leedohyung-dba/file0.sh

## file0.sh
echo "RemoteIPHeader X-Forwarded-For" > /etc/httpd24/conf.d/mod_remoteip.conf
echo "RemoteIPTrustedProxy <WAFのIPアドレス１> <WAFのIPアドレス２>" >> /etc/httpd24/conf.d/mod_remoteip.conf
service httpd24-httpd restart

## file1.txt
# 2.2系以前のApache
Order deny,allow
Deny from all
Allow from <WAFのIPアドレス>

# 2.4系以降のApache
Require all denied
Require ip <WAFのIPアドレス>

//or

# WAFのIPアドレス 以外からのアクセスを拒否
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^(<WAFのIPアドレス1>|<WAFのIPアドレス2>)$
RewriteRule ^.*$ - [F,L]

## file2.sh

iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 80 -j DROP
iptables -I INPUT -p tcp -s <WAFのIPアドレス1> --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -s <WAFのIPアドレス2> --dport 80 -j ACCEPT

iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 443 -j DROP
iptables -I INPUT -p tcp -s <WAFのIPアドレス1> --dport 443 -j ACCEPT
iptables -I INPUT -p tcp -s <WAFのIPアドレス2> --dport 443 -j ACCEPT

service iptables restart
	echo "RemoteIPHeader X-Forwarded-For" > /etc/httpd24/conf.d/mod_remoteip.conf
	echo "RemoteIPTrustedProxy <WAFのIPアドレス１> <WAFのIPアドレス２>" >> /etc/httpd24/conf.d/mod_remoteip.conf
	service httpd24-httpd restart
	# 2.2系以前のApache
	Order deny,allow
	Deny from all
	Allow from <WAFのIPアドレス>

	# 2.4系以降のApache
	Require all denied
	Require ip <WAFのIPアドレス>

	//or

	# WAFのIPアドレス以外からのアクセスを拒否
	RewriteEngine On
	RewriteCond %{REMOTE_ADDR} ^(<WAFのIPアドレス1>\|<WAFのIPアドレス2>)$
	RewriteRule ^.*$ - [F,L]

	iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 80 -j DROP
	iptables -I INPUT -p tcp -s <WAFのIPアドレス1> --dport 80 -j ACCEPT
	iptables -I INPUT -p tcp -s <WAFのIPアドレス2> --dport 80 -j ACCEPT

	iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 443 -j DROP
	iptables -I INPUT -p tcp -s <WAFのIPアドレス1> --dport 443 -j ACCEPT
	iptables -I INPUT -p tcp -s <WAFのIPアドレス2> --dport 443 -j ACCEPT

	service iptables restart