{"id":2201,"date":"2025-12-16T12:44:01","date_gmt":"2025-12-16T03:44:01","guid":{"rendered":"https:\/\/bokumin.org\/blog\/?p=2201"},"modified":"2026-02-19T12:30:38","modified_gmt":"2026-02-19T03:30:38","slug":"mod_security-owasp-crs-fail2ban%e7%92%b0%e5%a2%83%e3%82%92%e6%a7%8b%e7%af%89%e3%81%99%e3%82%8b%e3%80%90opensuse%e3%80%91","status":"publish","type":"post","link":"https:\/\/www.bokumin.org\/blog\/2025\/12\/16\/mod_security-owasp-crs-fail2ban%e7%92%b0%e5%a2%83%e3%82%92%e6%a7%8b%e7%af%89%e3%81%99%e3%82%8b%e3%80%90opensuse%e3%80%91\/","title":{"rendered":"mod_security + OWASP CRS + fail2ban\u74b0\u5883\u3092\u69cb\u7bc9\u3059\u308b(OpenSUSE)"},"content":{"rendered":"\n

Setting up mod_security + OWASP CRS + fail2ban on OpenSUSE<\/p>\n\n\n\n

\u306f\u3058\u3081\u306b<\/strong><\/p>\n\n\n\n

\u524d\u56de\u306e\u8a18\u4e8b<\/a>\u3067\u306fPF\u306b\u3088\u308b\u30b7\u30f3\u30d7\u30eb\u306a\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b\u6483\u9632\u6b62\u306e\u65b9\u6cd5\u306b\u3064\u3044\u3066\u8aac\u660e\u3057\u307e\u3057\u305f\u304c\u3001\u4eca\u56de\u306f\u3088\u308a\u9ad8\u5ea6\u306a\u653b\u6483\u691c\u77e5\u30fb\u9632\u5fa1\u30b7\u30b9\u30c6\u30e0\u306e\u69cb\u7bc9\u65b9\u6cd5\u306b\u3064\u3044\u3066\u89e3\u8aac\u3057\u307e\u3059\u3002<\/p>\n\n\n\n

\u5f93\u6765\u306e\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u9632\u5fa1\u306f\u3001\u9023\u7d9a\u3057\u305f\u30ed\u30b0\u30a4\u30f3\u8a66\u884c\u3084\u5927\u91cf\u30a2\u30af\u30bb\u30b9\u3092\u56de\u6570\u30d9\u30fc\u30b9<\/strong>\u3067\u691c\u77e5\u3059\u308b\u4ed5\u7d44\u307f\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u3057\u304b\u3057\u3001SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3084XSS\u3001\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u3068\u3044\u3063\u305f\u653b\u6483\u306f\u3001\u305f\u3063\u305f1\u56de\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u3067\u6210\u529f\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u307e\u305f\u3001\u8907\u6570\u306eIP\u30a2\u30c9\u30ec\u30b9\u3092\u4f7f\u3063\u305f\u5206\u6563\u578b\u653b\u6483\u3067\u306f\u3001\u5404IP\u304b\u3089\u306e\u8a66\u884c\u56de\u6570\u306f\u5c11\u306a\u304f\u3066\u3082\u3001\u5168\u4f53\u3068\u3057\u3066\u306f\u5927\u898f\u6a21\u306a\u653b\u6483\u306b\u306a\u308a\u307e\u3059\u3002\u3053\u306e\u3088\u3046\u306a\u9ad8\u5ea6\u306a\u653b\u6483\u306b\u5bfe\u5fdc\u3059\u308b\u306b\u306f\u3001\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u5185\u5bb9\u305d\u306e\u3082\u306e\u3092\u691c\u67fb\u3059\u308b<\/strong>\u4ed5\u7d44\u307f\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n\n\n\n

\u4eca\u56de\u3001\u3053\u306e\u691c\u67fb\u3059\u308b\u30eb\u30fc\u30eb\u30bb\u30c3\u30c8\u3068\u3057\u3066OWASP CRS<\/strong>\u3092\u4f7f\u7528\u3057\u307e\u3057\u305f\u3002OWASP Core Rule Set<\/strong>\u306f\u3001\u5305\u62ec\u7684\u306a\u653b\u6483\u691c\u77e5\u30eb\u30fc\u30eb\u30bb\u30c3\u30c8\u3067\u3001SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u30fbXSS\u30fb\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u30fb\u30d5\u30a1\u30a4\u30eb\u30a4\u30f3\u30af\u30eb\u30fc\u30b8\u30e7\u30f3\u306a\u3069\u3001\u4e3b\u8981\u306a\u653b\u6483\u30d1\u30bf\u30fc\u30f3\u3092\u7db2\u7f85\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u30eb\u30fc\u30eb\u3092\u72ec\u81ea\u306b\u4f5c\u6210\u3059\u308b\u306b\u306f\u304b\u306a\u308a\u306e\u52b4\u529b\u304c\u5fc5\u8981\u3067\u3059\u304c\u3001OWASP CRS\u3092\u4f7f\u3048\u3070\u3001\u8ab0\u3067\u3082\u7c21\u5358\u306b\u4e16\u754c\u6a19\u6e96\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u3092\u5c0e\u5165\u3067\u304d\u307e\u3059\u3002\u30e9\u30a4\u30bb\u30f3\u30b9\u3082ASLv2<\/a>\u3068\u306a\u3063\u3066\u304a\u308a\u5546\u7528\u3067\u3082\u5229\u7528\u53ef\u80fd\u3067\u3059\u3002<\/p>\n\n\n\n

\u672c\u8a18\u4e8b\u3067\u306f\u3001Apache\u306bModSecurity2\u3092\u7d44\u307f\u8fbc\u307f\u3001OWASP CRS\u3067\u653b\u6483\u3092\u691c\u77e5\u3057\u3001fail2ban\u3067\u653b\u6483\u5143IP\u3092\u81ea\u52d5\u7684\u306biptables\u3067\u30d6\u30ed\u30c3\u30af\u3059\u308b\u30b7\u30b9\u30c6\u30e0\u3092\u69cb\u7bc9\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n\n\n\n

\u5b9f\u884c\u74b0\u5883<\/strong><\/p>\n\n\n\n

OS<\/strong>: openSUSE Tumbleweed 20251127
Web\u30b5\u30fc\u30d0\u30fc<\/strong>: Apache 2.4.65 (prefork MPM)
\u30cf\u30fc\u30c9\u30a6\u30a7\u30a2<\/strong>: Intel Xeon E5-2650L v4 (14\u30b3\u30a2) \/ \u30e1\u30e2\u30ea 32GB
\u904b\u7528\u30b5\u30a4\u30c8<\/strong>: WordPress\u3001\u9759\u7684\u30b5\u30a4\u30c8\u3001Web\u30a2\u30d7\u30ea\u306a\u3069
\u203b\u57fa\u672c\u7684\u306b\u3069\u306e\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u3067\u3082\u3053\u308c\u3089\u306e\u5b9f\u88c5\u304c\u53ef\u80fd\u3067\u3059\u3002\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u5834\u6240\u306a\u3069\u3001\u7d30\u304b\u3044\u5dee\u7570\u306f\u30de\u30cb\u30e5\u30a2\u30eb\u3084\u516c\u5f0f\u30da\u30fc\u30b8\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n

\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/strong><\/p>\n\n\n\n

\u5b9f\u969b\u306b\u30b7\u30b9\u30c6\u30e0\u3092\u69cb\u7bc9\u3057\u3066\u3044\u304d\u307e\u3059\u3002
\u306f\u3058\u3081\u306b\u3001\u5fc5\u8981\u306a\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002openSUSE\u3067\u306fzypper\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u7528\u3057\u3066\u30d1\u30c3\u30b1\u30fc\u30b8\u7ba1\u7406\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n\n\n\n