9\u306b\u3059\u308b
\n\u30fbCGI \u306b\u304a\u3044\u3066\u3001\u74b0\u5883\u5909\u6570 HTTP_PROXY \u3092\u4f7f\u7528\u3057\u306a\u3044
\n\u30fb\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306a\u3069\u3092\u7528\u3044\u3066 Web \u30b5\u30fc\u30d0\u304b\u3089\u306e HTTP \u30a2\u30a6\u30c8\u30d0\u30a6\u30f3\u30c9\u901a\u4fe1\u3092\u5fc5\u8981\u6700\u5c0f\u9650\u306b\u5236\u9650\u3059\u308b
\nCGI\u7b49\u3092\u5229\u7528\u3059\u308bWeb\u30b5\u30fc\u30d0\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u6ce8\u610f\u559a\u8d77 – JPCERT\/CC<\/a><\/p>\n

nginx\u5bfe\u7b56\u65b9\u6cd5<\/h1>\n

\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u542b\u307e\u308c\u308bProxy\u30d8\u30c3\u30c0\u3092\u7121\u52b9\u306b\u3059\u308b\u5bfe\u5fdc\u306f
\n\u8907\u6570\u30b5\u30a4\u30c8\u904b\u7528\u3060\u3068\u8907\u6570\u306e\u30d5\u30a1\u30a4\u30eb\u5909\u66f4\u304c\u5fc5\u8981\u3068\u306a\u308a\u3001\u30ad\u30c4\u30a4\u305f\u3081CGI\u306b\u3066HTTP_PROXY\u3092\u4f7f\u7528\u3057\u306a\u3044\u3053\u3068\u3067\u5bfe\u5fdc<\/p>\n

\r\n### \u8a2d\u5b9a\u8ffd\u52a0\u3057\u3066reload\u3059\u308b ###\r\nroot@debian9:\/etc\/nginx# vi fastcgi_params\r\n=====\r\nfastcgi_param HTTP_PROXY "";\r\n=====\r\nroot@debian9:\/etc\/nginx# nginx -t\r\nnginx: the configuration file \/etc\/nginx\/nginx.conf syntax is ok\r\nnginx: configuration file \/etc\/nginx\/nginx.conf test is successful\r\nroot@debian9:\/etc\/nginx# \/etc\/init.d\/nginx reload\r\n<\/pre>\n
apache\u5bfe\u7b56\u65b9\u6cd5<\/h1>\n
\u691c\u8a3c\u74b0\u5883\u304c\u624b\u5143\u306b\u306a\u3044\u304c\u3001\u4ee5\u4e0b\u3067\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u542b\u307e\u308c\u308bProxy\u30d8\u30c3\u30c0\u3092\u7121\u52b9\u306b\u3059\u308b\u3053\u3068\u304c\u53ef\u80fd\u3068\u306e\u3053\u3068<\/p>\n
\r\nRequestHeader unset Proxy\r\n<\/pre>\n
\u78ba\u8a8d\u65b9\u6cd5<\/h1>\n
PHP\u306b\u95a2\u3059\u308bHTTPOXY\u8106\u5f31\u6027\u306e\u554f\u984c\u3068\u5bfe\u5fdc\u65b9\u6cd5<\/a>\u3088\u308a<\/p>\n
\r\ncurl -H 'Proxy: 127.0.0.1:12345' "http:\/\/localhost"\r\n<\/pre>\n
\u3067\u30a2\u30af\u30bb\u30b9\u3002PHP\u5074\u306f<\/p>\n
\r\nvar_dump($_SERVER['HTTP_PROXY']);\r\nputenv('HTTP_PROXY=');\r\nvar_dump(getenv('HTTP_PROXY'));\r\nexit;\r\n<\/pre>\n
\u305d\u306e\u4ed6<\/h1>\n
\u4e3b\u306a\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u306e\u5bfe\u5fdc\u65b9\u6cd5
\nhttpoxy : CGI\/\u8a00\u8a9e\u306a\u3069\u3092\u5229\u7528\u3057\u305fHTTP_PROXY\u66f8\u304d\u63db\u3048\u306e\u8106\u5f31\u6027(CVE-2016-5387 etc.)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
\u6982\u8981 HTTP\u30a2\u30af\u30bb\u30b9\u6642\u306b”proxy:”\u30d8\u30c3\u30c0\u3092\u3064\u3051\u308b\u3068 \u30b5\u30fc\u30d0\u5074\u3067 HTTP_PROXY \u3068\u3057\u3066\u8a8d\u8b58\u3055\u308c\u308b(\u30d8\u30c3\u30c0\u306eproxy\u304c\u5927\u6587\u5b57\u306b\u5909\u63db\u3055\u308c\u3001HTTP_\u304c\u4ed8\u4e0e\u3055\u308c\u308b) CGI\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts\/2663"}],"collection":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2663"}],"version-history":[{"count":3,"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts\/2663\/revisions"}],"predecessor-version":[{"id":2667,"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts\/2663\/revisions\/2667"}],"wp:attachment":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2663"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2663"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}