ロードバランサにインストールした SiteShell に対して環境設定します。
SiteShell の環境設定手順は、下記をご参照ください。
InfoCage SiteShell 製品付属マニュアル 「インストールガイド」 の 「3.8.4 環境設定(NW型)」
以下は、「2.2 基本構成」 に沿ったリバースプロキシを行うための設定例です。
1. 仮想Webサイトの設定ファイル VirtualWebSite.csv を作成します。
# cd /opt/SiteShell_NW/
# vi VirtualWebSite.csv
WEBSITE_NAME,IP,FORWARD_IP,FORWARD_PORT,GRP_IP,TEST_MODE,RECIPE_DEF WebSite1,192.168.1.130,192.168.2.30,80,,off,on
WebSite2,192.168.1.140,192.168.2.40,80,,off,on
2. SiteShell の trusted.proxies プロパティを設定します。
trusted.proxies は、攻撃元IPアドレスを特定する精度を向上させるための設定値です。
SiteShell がロードバランサを攻撃元と判定しないように、予めロードバランサに付与する IPアドレスを trusted.proxies に設定しておきます。
# vi config/configuration.properties
~
trusted.proxies=192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.140
~
trusted.proxies については、下記をご参照ください。
InfoCage SiteShell 製品付属マニュアル 「製品説明書」 の 「表 10 ノード設定のプロパティ - 基本動作」
3. SiteShell の設定を行います。
# ./setup.sh
Please enter the path to Java Runtime Environment(JRE) or Java Development Kit(JDK).
Enter 'q' to quit the environmental settings.
JAVA HOME:
/usr/java/jre1.8.0_131/
Please enter the LICENSE ID.
Enter 'i' to running the WAF in the 'Trial Mode'.
Enter 'q' to quit the environmental settings.
LICENSE ID:
****-****-****-****
Please enter the following setting menu.
1. Change the 'JAVA HOME'. [/usr/java/jre1.8.0_131/]
2. Update the license ID. [****-****-****-****]
3. Import the configuration of 'Apache Virtual Web Site'.
4. Export the configuration of 'Apache Virtual Web Site'.
5. Setting to manage by 'Operation Management Console'. * not selectable.
6. Setting to automatically register to 'Operation Management Console'. * not selectable.
7. Setting to automatically keep up-to-date the 'Vulnerability Countermeasures'.
Enter 'q' to go back to the previous menu.
SELECT NUMBER (1-7,q)[q]:
3
Please enter the path of the import configuration file.
Enter 'q' to go back to the previous menu.
FILE PATH [q]:
VirtualWebSite.csv
Update the filter settings of the 'Virtual Web Site'.
Operation vWebSiteName IPaddr ForwardDest:Port NodeGroupID TestMode Protection Add. WebSite1 192.168.1.130 192.168.2.30:80 - off on Add. WebSite2 192.168.1.140 192.168.2.40:80 - off on Want to reflect these filter settings? y/[n]:
y
SiteShellServiceForNW installed.
WAF configuration to the 'Virtual Web Site' was completed.
Settings are reflected by restart of 'Virtual Web Site'.
Restart 'Virtual Web Site' right now? [y]/n:
y
WebSite1 is not running.
Starting : SiteShellNW(WebSite1)
7-Zip (A) [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 p7zip Version 9.20 (locale=C,Utf16=off,HugeFiles=on,2 CPUs)
Processing archive: /opt/SiteShell_NW/config/SiteShell_logic.jar
Extracting recipe/OSC.xml Extracting recipe/PT.xml Extracting recipe/SF.xml Extracting recipe/SQL.xml Extracting recipe/XSS.xml Everything is Ok
Files: 5
Size: 85256 Compressed: 50935
7-Zip (A) [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 p7zip Version 9.20 (locale=C,Utf16=off,HugeFiles=on,2 CPUs)
Processing archive: /opt/SiteShell_NW/config/SiteShell_logic.jar
Extracting CSC.properties
Extracting LogicVersion.properties Everything is Ok
Files: 2 Size: 823 Compressed: 50935
Start OK : SiteShellNW(WebSite1) WebSite2 is not running.
Starting : SiteShellNW(WebSite2)
7-Zip (A) [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 p7zip Version 9.20 (locale=C,Utf16=off,HugeFiles=on,2 CPUs)
Processing archive: /opt/SiteShell_NW/config/SiteShell_logic.jar
Extracting recipe/OSC.xml Extracting recipe/PT.xml Extracting recipe/SF.xml Extracting recipe/SQL.xml Extracting recipe/XSS.xml Everything is Ok
Files: 5
Size: 85256 Compressed: 50935
7-Zip (A) [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 p7zip Version 9.20 (locale=C,Utf16=off,HugeFiles=on,2 CPUs)
Processing archive: /opt/SiteShell_NW/config/SiteShell_logic.jar
Extracting CSC.properties
Extracting LogicVersion.properties Everything is Ok
Files: 2 Size: 823 Compressed: 50935
Start OK : SiteShellNW(WebSite2)
Configuration changes of the WAF service is completed.
Configuration is reflected in restart of WAF service.
Restart WAF service right now? [y]/n:
y
Starting SiteShellServiceForNW SiteShellServiceForNW was started
Please enter the following setting menu.
1. Change the 'JAVA HOME'. [/usr/java/jre1.8.0_73/]
2. Update the license ID. [****-****-****-****]
3. Import the configuration of 'Apache Virtual Web Site'.
4. Export the configuration of 'Apache Virtual Web Site'.
5. Setting to manage by 'Operation Management Console'.
6. Setting to automatically register to 'Operation Management Console'.
7. Setting to automatically keep up-to-date the 'Vulnerability Countermeasures'.
Enter 'q' to go back to the previous menu.
SELECT NUMBER (1-7,q)[q]:
q
負荷分散環境の構築
本節では、ロードバランサの L7負荷分散の設定手順を説明します。
本手順はマスタサーバで行います。
L7負荷分散の設定手順は、下記をご参照ください。
InterSec/LB 製品付属マニュアル 「ユーザーズガイド」