{"id":680,"date":"2021-07-21T17:30:41","date_gmt":"2021-07-21T08:30:41","guid":{"rendered":"https:\/\/weseek.co.jp\/tech\/?p=680"},"modified":"2023-04-17T11:36:54","modified_gmt":"2023-04-17T02:36:54","slug":"rails-6%e3%81%a7blocked-host%e3%82%a8%e3%83%a9%e3%83%bc%e3%81%8c%e7%99%ba%e7%94%9f%e3%81%97%e3%81%9f%e3%81%a8%e3%81%8d%e3%81%ae%e5%af%be%e5%87%a6%e6%b3%95","status":"publish","type":"post","link":"https:\/\/weseek.co.jp\/tech\/680\/","title":{"rendered":"Rails6\u3067Blocked host\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u305f\u6642\u306e\u5bfe\u51e6\u6cd5"},"content":{"rendered":"<p>\u3053\u306e\u6295\u7a3f\u306f\u3001\u5f0a\u793e\u304c\u63d0\u4f9b\u3059\u308b<strong>WESEEK TECH\u901a\u4fe1<\/strong>\u306e\u4e00\u74b0\u3067\u3059\u3002<br \/>\nWESEEK TECH\u901a\u4fe1\u3068\u306f\u3001WESEEK\u306e\u30a8\u30f3\u30b8\u30cb\u30a2\u304c\u30ad\u30e3\u30c3\u30c1\u30a2\u30c3\u30d7\u3057\u305f\u6280\u8853\u306b\u95a2\u3059\u308b\u60c5\u5831\u3092\u3001tech\u30d6\u30ed\u30b0\u3092\u901a\u3058\u3066\u5b9a\u671f\u7684\u306b\u767a\u4fe1\u3057\u3066\u3044\u304f\u3082\u306e\u3067\u3059\u3002<\/p>\n<p>\u95a2\u9023\u8a18\u4e8b<\/p>\n<p><a href=\"https:\/\/weseek.co.jp\/tech\/525\/\">\u958b\u767a\u3067\u306e\u30ed\u30c3\u30af\u306e\u91cd\u8981\u6027\u3068ORM\u306e\u30ed\u30c3\u30af\u5b9f\u73fe\u4f8b\u301c\u697d\u89b3\u7684\u30ed\u30c3\u30af\u306e\u5229\u7528\u4f8b|\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af O\/R \u30de\u30c3\u30d1\u30fc<\/a><\/p>\n<p><a href=\"https:\/\/weseek.co.jp\/tech\/137\/\">\u958b\u767a\u3067\u306e\u30ed\u30c3\u30af\u306e\u91cd\u8981\u6027\u3068ORM\u3067\u306e\u30ed\u30c3\u30af\u306e\u5b9f\u73fe\u4f8b |\u697d\u89b3\u7684\u30ed\u30c3\u30af\u306e\u7d39\u4ecb<\/a><\/p>\n<p><a href=\"https:\/\/weseek.co.jp\/tech\/819\/\">Ralis\u3078\u6a5f\u80fd\u30d5\u30e9\u30b0(Feature Flag)\u3092\u8ffd\u52a0\u3057\u5404\u30d5\u30e9\u30b0\u3092\u5236\u5fa1\u3059\u308b<\/a><\/p>\n<p><!--more--><\/p>\n\n<h2>\u30a8\u30e9\u30fc\u306e\u5185\u5bb9<\/h2>\n<p>Rails 6 \u3067\u3001\u4efb\u610f\u306e host \u540d\u3092\u6307\u5b9a\u3057\u3066\u30a2\u30af\u30bb\u30b9\u3092\u3057\u3088\u3046\u3068\u3057\u305f\u3068\u304d\u3001\u4e0b\u8a18\u306e\u3088\u3046\u306a\u30a8\u30e9\u30fc\u304c\u8868\u793a\u3055\u308c\u308b\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<pre><code>Blocked host: hogehoge-host.com\nTo allow requests to hogehoge-host.com, add the following to your environment configuration:\n    config.hosts &lt;&lt; &quot;hogehoge-host.com&quot;<\/code><\/pre>\n<h2>\u539f\u56e0<\/h2>\n<p>Rails 6 \u304b\u3089\u8ffd\u52a0\u3055\u308c\u305f\u3001DNS\u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u3092\u9632\u6b62\u3059\u308b <code>ActionDispatch::HostAuthorization<\/code> middleware \u306b\u3088\u308b\u3082\u306e\u3067\u3059\u3002<\/p>\n<p>\u4e0b\u8a18\u306e Pull Request \u3067\u5b9f\u88c5\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n<p><a href=\"https:\/\/github.com\/rails\/rails\/pull\/33145\">Guard against DNS rebinding attacks by permitting hosts by gsamokovarov \u00b7 Pull Request #33145 \u00b7 rails\/rails \u00b7 GitHub<\/a><\/p>\n<h3>DNS\u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u3068\u306f<\/h3>\n<p>\u653b\u6483\u8005\u304c\u3001\u60aa\u610f\u306e\u3042\u308b Web \u30b5\u30a4\u30c8\u306b\u30e6\u30fc\u30b6\u30fc\u3092\u8a2a\u554f\u3055\u305b\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u3067\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3055\u305b\u307e\u3059\u3002<br \/>\n\u3053\u306e\u3068\u304d\u3001\u653b\u6483\u8005\u306f\u77ed\u6642\u9593\u306b\u30c9\u30e1\u30a4\u30f3 (FQDN) \u306b\u5bfe\u3059\u308b IP \u30a2\u30c9\u30ec\u30b9 (A\u30ec\u30b3\u30fc\u30c9) \u3092\u8106\u5f31\u6027\u306e\u3042\u308b Web \u30b5\u30a4\u30c8\u306b\u5909\u66f4\u3057\u307e\u3059\u3002<br \/>\nFQDN \u306f\u5909\u5316\u3057\u3066\u3044\u306a\u3044\u305f\u3081\u3001\u540c\u4e00\u751f\u6210\u5143\u30dd\u30ea\u30b7\u30fc\u306f\u4fdd\u305f\u308c\u3001\u653b\u6483\u8005\u306e\u7528\u610f\u3057\u305f\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u3001\u8106\u5f31\u6027\u306e\u3042\u308b Web \u30b5\u30a4\u30c8\u306b\u5bfe\u3057\u3066\u653b\u6483\u3092\u4ed5\u639b\u3051\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/DNS_rebinding\">DNS rebinding - Wikipedia<\/a><\/p>\n<h2>\u5bfe\u51e6\u6cd5<\/h2>\n<h3>1. <code>Rails.application.config.hosts<\/code> \u306b\u63a5\u7d9a\u5148\u3068\u3057\u3066\u8a31\u53ef\u3059\u308b Host \u3092\u8ffd\u52a0\u3059\u308b<\/h3>\n<p>development \u74b0\u5883\u3067\u306f\u3001 default \u3067 <code>Rails.application.config.hosts<\/code> \u306b\u4e0b\u8a18\u306e Host \u304c\u767b\u9332\u3055\u308c\u3066\u3044\u307e\u3059\u3002<br \/>\n\u3053\u308c\u4ee5\u5916\u306e Host \u540d\u3068\u3057\u3066\u63a5\u7d9a\u3057\u3088\u3046\u3068\u3059\u308b\u3068\u3001\u30d6\u30ed\u30c3\u30af\u3055\u308c\u308b\u305f\u3081\u3001\u5fc5\u8981\u306a Host \u540d\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n<pre><code> Rails.application.config.hosts = [\n   IPAddr.new(\"0.0.0.0\/0\"), # All IPv4 addresses.\n   IPAddr.new(\"::\/0\"),      # All IPv6 addresses.\n   \"localhost\"              # The localhost reserved domain.\n ]<\/code><\/pre>\n<p>\u8ffd\u52a0\u65b9\u6cd5\u306f\u3001 development \u74b0\u5883\u3067\u3042\u308c\u3070\u3001 <code>config\/environments\/development.rb<\/code> \u306b\u4e0b\u8a18\u306e\u3088\u3046\u306b\u8a18\u8ff0\u3057\u307e\u3059\u3002<\/p>\n<pre><code>Rails.application.configure do\n    config.hosts &lt;&lt; &quot;hogehoge-host.com&quot;\nend<\/code><\/pre>\n<h3>2. <code>Rails.application.config.hosts<\/code> \u306e\u8a2d\u5b9a\u3092 clear \u3059\u308b<\/h3>\n<p><code>Rails.application.config.hosts<\/code> \u306f\u3001\u7a7a\u306e\u5834\u5408\u306f <code>Host<\/code> \u30d8\u30c3\u30c0\u30fc\u306e\u30c1\u30a7\u30c3\u30af\u304c\u884c\u308f\u308c\u306a\u3044\u305f\u3081\u3001\u30d6\u30ed\u30c3\u30af\u3055\u308c\u306a\u304f\u306a\u308a\u307e\u3059\u3002<br \/>\ndevelopment \u74b0\u5883\u4ee5\u5916\u306e\u74b0\u5883 (\u305f\u3068\u3048\u3070 production ) \u3067\u306f\u3001 <code>Rails.application.config.hosts<\/code> \u306f default \u3067\u7a7a\u306e\u305f\u3081\u3001\u30c1\u30a7\u30c3\u30af\u306f\u884c\u308f\u308c\u307e\u305b\u3093\u3002<\/p>\n<p>development \u74b0\u5883\u3067 <code>Host<\/code> \u30d8\u30c3\u30c0\u30fc\u306e\u30c1\u30a7\u30c3\u30af\u3092\u884c\u308f\u306a\u3044\u3088\u3046\u306b\u3059\u308b\u306b\u306f\u3001 <code>config\/environments\/development.rb<\/code> \u306b\u4e0b\u8a18\u306e\u3088\u3046\u306b\u8a18\u8ff0\u3057\u307e\u3059\u3002<\/p>\n<pre><code>Rails.application.configure do\n    config.hosts.clear\nend<\/code><\/pre>\n<p>\u306a\u304a\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u524d\u6bb5\u306b <code>Host<\/code> \u30d8\u30c3\u30c0\u30fc\u3092\u8b58\u5225\u3057\u3066\u632f\u308a\u5206\u3051\u3092\u884c\u3046 LB \u7b49\u304c\u306a\u3044\u5834\u5408\u306f\u3001DNS\u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u304c\u9632\u6b62\u3067\u304d\u306a\u304f\u306a\u308b\u305f\u3081\u3001 development \u74b0\u5883\u4ee5\u5916\u3067\u306f <code>Rails.application.config.hosts<\/code> \u3092\u9069\u5207\u306b\u8a2d\u5b9a\u3055\u308c\u308b\u3053\u3068\u3092\u304a\u3059\u3059\u3081\u3057\u307e\u3059\u3002<\/p>\n<h3>3. <code>ActionDispatch::HostAuthorization<\/code> middleware \u3092\u4f7f\u308f\u306a\u3044\u3088\u3046\u306b\u3059\u308b<\/h3>\n<p>\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u524d\u6bb5\u306b <code>Host<\/code> \u30d8\u30c3\u30c0\u30fc\u3092\u8b58\u5225\u3057\u3066\u632f\u308a\u5206\u3051\u3092\u884c\u3046 LB \u7b49\u304c\u3042\u308a\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u81ea\u4f53\u3067DNS\u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u3092\u9632\u6b62\u3059\u308b\u5fc5\u8981\u304c\u306a\u3044\u5834\u5408\u306f\u3001 <code>ActionDispatch::HostAuthorization<\/code> middleware \u81ea\u4f53\u3092\u30ed\u30fc\u30c9\u3055\u308c\u306a\u3044\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<p><code>config\/application.rb<\/code> \u306b\u4e0b\u8a18\u306e\u3088\u3046\u306b\u8a18\u8ff0\u3057\u307e\u3059\u3002<\/p>\n<pre><code>module HogeApp\n  class Application &lt; Rails::Application\n    onfig.middleware.delete ActionDispatch::HostAuthorization\n  end\nend<\/code><\/pre>\n<h2>\u307e\u3068\u3081<\/h2>\n<p>\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u524d\u6bb5\u306b\u3001 DNS\u30ea\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u653b\u6483\u3092\u9632\u3050\u6a5f\u69cb\u304c\u3042\u308b\u5834\u5408\u306f\u3001\u5bfe\u51e6\u6cd5 2 or 3 \u3092\u3001\u305d\u3046\u3067\u306f\u306a\u3044\u5834\u5408\u306f\u5bfe\u51e6\u6cd5 1 \u3092\u5b9f\u65bd\u3057\u307e\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u3053\u306e\u6295\u7a3f\u306f\u3001\u5f0a\u793e\u304c\u63d0\u4f9b\u3059\u308bWESEEK TECH\u901a\u4fe1\u306e\u4e00\u74b0\u3067\u3059\u3002 WESEEK TECH\u901a\u4fe1\u3068\u306f\u3001WESEEK\u306e\u30a8\u30f3\u30b8\u30cb\u30a2\u304c\u30ad\u30e3\u30c3\u30c1\u30a2\u30c3\u30d7\u3057\u305f\u6280\u8853\u306b\u95a2\u3059\u308b\u60c5\u5831\u3092\u3001tech\u30d6\u30ed\u30b0\u3092\u901a\u3058\u3066\u5b9a\u671f\u7684\u306b\u767a\u4fe1\u3057\u3066\u3044\u304f\u3082\u306e\u3067\u3059\u3002 \u95a2\u9023<\/p>\n","protected":false},"author":2,"featured_media":2132,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[154],"tags":[],"_links":{"self":[{"href":"https:\/\/weseek.co.jp\/tech\/wp-json\/wp\/v2\/posts\/680"}],"collection":[{"href":"https:\/\/weseek.co.jp\/tech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/weseek.co.jp\/tech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/weseek.co.jp\/tech\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/weseek.co.jp\/tech\/wp-json\/wp\/v2\/comments?post=680"}],"version-history":[{"count":13,"href":"https:\/\/weseek.co.jp\/tech\/wp-json\/wp\/v2\/posts\/680\/revisions"}],"predecessor-version":[{"id":4050,"href":"https:\/\/weseek.co.jp\/tech\/wp-json\/wp\/v2\/posts\/680\/revisions\/4050"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/weseek.co.jp\/tech\/wp-json\/wp\/v2\/media\/2132"}],"wp:attachment":[{"href":"https:\/\/weseek.co.jp\/tech\/wp-json\/wp\/v2\/media?parent=680"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/weseek.co.jp\/tech\/wp-json\/wp\/v2\/categories?post=680"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/weseek.co.jp\/tech\/wp-json\/wp\/v2\/tags?post=680"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}