VoidNoble IT Zone https://itzone.tistory.com/ 컴퓨터,프로그래밍,데이터베이스,웹,Javascript,jquery,css,디자인,php,asp,mysql,mssql,node,android,ios ko Tue, 23 Jun 2026 20:31:17 +0900 TISTORY 100 공허공자 VoidNoble IT Zone https://t1.daumcdn.net/cfile/tistory/2241CE47548E3AED36 https://itzone.tistory.com 라이믹스 인증 폼 Captcha 나타나지 않을때 스킨에 강제 추가 https://itzone.tistory.com/768 <p data-ke-size="size16">관리자 페이지에서 Captcha 사용 설정 했는데<br />로그인 페이지에서 나타나지 않을때<br />스킨 html 파일에 강제 추가하는 코드</p> <p data-ke-size="size16">Captcha 서비스 중 Cloudflare Turnstile 적용 사례 :</p> <pre id="code_1749792085236" class="php" data-ke-language="php" data-ke-type="codeblock"><code>{@ $captcha_class = 'Rhymix\\Modules\\Spamfilter\\Captcha\\Turnstile'; $config = ModuleModel::getModuleConfig('spamfilter') ?: new stdClass(); $captcha_class::init($config-&gt;captcha); $captcha = new $captcha_class(); $target_actions = [ 'dispMemberLoginForm', 'procMemberLogin', 'dispMemberSignUpForm', 'procMemberSignUp', 'dispMemberFindAccount', 'procMemberFindAccount', ]; $captcha-&gt;setTargetActions($target_actions); $captcha-&gt;addScripts(); Context::set('captcha', $captcha); } &lt;div class="control-group captcha" cond="isset($captcha)"&gt; {$captcha} &lt;/div&gt;</code></pre> <p data-ke-size="size16">&nbsp;</p> 웹프로그래밍/PHP CAPTCHA rhymix 라이믹스 공허공자 https://itzone.tistory.com/768 https://itzone.tistory.com/768#entry768comment Fri, 13 Jun 2025 14:26:05 +0900 CrowdSec 방화벽 다중 서버 셋팅 https://itzone.tistory.com/767 <p><figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-filename="crowdsec_logo.jpg" data-origin-width="2312" data-origin-height="1561"><span data-url="https://blog.kakaocdn.net/dn/czaCWX/btsOsQI7NLB/VvUzb1wQ3Elfgds6Kg0se0/img.jpg" data-phocus="https://blog.kakaocdn.net/dn/czaCWX/btsOsQI7NLB/VvUzb1wQ3Elfgds6Kg0se0/img.jpg" data-alt="CrowdSec logo"><img src="https://blog.kakaocdn.net/dn/czaCWX/btsOsQI7NLB/VvUzb1wQ3Elfgds6Kg0se0/img.jpg" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FczaCWX%2FbtsOsQI7NLB%2FVvUzb1wQ3Elfgds6Kg0se0%2Fimg.jpg" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="2312" height="1561" data-filename="crowdsec_logo.jpg" data-origin-width="2312" data-origin-height="1561"/></span><figcaption>CrowdSec logo</figcaption> </figure> </p> <h2 data-ke-size="size26"><span style="font-family: 'Noto Sans Demilight', 'Noto Sans KR';">기본 지식</span></h2> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>오픈소스 보안 솔루션</li> <li>분산형 - 다중 서버에서 IP 차단 및 허용 규칙 공유</li> <li>fail2ban의 단일서버 커버리지 단점의 대안</li> <li>에이전트-커맨드센터 구성으로, 여러 서버들의 위협 감지를 한곳에서 가능하게</li> </ul> <hr contenteditable="false" data-ke-type="horizontalRule" data-ke-style="style1" /> <h3 data-ke-size="size23"><span style="font-family: 'Noto Sans Demilight', 'Noto Sans KR';">구성요소</span></h3> <h4 data-ke-size="size20"><span style="font-family: 'Noto Sans Light';">Collection</span></h4> <p data-ke-size="size16">파서 + 시나리오 + 포스트 오버플로우 <b>묶음</b></p> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Crowdsec Hub에서 다양한 컬렉션을 찾아 설치 가능.</li> <li><b>파서 (Parsers):</b> Fail2ban의 패턴 매칭과 유사하게 로그 파일을 필터링하는 역할을 합니다. SSH 서비스의 경우, 실패한 로그인 시도만 골라내는 식입니다.</li> <li><b>시나리오 (Scenarios):</b> 특정한 상황을 나타내는 임계값 역할을 합니다. 예를 들어 SSH 서비스에서 60초 동안 10번의 로그인 실패가 있을 경우, 무차별 대입 공격으로 간주하는 시나리오를 설정할 수 있습니다.</li> <li><b>포스트 오버플로우 (Postoverflows):</b> 컬렉션에 포함될 수 있는 목록입니다.</li> <li>종류 사례 <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>crowdsecurity/sshd SSH를 보호하는 데 필요한 모든 것</li> <li>crowdsecurity/nginx 웹 서버 보호</li> <li>crowdsecurity/linux 일반적인 Linux 로그 및 동작</li> <li>crowdsecurity/wordpress WordPress 관련 공격을 감지합니다.</li> <li>crowdsecurity/mysql MySQL 서비스를 보호합니다</li> </ul> </li> </ul> <h4 data-ke-size="size20"><span style="font-family: 'Noto Sans Light';">Decision</span></h4> <p data-ke-size="size16">탐지된 악성 IP 주소, 범위, 사용자 등에 대해 취해지는 조치</p> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>ip decision의 경우 ipset (iptable 개선판) 차단 및 허용 수행</li> </ul> <h4 data-ke-size="size20"><span style="font-family: 'Noto Sans Light';">Bouncer</span></h4> <p data-ke-size="size16">결정을(조치를) 실행</p> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>에이전트로부터 결정을 받아 해당 IP 주소의 접근을 차단하거나 Captcha를 제시하는 등의 대응 수행</li> <li>CrowdSec 커뮤니티에서 공유된 IP 평판 데이터베이스를 활용하여 악성 IP 주소를 사전에 차단</li> <li>종류 <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><b>Firewall Bouncer</b>: iptables, nftables, ipset, pf 등의 방화벽과 연동하여 IP 주소 차단.</li> <li><b>Traefik Bouncer</b>: Traefik 리버스 프록시와 연동하여 악성 IP의 접근 제어.</li> <li><b>Nginx Bouncer</b>: Nginx와 연동하여 Lua 스크립트를 통해 IP 주소를 검사하고 차단.</li> <li><b>Cloudflare Bouncer</b>: Cloudflare 방화벽과 연동하여 Cloudflare에서 악성 트래픽 차단.</li> </ul> </li> </ul> <h4 data-ke-size="size20"><span style="font-family: 'Noto Sans Light';">Metric</span></h4> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>어떤 로그들을 수집하는가 - 측정 획득 조회&nbsp;</li> <li>yaml 설정 파일에 설정된 사례 <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li class="stata"><code>file:/var/log/auth.log</code></li> <li class="stata"><code>file:/var/log/nginx.access.log </code></li> </ul> </li> </ul> <hr contenteditable="false" data-ke-type="horizontalRule" data-ke-style="style5" /> <h2 data-ke-size="size26"><span style="font-family: 'Noto Sans Demilight', 'Noto Sans KR';">다중 서버 설정</span></h2> <h3 data-ke-size="size23"><span style="font-family: 'Noto Sans Light';">개요</span></h3> <pre class="angelscript"><code>172.26.0.0/16 Private Network ├── lapi (172.26.0.10) - LAPI 서버 (중앙 집중식) ├── web1 (172.26.0.11) - Agent + Bouncer └── web2 (172.26.0.12) - Agent + Bouncer </code></pre> <p data-ke-size="size16">lapi 서버가 중앙 LAPI 서버 역할을 하고, <br />web1과 web2는 에이전트로 LAPI 서버에 알림을 전송하며, <br />모든 서버에 동일한 차단 룰을 공유.</p> <h3 data-ke-size="size23"><span style="font-family: 'Noto Sans Light';">공통 설치</span></h3> <p data-ke-size="size16">CrowdSec 설치</p> <pre class="bash" data-ke-language="bash"><code># CrowdSec 저장소 추가 및 설치 curl -s https://install.crowdsec.net | sudo sh &amp;&amp; \ command -v cscli &amp;&amp; \ cscli status</code></pre> <p data-ke-size="size16">관리자 또는 관리사무실의 WAN IP를 whitelist 결정으로 등록</p> <pre class="armasm"><code>sudo cscli decisions add --ip &lt;관리자IP&gt; --type whitelist </code></pre> <p data-ke-size="size16">IP 허용 목록 생성하고 허용할 IP들 추가</p> <pre class="bash" data-ke-language="bash"><code>sudo cscli allowlist create my_allowlist -d 'created from the docs' &amp;&amp; \ sudo cscli allowlist add my_allowlist 192.168.0.0/16 &amp;&amp; \ sudo cscli allowlist add my_allowlist 172.16.0.0/12 &amp;&amp; \ sudo cscli allowlist add my_allowlist 10.0.0.0/8 &amp;&amp; \ sudo cscli allowlist add my_allowlist &lt;관리자IP&gt;/32 &amp;&amp; \ sudo cscli allowlist inspect my_allowlist &amp;&amp; \ sudo systemctl restart crowdsec &amp;&amp; \ sudo systemctl status crowdsec --no-pager --full</code></pre> <h3 data-ke-size="size23"><span style="font-family: 'Noto Sans Light';">LAPI 서버 설정</span></h3> <p data-ke-size="size16"><span style="color: #eb5757;" data-token-index="0">/etc/crowdsec/config.yaml</span> 파일을 편집하여 모든 인터페이스에서 수신하도록 설정</p> <pre class="yaml"><code>api: server: listen_uri: 0.0.0.0:8080 trusted_ips: - 127.0.0.1 - ::1 - 172.26.0.0/16 # Allow private network </code></pre> <p data-ke-size="size16"><span style="font-family: 'Noto Sans Light';">CrowdSec 서비스 시작</span></p> <pre class="bash" data-ke-language="bash"><code>sudo systemctl enable crowdsec &amp;&amp; \ sudo systemctl start crowdsec &amp;&amp; \ sudo systemctl enable crowdsec-firewall-bouncer &amp;&amp; \ sudo systemctl start crowdsec-firewall-bouncer</code></pre> <p data-ke-size="size16">LAPI 상태 확인</p> <pre class="ebnf"><code>sudo cscli lapi status </code></pre> <p data-ke-size="size16">바운서 추가</p> <pre class="armasm"><code>sudo cscli bouncers add WebBouncer </code></pre> <p data-ke-size="size16">생성된 바운서 API Key는 <br />각 web 서버들의 <span style="color: #ef5369;">/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml</span> 파일 항목 중&nbsp;<br />api_key 값으로 아래에서 지정 예정이므로 별도 기록해두기</p> <pre class="xquery"><code>API key for 'WebBouncer': ulOPOSWxLcD8LaNmOMKOkYaG7AQYY+qZ2ho7pPyCAIU Please keep this key since you will not be able to retrieve it! </code></pre> <pre class="awk"><code>ls -al /etc/crowdsec/bouncers/ </code></pre> <p data-ke-size="size16">바운서 구성 파일 확인 <span style="color: #eb5757;" data-token-index="1">/</span><span style="color: #eb5757;" data-token-index="1">etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml</span></p> <pre class="bash" data-ke-language="bash"><code>api_url: http://127.0.0.1:8080/ api_key: &lt;lapi-bouncer에서 생성된 API 키&gt;</code></pre> <h3 data-ke-size="size23"><span style="font-family: 'Noto Sans Light';">web1 서버 설정 (Agent + Bouncer)</span></h3> <p data-ke-size="size16">CrowdSec 설치</p> <pre class="bash" data-ke-language="bash"><code>sudo apt install -y crowdsec-firewall-bouncer-iptables &amp;&amp; \ sudo cscli allowlist inspect my_allowlist &amp;&amp; \ sudo cscli allowlist add my_allowlist 127.0.0.1 &amp;&amp; \ sudo cscli allowlist inspect my_allowlist &amp;&amp; \ sudo cscli metrics show acquisition &amp;&amp; \ sudo cscli console enroll -e context cmbiut885000bju0871etz588 &amp;&amp; \ sudo cscli allowlist inspect my_allowlist &amp;&amp; \ sudo systemctl restart crowdsec &amp;&amp; \ sudo systemctl status crowdsec --no-pager --full</code></pre> <pre class="bash" data-ke-language="bash"><code>sudo cscli collections list &amp;&amp; \ sudo cscli collections install crowdsecurity/whitelist-good-actors &amp;&amp; \ sudo cscli allowlist add my_allowlist 10.0.0.0/8 &amp;&amp; \ sudo cscli allowlist add my_allowlist 172.26.0.0/16 &amp;&amp; \ sudo cscli allowlist add my_allowlist 192.168.0.0/16 &amp;&amp; \ sudo systemctl reload crowdsec &amp;&amp; \ sudo systemctl status crowdsec --no-pager --full</code></pre> <pre class="dart"><code>sudo cscli metrics show decisions </code></pre> <h4 data-ke-size="size20"><span style="font-family: 'Noto Sans Light';">Agent 구성 (LAPI 비활성화)</span></h4> <p data-ke-size="size16"><span style="color: #eb5757;" data-token-index="0">/etc/crowdsec/config.yaml</span>에서 로컬 API 서버 섹션을 제거하거나 비활성화</p> <pre class="yaml"><code>api: server: enable: false # Add this listen_uri: 127.0.0.1:8080 </code></pre> <h4 data-ke-size="size20"><span style="font-family: 'Noto Sans Light';">로컬 API 자격 증명 구성</span></h4> <p data-ke-size="size16"><span style="color: #eb5757;" data-token-index="0">/etc/crowdsec/local_api_credentials.yaml</span> 파일 편집</p> <pre class="bash" data-ke-language="bash"><code>url: http://172.26.0.10:8080 login: web1 password: &lt;설정된 대로 놔두기, 수정하지 마시오&gt;</code></pre> <h4 data-ke-size="size20"><span style="font-family: 'Noto Sans Light';">방화벽 바운서 설치 및 구성</span></h4> <pre class="mipsasm"><code>sudo apt install -y crowdsec-firewall-bouncer-iptables </code></pre> <pre class="awk"><code>sudo vim /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml </code></pre> <p data-ke-size="size16"><span style="color: #ef5369;">/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml</span>&nbsp;파일의 api_url 값을 LAPI 서버로 지정</p> <pre class="bash" data-ke-language="bash"><code>api_url: http://172.26.0.10:8080/ api_key: &lt;LAPI 머신 bouncer에 지정되어 있는 API 키&gt;</code></pre> <p data-ke-size="size16">서비스 시작</p> <pre class="bash" data-ke-language="bash"><code>sudo systemctl enable crowdsec &amp;&amp; \ sudo systemctl start crowdsec &amp;&amp; \ sudo systemctl status crowdsec --no-pager --full &amp;&amp; \ sudo systemctl enable crowdsec-firewall-bouncer &amp;&amp; \ sudo systemctl start crowdsec-firewall-bouncer &amp;&amp; \ sudo systemctl status --no-pager --full</code></pre> <p data-ke-size="size16">LAPI 서버에 web 서버 등록</p> <pre class="bash" data-ke-language="bash"><code>sudo cscli lapi register --machine web1 --url "http://172.26.0.10:8080"</code></pre> <h3 data-ke-size="size23"><span style="font-family: 'Noto Sans Light';">web2 서버 설정 (Agent + Bouncer)</span></h3> <p data-ke-size="size16"><b>web1</b>과 동일한 과정을 반복하되, 머신 이름을를 <b>web2</b>로 수행</p> <h2 data-ke-size="size26"><span style="font-family: 'Noto Sans Demilight', 'Noto Sans KR';">LAPI 서버에서 머신 승인</span></h2> <p data-ke-size="size16">각 에이전트가 등록을 요청한 후, log 서버에서 승인:</p> <pre class="properties"><code># 머신 목록 조회 sudo cscli machines list # 머신 승인 sudo cscli machines validate web1 sudo cscli machines validate web2 </code></pre> <h2 data-ke-size="size26"><span style="font-family: 'Noto Sans Demilight', 'Noto Sans KR';">설정 확인 및 테스트</span></h2> <p data-ke-size="size16"><span style="font-family: AppleSDGothicNeo-Regular, 'Malgun Gothic', '맑은 고딕', dotum, 돋움, sans-serif;">각 서버에서 상태 확인</span></p> <pre class="bash" data-ke-language="bash"><code># CrowdSec 상태 확인 sudo systemctl status crowdsec --no-pager --full # 메트릭 확인 sudo cscli metrics sudo cscli metrics show acquisition # 결정 목록 확인 sudo cscli decisions list # 바운서 상태 확인 sudo cscli bouncers list # 컬렉션 목록 조회 sudo cscli collections list # 수집 시나리오 목록 조회 sudo cscli scenarios list</code></pre> <h3 data-ke-size="size23"><span style="font-family: 'Noto Sans Light';">차단 테스트</span></h3> <p data-ke-size="size16">lapi 서버에서 테스트 IP 차단 추가</p> <pre class="angelscript"><code># 테스트 IP 차단 (5분간) sudo cscli decisions add -t ban -d 5m -i 1.2.3.4 </code></pre> <p data-ke-size="size16">모든 서버에서 차단 룰 동기화 확인</p> <pre class="bash" data-ke-language="bash"><code># 각 서버에서 실행 sudo cscli decisions list &amp;&amp; \ sudo ipset list | grep 1.2.3.4</code></pre> <h2 data-ke-size="size26"><span style="font-family: 'Noto Sans Demilight', 'Noto Sans KR';">로그 모니터링 설정</span></h2> <p data-ke-size="size16">각 서버에서 적절한 로그 파일 모니터링 설정</p> <h3 data-ke-size="size23"><span style="font-family: 'Noto Sans Light';">web1, web2 서버</span></h3> <p data-ke-size="size16"><span style="color: #eb5757;" data-token-index="0">/etc/crowdsec/acquis.yaml</span></p> <pre class="maxima"><code>filenames: - /var/log/nginx/access.log - /var/log/nginx/error.log - /var/log/apache2/access.log - /var/log/apache2/error.log labels: type: nginx --- filenames: - /var/log/auth.log - /var/log/syslog labels: type: syslog </code></pre> <hr contenteditable="false" data-ke-type="horizontalRule" data-ke-style="style1" /> <h2 data-ke-size="size26"><span style="font-family: 'Noto Sans Demilight', 'Noto Sans KR';">업데이트&nbsp;자동화</span></h2> <p data-ke-size="size16">정기적인 상태 확인 및 업데이트를 위해<br />모든 서버에서 정기적으로 실행 스케쥴링</p> <pre class="ebnf"><code>sudo crontab -e </code></pre> <pre class="basic"><code>0 4 * * * cscli hub update &amp;&amp; cscli hub upgrade </code></pre> <hr contenteditable="false" data-ke-type="horizontalRule" data-ke-style="style1" /> <h2 style="color: #000000; text-align: start;" data-ke-size="size26"><span style="font-family: 'Noto Sans Demilight', 'Noto Sans KR';">선택사항</span></h2> <h3 style="color: #000000; text-align: start;" data-ke-size="size23"><span style="font-family: 'Noto Sans Light';">대시보드</span></h3> <p style="color: #333333; text-align: start;" data-ke-size="size16">LAPI 서버에서 Metabase 대시보드 설정</p> <pre class="angelscript" style="background-color: #f8f8f8; color: #383a42; text-align: start;"><code>sudo cscli dashboard setup -l 0.0.0.0 -p 3000 --password your-dashboard-password </code></pre> <h3 style="color: #000000; text-align: start;" data-ke-size="size23"><span style="font-family: 'Noto Sans Light';">WordPress 특화 설정 (web1, web2)</span></h3> <p style="color: #333333; text-align: start;" data-ke-size="size16">WordPress 서버에 특화된 컬렉션 설치</p> <pre class="properties" style="background-color: #f8f8f8; color: #383a42; text-align: start;" data-ke-language="bash"><code>sudo cscli hub update &amp;&amp; \ sudo cscli collections install -y crowdsecurity/wordpress &amp;&amp; \ sudo systemctl reload crowdsec</code></pre> <hr contenteditable="false" data-ke-type="horizontalRule" data-ke-style="style5" /> <h2 data-ke-size="size26"><span style="font-family: 'Noto Sans Demilight', 'Noto Sans KR';">참고</span></h2> <figure id="og_1749524328104" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="website" data-og-title="CrowdSec: The Open-Source IPS That Fights Back Against Real-World Attacks | by Muhammed Dhulkifli k - Freedium" data-og-description=" Index 1. What Is CrowdSec? 2. How to Install CrowdSec on Ubuntu 3. What Are CrowdSec Bouncers? 4. How to Install the iptables Bouncer 5. Official Documentation 6. How CrowdSec Detects Threats: Parsers, Scenarios &amp; Collections 7. Understanding acquis.y" data-og-host="freedium.cfd" data-og-source-url="https://freedium.cfd/https://medium.com/@muhammeddhulkiflik/crowdsec-the-open-source-ips-that-fights-back-against-real-world-attacks-704b7992fcc1" data-og-url="https://freedium.cfd/https://medium.com/@muhammeddhulkiflik/crowdsec-the-open-source-ips-that-fights-back-against-real-world-attacks-704b7992fcc1" data-og-image="https://scrap.kakaocdn.net/dn/19kEJ/hyY784vfS5/h3pKDYnfYnfhdbho7iE5F1/img.png?width=700&amp;height=427&amp;face=0_0_700_427,https://scrap.kakaocdn.net/dn/cKZw8x/hyY5cN4thV/kBe9Sv6n2NJjsOjEl9n8E1/img.png?width=700&amp;height=425&amp;face=0_0_700_425,https://scrap.kakaocdn.net/dn/Apro8/hyY4bV7gUo/EtSOZ3lamMosK3PCfnFGF1/img.png?width=635&amp;height=353&amp;face=0_0_635_353"><a href="https://freedium.cfd/https://medium.com/@muhammeddhulkiflik/crowdsec-the-open-source-ips-that-fights-back-against-real-world-attacks-704b7992fcc1" target="_blank" rel="noopener" data-source-url="https://freedium.cfd/https://medium.com/@muhammeddhulkiflik/crowdsec-the-open-source-ips-that-fights-back-against-real-world-attacks-704b7992fcc1"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/19kEJ/hyY784vfS5/h3pKDYnfYnfhdbho7iE5F1/img.png?width=700&amp;height=427&amp;face=0_0_700_427,https://scrap.kakaocdn.net/dn/cKZw8x/hyY5cN4thV/kBe9Sv6n2NJjsOjEl9n8E1/img.png?width=700&amp;height=425&amp;face=0_0_700_425,https://scrap.kakaocdn.net/dn/Apro8/hyY4bV7gUo/EtSOZ3lamMosK3PCfnFGF1/img.png?width=635&amp;height=353&amp;face=0_0_635_353');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">CrowdSec: The Open-Source IPS That Fights Back Against Real-World Attacks | by Muhammed Dhulkifli k - Freedium</p> <p class="og-desc" data-ke-size="size16"> Index 1. What Is CrowdSec? 2. How to Install CrowdSec on Ubuntu 3. What Are CrowdSec Bouncers? 4. How to Install the iptables Bouncer 5. Official Documentation 6. How CrowdSec Detects Threats: Parsers, Scenarios &amp; Collections 7. Understanding acquis.y</p> <p class="og-host" data-ke-size="size16">freedium.cfd</p> </div> </a></figure> <figure id="og_1749524323601" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="website" data-og-title="About multi-server setup | CrowdSec" data-og-description="Introduction" data-og-host="docs.crowdsec.net" data-og-source-url="https://docs.crowdsec.net/u/user_guides/multiserver_setup/" data-og-url="https://docs.crowdsec.net/u/user_guides/multiserver_setup" data-og-image="https://scrap.kakaocdn.net/dn/ftgkk/hyY4bBPyjO/KWkwtMUa9Ko53RjyHMkqYk/img.png?width=1200&amp;height=630&amp;face=0_0_1200_630,https://scrap.kakaocdn.net/dn/ceTNuD/hyY73B7UbD/I8lHZhWa4j5kCUxhe8xYTK/img.png?width=1200&amp;height=630&amp;face=0_0_1200_630,https://scrap.kakaocdn.net/dn/nr00O/hyY45uCgE5/PdBnHGkJ7uDTdjpoYRFSi1/img.png?width=2312&amp;height=1561&amp;face=0_0_2312_1561"><a href="https://docs.crowdsec.net/u/user_guides/multiserver_setup/" target="_blank" rel="noopener" data-source-url="https://docs.crowdsec.net/u/user_guides/multiserver_setup/"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/ftgkk/hyY4bBPyjO/KWkwtMUa9Ko53RjyHMkqYk/img.png?width=1200&amp;height=630&amp;face=0_0_1200_630,https://scrap.kakaocdn.net/dn/ceTNuD/hyY73B7UbD/I8lHZhWa4j5kCUxhe8xYTK/img.png?width=1200&amp;height=630&amp;face=0_0_1200_630,https://scrap.kakaocdn.net/dn/nr00O/hyY45uCgE5/PdBnHGkJ7uDTdjpoYRFSi1/img.png?width=2312&amp;height=1561&amp;face=0_0_2312_1561');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">About multi-server setup | CrowdSec</p> <p class="og-desc" data-ke-size="size16">Introduction</p> <p class="og-host" data-ke-size="size16">docs.crowdsec.net</p> </div> </a></figure> <p data-ke-size="size16">&nbsp;</p> 보안 crowdsec fail2ban Firewall ipset iptable Linux Security 방화벽 보안 공허공자 https://itzone.tistory.com/767 https://itzone.tistory.com/767#entry767comment Mon, 9 Jun 2025 17:45:28 +0900 Ubuntu Nginx 웹서버 기본 보안 설정 https://itzone.tistory.com/766 <blockquote data-ke-style="style3">"개발용으로 셋팅하는데 귀찮으니 안해야지"<br />라는 생각을 가지면 오만임.<br /><br />운영레벨로 승격하지 않은 개발이나 스테이징 서버에서&nbsp;<br />알수없는 트래픽과 CPU 스파이크를 경험하게 될 것이고&nbsp;<br />웹서버 액세스 로그를 보면&nbsp;<br />해킹 스캔 기록이 엄청나게 발생하는것을 목도하게 될 것.</blockquote> <p data-ke-size="size14">Ubuntu OS 기반에 Nginx 웹서버 선택하여 진행함.</p> <h2 data-ke-size="size26">설정 요소들</h2> <p data-ke-size="size16">Nginx 웹서버, WAF, UFW 방화벽, Fail2Ban, Ubuntu 자동 업데이트</p> <hr contenteditable="false" data-ke-type="horizontalRule" data-ke-style="style4" /> <h2 data-ke-size="size26">Nginx 가상호스트 설정</h2> <pre class="bash" data-ke-language="bash"><code>http { #...... # Declare 단일 클라이언트 ip 주소의 모든 페이지에 대해 1초에 5건의 요청 처리로 제한 limit_req_zone $binary_remote_addr zone=badbot:10m rate=10r/s; limit_req_status 444; # Declare 각 클라이언트 IP 주소의 모든 페이지에 대해 동시 연결 제한 ## 10m == 10MB의 메모리를 할당하여 대략 16만 개의 IP 주소 저장 limit_conn_zone $binary_remote_addr zone=ddos:10m; server { listen 80; listen [::]:80; server_name _; # https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker # 참고하여 include "nginx-ultimate-bad-bot-blocker.conf" # request method 제한 add_header Allow "GET, POST, HEAD" always; if ( $request_method !~ ^(GET|POST|HEAD|PUT|PATCH)$ ) { return 405; } # Limit the size of POST requests client_max_body_size 1M; # Timeout settings defend Slowloris attack client_body_timeout 12s; client_header_timeout 12s; keepalive_timeout 5s 5s; send_timeout 10s; location / { #...... # limit_req_zone 선언 사용 ## burst: 초과 허용량 설정. 초과 요청이 즉시 거부되지 않고 대기열에 들어간 다음 지정된 요청 비율에 따라 처리될 수 있음을 의미 ## nodelay: 선언시 초과 요청들은 지정된 비율에 따라 대기열에 들어가지 않고 즉시 처리. burst 값 이내의 요청은 추가 지연 없이 처리 limit_req zone=badbot burst=5 nodelay; # 각 클라이언트 IP 주소의 모든 페이지에 대해 동시 10개 이하의 연결만 열도록 제한 limit_conn ddos 10; #...... } location /admin { # 관리자 IP만 접속 허용 allow xxx.xxx.xxx.xxx/32; allow 192.168.1.0/24; deny all; #...... } #...... } }</code></pre> <h3 data-ke-size="size23">Nginx ultimate bad bot blocker</h3> <p data-ke-size="size16"><a href="https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker">https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker</a></p> <h2 data-ke-size="size26">IP 차단 자동화</h2> <h3 data-ke-size="size23">Fail2ban</h3> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>지정한 기간동안 IP 차단 자동화</li> <li>차단시 iptables 사용하니 셋팅 되어 있어야 함.</li> <li>ubuntu는 ufw 사용하는게 제어가 쉬움 <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>ufw는 명령어가 쉽도록 간략화한 iptables wrapper cli repl</li> </ul> </li> </ul> <h4 data-ke-size="size20">Fail2ban 설치</h4> <pre class="bash" data-ke-language="bash"><code>sudo apt update &amp;&amp; \ sudo apt install -y ufw fail2ban &amp;&amp; \ sudo systemctl start fail2ban &amp;&amp; \ sudo systemctl enable fail2ban &amp;&amp; \ sudo systemctl status fail2ban --no-pager --full &amp;&amp; \ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local &amp;&amp; \ sudo vi /etc/fail2ban/jail.local</code></pre> <pre class="bash" data-ke-language="bash"><code>[DEFAULT] ignoreip = 127.0.0.1/8 ::1 172.16.0.0/12 192.168.0.0/16 xxx.xxx.xxx.xxx/32 bantime = 7d findtime = 1d maxretry = 2 banaction = ufw banaction_allports = ufw</code></pre> <pre class="bash" data-ke-language="bash"><code>sudo systemctl restart fail2ban &amp;&amp; \ sudo fail2ban-client status</code></pre> <pre class="bash" data-ke-language="bash"><code>sudo ufw default deny incoming &amp;&amp; \ sudo ufw default allow outgoing &amp;&amp; \ sudo ufw allow in 80/tcp &amp;&amp; \ sudo ufw allow in 443/tcp &amp;&amp; \ sudo ufw allow out 80/tcp &amp;&amp; \ sudo ufw allow out 443/tcp &amp;&amp; \ sudo ufw allow in 22/tcp &amp;&amp; \ sudo ufw limit 22/tcp comment 'Allow 6 connections over 30 seconds' &amp;&amp; \ sudo ufw allow out 53/udp &amp;&amp; \ sudo ufw allow out 25/tcp &amp;&amp; \ sudo ufw enable &amp;&amp; \ sudo ufw status verbose</code></pre> <pre class="bash" data-ke-language="bash"><code>sudo ufw delete allow in 22/tcp &amp;&amp; \ sudo ufw allow from 192.168.0.0/16 to any port 22 proto tcp</code></pre> <pre class="vim"><code>sudo vi /etc/rsyslog.d/20-ufw.conf </code></pre> <pre class="vim"><code># Log kernel generated UFW log messages to file :msg,contains,"[UFW " /var/log/ufw.log # Uncomment the following to stop logging anything that matches the last rule. # Doing this will stop logging kernel generated UFW log messages to the file # normally containing kern.* messages (eg, /var/log/kern.log) &amp; stop </code></pre> <pre class="bash" data-ke-language="bash"><code>sudo touch /var/log/ufw.log &amp;&amp; \ sudo chown syslog:adm /var/log/ufw.log &amp;&amp; \ sudo chmod o-r /var/log/ufw.log &amp;&amp; \ sudo systemctl restart rsyslog</code></pre> <pre class="awk"><code>sudo ls -alt /etc/fail2ban/filter.d/nginx* </code></pre> <pre class="bash" data-ke-language="bash"><code>sudo bash -c 'cat &gt; /etc/fail2ban/filter.d/nginx-sslerror.conf &lt;&lt;EOF [Definition] failregex = SSL_do_handshake\(\) failed .+ while SSL handshaking, client: &lt;HOST&gt;, server: .+ ignoreregex = datepattern = {^LN-BEG}%%ExY(?P&lt;_sep&gt;[-/.])%%m(?P=_sep)%%d[T ]%%H:%%M:%%S(?:[.,]%%f)?(?:\s*%%z)? ^[^\[]*\[({DATE}) {^LN-BEG} EOF' &amp;&amp; \ sudo bash -c 'cat &gt; /etc/fail2ban/filter.d/nginx-4xx.conf &lt;&lt;EOF [Definition] failregex = ^&lt;HOST&gt;.*"(GET|POST).*" (404|444|403|400) .*$ ignoreregex = .*(robots.txt|favicon.ico|jpg|png) EOF' &amp;&amp; \ sudo bash -c 'cat &gt; /etc/fail2ban/filter.d/nginx-forbidden.conf &lt;&lt;EOF [Definition] failregex = directory index of .+ is forbidden, client: &lt;HOST&gt;, server: .+ ignoreregex = EOF' &amp;&amp; \ sudo bash -c 'cat &gt; /etc/fail2ban/filter.d/ufw.conf &lt;&lt;EOF [Definition] failregex = [UFW BLOCK].+SRC=&lt;HOST&gt; DST ignoreregex = EOF'</code></pre> <pre class="bash" data-ke-language="bash"><code>sudo bash -c 'cat &gt; /etc/fail2ban/jail.d/custom.conf &lt;&lt;EOF [sshd] enabled = true [nginx-4xx] enabled = true port = http,https filter = nginx-4xx logpath = %(nginx_access_log)s [nginx-http-auth] enabled = true port = http,https filter = nginx-http-auth logpath = %(nginx_access_log)s [nginx-botsearch] enabled = true port = http,https filter = nginx-botsearch logpath = %(nginx_access_log)s [nginx-forbidden] enabled = true port = http,https filter = nginx-forbidden logpath = %(nginx_access_log)s [nginx-sslerror] enabled = false port = http,https filter = nginx-sslerror logpath = %(nginx_access_log)s [ufw] enabled = true filter = ufw logpath = /var/log/ufw.log EOF'</code></pre> <pre class="bash" data-ke-language="bash"><code>sudo systemctl restart fail2ban &amp;&amp; \ sudo systemctl status fail2ban --no-pager --full &amp;&amp; \ sudo fail2ban-client status</code></pre> <pre class="bash" data-ke-language="bash"><code>cd ~ &amp;&amp; \ vi fail2ban-status.sh</code></pre> <pre class="bash" data-ke-language="bash"><code>#!/usr/bin/env bash for jail in $(sudo fail2ban-client status | grep 'Jail list:' | sed 's/.*://;s/,//g'); do echo "Jail: $jail"; sudo fail2ban-client status $jail | grep 'Banned IP'; done</code></pre> <pre class="bash" data-ke-language="bash"><code>chmod +x fail2ban-status.sh &amp;&amp; \ ./fail2ban-status.sh</code></pre> <h2 data-ke-size="size26">리눅스 자동 업데이트</h2> <pre class="bash" data-ke-language="bash"><code>sudo apt install -y unattended-upgrades &amp;&amp; \ sudo dpkg-reconfigure --priority=low unattended-upgrades &amp;&amp; \ sudo systemctl status unattended-upgrades --no-pager --full</code></pre> <p data-ke-size="size16">Confirm 선택 화면 뜨면 YES 선택</p> <p data-ke-size="size16">&nbsp;</p> <h2 data-ke-size="size26">참고자료</h2> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li><a href="https://scalastic.io/en/ufw-fail2ban-nginx/">https://scalastic.io/en/ufw-fail2ban-nginx/</a></li> <li><a href="https://mytory.net/archives/13142">https://mytory.net/archives/13142</a></li> <li><a href="https://linuxhandbook.com/ufw-logs/">https://linuxhandbook.com/ufw-logs/</a></li> <li><a href="https://blog.fernvenue.com/archives/ufw-with-fail2ban/">https://blog.fernvenue.com/archives/ufw-with-fail2ban/</a> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li><b>/var/log/ufw.log 나중에 생기는 문제 예방 가이드</b></li> <li>/etc/fail2ban/filter.d/ufw.conf 없어서 발생하는 경고 해결 가이드</li> </ol> </li> <li><a href="https://gist.github.com/bartosjiri/f7e2e6a6c8890be7f5992470ac4c9350">https://gist.github.com/bartosjiri/f7e2e6a6c8890be7f5992470ac4c9350</a></li> <li><a href="https://webdock.io/en/docs/how-guides/security-guides/configuring-ufw-and-fail2ban-mitigate-basic-ddos-attacks">https://webdock.io/en/docs/how-guides/security-guides/configuring-ufw-and-fail2ban-mitigate-basic-ddos-attacks</a></li> </ol> 보안 EC2 lightsail Linux nginx Security ubuntu vm 가상머신 보안 서버 공허공자 https://itzone.tistory.com/766 https://itzone.tistory.com/766#entry766comment Wed, 4 Jun 2025 00:49:38 +0900 Nginx + 무료 웹방화벽 Modsecurity 3.x 조합 Docker 셋팅 https://itzone.tistory.com/765 <p data-ke-size="size16">Nginx 웹프록시를 주로 사용하는데 <br />AWS에서 PoC 운영중이던 서비스를 <br />비용 절감 위해 오라클 클라우드 무료 서버로 옮기고 <br />Whatap 모니터링 걸어놓고 놔뒀는데 <br />트래픽이 없을게 확실한 서버에서 이상하게도 CPU 로드 Whatap Alert이 간간히 발생하여 <br />Nginx access 로그를 확인해보니 <br />해커 스캔봇이 열심히 활동하여 <br />쓸데없고 보안에 해로운 트래픽을 유발시키고 있었음. <br />하여, WAF(웹어플리케이션 방화벽) 도입을 검토하게 되었고 <br />리서치 후 사용 비용이 없는 Modsecurity로 결정.</p> <p data-ke-size="size16">Modsecurity를 Apache 웹서버는 매우 쉽게 붙일 수 있는데 그에 비해 Nginx는 번거롭고 정리된 최근 레퍼런스 너무 없음.</p> <p data-ke-size="size16">Nginx + Modsecurity 조합을 <br />로컬 개발 환경인 macOS에도 구축하고 <br />Ubuntu 서버에 그대로 셋팅하려니 번거로워서 docker 기반 구성 결정함.</p> <h1>docker compose 구성</h1> <h2 data-ke-size="size26">Modsecurity 도커 이미지</h2> <p data-ke-size="size16">⚠️ docker hub에서 Modsecurity 검색해보면 <a href="https://hub.docker.com/r/owasp/modsecurity">https://hub.docker.com/r/owasp/modsecurity</a> 뜨는데 deprecated</p> <p data-ke-size="size16">OWASP CRS 컨테이너 이미지 (<a href="https://hub.docker.com/r/owasp/modsecurity-crs">https://hub.docker.com/r/owasp/modsecurity-crs</a>)</p> <pre class="groovy"><code>image: owasp/modsecurity-crs:nginx </code></pre> <p data-ke-size="size16">저 이미지로 하나의 (도커) 서비스를 구성하고 별도로 nginx를 해야 되나 궁금했는데 nginx와 통합된 이미지였음.</p> <p data-ke-size="size16">expose 포트를 host 80포트에 binding 하면 mac에서 웹서비스에 http로 엑세스 할 수 있을거라는 추측 가능.</p> <pre class="dts"><code>services: # 리버스프록시+웹방화벽 nginx: image: owasp/modsecurity-crs:nginx container_name: nginx hostname: nginx labels: - dev.orbstack.domains=cashdab.orb.local restart: always # &lt;https://github.com/coreruleset/modsecurity-crs-docker?tab=readme-ov-file#common-env-variables&gt; environment: - TZ=Asia/Seoul # nginx proxy_pass 정의 - BACKEND=http://web:8000 - ERRORLOG=/var/log/nginx/error.log #- SERVER_NAME=_ # &lt;https://github.com/coreruleset/modsecurity-crs-docker?tab=readme-ov-file#nginx-env-variables&gt; # 앞단에 Cloudflare 사용시 실제 IP 정의 - REAL_IP_HEADER=CF-Connecting-IP ports: # 호스트 : 도커 컨테이너 내부에서 expose된 포트 - "80:8080" volumes: - ./docker/modsecurity/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf - ./docker/modsecurity/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf networks: - shared_network links: - web:web depends_on: - web # 로그 로테이션: 로그 크기 자동 관리 logging: driver: "json-file" options: max-size: "10m" max-file: "5" networks: shared_network: driver: bridge </code></pre> <h1>Modsecurity 설정</h1> <h2 data-ke-size="size26">규칙 설정</h2> <p data-ke-size="size16">관리자 페이지 경로, 특정 IP 및 대역만 가능하게</p> <pre class="perl"><code># Restrict /health and not in ip range SecRule REQUEST_URI "@beginsWith /health" "id:1000,phase:1,deny,status:403,log,msg:'Access to /health denied for non-authorized IP %{REMOTE_ADDR}',chain" SecRule REMOTE_ADDR "!@ipMatch 127.0.0.1,10.0.0.0/8,172.16.0.0/16,192.168.0.0/16" "t:none" </code></pre> <h3 data-ke-size="size23">테스트</h3> <p data-ke-size="size16">웹브라우저나 curl 사용하여 /admin 접속해서 테스트.</p> <p data-ke-size="size16">&nbsp;</p> <h1>Reference</h1> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>ModSecurity 룰셋 메뉴얼 <a href="https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-%28v3.x%29">Reference Manual (v3.x)</a></li> <li>ModSecurity-CRS-Docker <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><a href="https://github.com/coreruleset/modsecurity-crs-docker?tab=readme-ov-file#common-env-variables">GitHub - coreruleset/modsecurity-crs-docker: Official ModSecurity Docker + Core Rule Set (CRS) images</a></li> <li>ModSecurity 공용 환경변수 <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><a href="https://github.com/coreruleset/modsecurity-crs-docker?tab=readme-ov-file#common-env-variables">https://github.com/coreruleset/modsecurity-crs-docker?tab=readme-ov-file#common-env-variables</a></li> </ul> </li> <li>Nginx 환경변수 <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><a href="https://github.com/coreruleset/modsecurity-crs-docker#nginx-env-variables">https://github.com/coreruleset/modsecurity-crs-docker#nginx-env-variables</a></li> </ul> </li> <li>docker-compose.yml 샘플 <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><a href="https://github.com/coreruleset/modsecurity-crs-docker/blob/main/docker-compose.yaml">https://github.com/coreruleset/modsecurity-crs-docker/blob/main/docker-compose.yaml</a></li> </ul> </li> </ul> </li> </ul> 보안 modsecurity nginx Security WAF 방화벽 보안 웹방화벽 공허공자 https://itzone.tistory.com/765 https://itzone.tistory.com/765#entry765comment Thu, 29 May 2025 17:50:54 +0900 Nginx 무료 에디션 위한 무료 WAF(웹방화벽) https://itzone.tistory.com/764 <p data-ke-size="size14">Nginx access.log 확인 해서 .env 또는 .git 등 해커의 스캔 기록 있다면 반드시 적용을 권장함.</p> <h2 data-ke-size="size26">SafeLine</h2> <figure id="og_1748446994323" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="object" data-og-title="GitHub - chaitin/SafeLine: SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from" data-og-description="SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits. - chaitin/SafeLine" data-og-host="github.com" data-og-source-url="https://github.com/chaitin/SafeLine" data-og-url="https://github.com/chaitin/SafeLine" data-og-image="https://scrap.kakaocdn.net/dn/72sT0/hyY0iGM4xS/OM2KkMYZhjWmpq4zkTMHIK/img.png?width=1280&amp;height=640&amp;face=0_0_1280_640,https://scrap.kakaocdn.net/dn/mjrSf/hyYYu2QP7l/O8x8kh32FXmVNuw5a3KH10/img.png?width=1280&amp;height=640&amp;face=0_0_1280_640"><a href="https://github.com/chaitin/SafeLine" target="_blank" rel="noopener" data-source-url="https://github.com/chaitin/SafeLine"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/72sT0/hyY0iGM4xS/OM2KkMYZhjWmpq4zkTMHIK/img.png?width=1280&amp;height=640&amp;face=0_0_1280_640,https://scrap.kakaocdn.net/dn/mjrSf/hyYYu2QP7l/O8x8kh32FXmVNuw5a3KH10/img.png?width=1280&amp;height=640&amp;face=0_0_1280_640');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">GitHub - chaitin/SafeLine: SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from</p> <p class="og-desc" data-ke-size="size16">SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits. - chaitin/SafeLine</p> <p class="og-host" data-ke-size="size16">github.com</p> </div> </a></figure> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>Github Star: 16.6K (2025-05 기준)</li> <li>중국인 메인테이너</li> <li><a href="https://ly.safepoint.cloud/laA8asp">홈페이지</a>,&nbsp;<a href="https://ly.safepoint.cloud/hSMd4SH">데모</a>, <a href="https://ly.safepoint.cloud/w2AeHhb">문서</a></li> <li>쉬운 설치 지원 - 터미널 명령 한줄</li> <li>웹관리자 지원</li> <li>DB 서버 조합으로 무거운 인프라 구성 <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>웹서버 인스턴스 외 별도 서버로 구성해야 하므로 비용을 더 써야 함</li> </ol> </li> </ol> <h2 data-ke-size="size26">ModSecurity</h2> <figure id="og_1748447095866" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="object" data-og-title="GitHub - owasp-modsecurity/ModSecurity: ModSecurity is an open source, cross platform web application firewall (WAF) engine for " data-og-description="ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a rang..." data-og-host="github.com" data-og-source-url="https://github.com/owasp-modsecurity/ModSecurity" data-og-url="https://github.com/owasp-modsecurity/ModSecurity" data-og-image="https://scrap.kakaocdn.net/dn/IAyUD/hyY09vYnnX/OoITadv1lV8Fg7KlvGHk4K/img.png?width=1200&amp;height=600&amp;face=0_0_1200_600,https://scrap.kakaocdn.net/dn/ceGEOi/hyY0s3IBUA/voJILmGscUdnE7jPuq4kMk/img.png?width=1200&amp;height=600&amp;face=0_0_1200_600"><a href="https://github.com/owasp-modsecurity/ModSecurity" target="_blank" rel="noopener" data-source-url="https://github.com/owasp-modsecurity/ModSecurity"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/IAyUD/hyY09vYnnX/OoITadv1lV8Fg7KlvGHk4K/img.png?width=1200&amp;height=600&amp;face=0_0_1200_600,https://scrap.kakaocdn.net/dn/ceGEOi/hyY0s3IBUA/voJILmGscUdnE7jPuq4kMk/img.png?width=1200&amp;height=600&amp;face=0_0_1200_600');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">GitHub - owasp-modsecurity/ModSecurity: ModSecurity is an open source, cross platform web application firewall (WAF) engine for</p> <p class="og-desc" data-ke-size="size16">ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a rang...</p> <p class="og-host" data-ke-size="size16">github.com</p> </div> </a></figure> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li><span style="color: #333333; text-align: left;">Github Star:<span> 8.9K<span style="color: #333333; text-align: left;"><span>&nbsp;</span>(2025-05 기준)</span></span></span></li> <li>매우 유명 - 검증되었다 그리고 오래되었다</li> <li>룰 설정을 conf 파일에 하므로 가벼운 인프라 구성 <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>가난한 개인이나 회사라면 이 프로그램 선택해야 함</li> </ol> </li> </ol> <h2 data-ke-size="size26">Patterns</h2> <p data-ke-size="size16"><a href="https://github.com/fabriziosalmi/patterns" target="_blank" rel="noopener&nbsp;noreferrer">https://github.com/fabriziosalmi/patterns</a></p> <figure id="og_1748570559026" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="object" data-og-title="GitHub - fabriziosalmi/patterns: Automated OWASP CRS and Bad Bot Detection for Nginx, Apache, Traefik and HaProxy" data-og-description="Automated OWASP CRS and Bad Bot Detection for Nginx, Apache, Traefik and HaProxy - fabriziosalmi/patterns" data-og-host="github.com" data-og-source-url="https://github.com/fabriziosalmi/patterns" data-og-url="https://github.com/fabriziosalmi/patterns" data-og-image="https://scrap.kakaocdn.net/dn/9L7cz/hyY1jr2ir5/7WPEwHb3JttMkMVOZNHrPk/img.png?width=1200&amp;height=600&amp;face=0_0_1200_600,https://scrap.kakaocdn.net/dn/qZzSY/hyY1dSTl9N/TA2ze4lQ0cv5lPMKkgCBh0/img.png?width=1200&amp;height=600&amp;face=0_0_1200_600"><a href="https://github.com/fabriziosalmi/patterns" target="_blank" rel="noopener" data-source-url="https://github.com/fabriziosalmi/patterns"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/9L7cz/hyY1jr2ir5/7WPEwHb3JttMkMVOZNHrPk/img.png?width=1200&amp;height=600&amp;face=0_0_1200_600,https://scrap.kakaocdn.net/dn/qZzSY/hyY1dSTl9N/TA2ze4lQ0cv5lPMKkgCBh0/img.png?width=1200&amp;height=600&amp;face=0_0_1200_600');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">GitHub - fabriziosalmi/patterns: Automated OWASP CRS and Bad Bot Detection for Nginx, Apache, Traefik and HaProxy</p> <p class="og-desc" data-ke-size="size16">Automated OWASP CRS and Bad Bot Detection for Nginx, Apache, Traefik and HaProxy - fabriziosalmi/patterns</p> <p class="og-host" data-ke-size="size16">github.com</p> </div> </a></figure> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li><span style="color: #333333; text-align: left;">Github Star:<span><span>&nbsp;</span>278<span style="color: #333333; text-align: left;"><span>&nbsp;</span>(2025-05 기준)</span></span></span></li> <li><span style="color: #333333; text-align: left;">룰 설정을 conf 파일에 하므로 가벼운 인프라 구성</span> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>러닝커브 낮음 - nginx conf 지식만 있다면</li> </ol> </li> <li>설치 제일 간편 <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>nginx conf에 include 후 systemctl&nbsp;reload<span style="color: #333333; text-align: left;"><span>&nbsp;</span></span>nginx</li> </ol> </li> <li><span style="color: #333333; text-align: left;">nginx외에도 Apache, Traefik, Haproxy 지원</span> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li><span style="color: #333333; text-align: left;">Caddy는 동일 메인테이너의 별도 프로젝트 <a href="https://github.com/fabriziosalmi/caddy-waf" target="_blank" rel="noopener&nbsp;noreferrer">https://github.com/fabriziosalmi/caddy-waf</a></span></li> </ol> </li> </ol> <h2 data-ke-size="size26">BunkerWeb</h2> <figure id="og_1748447152180" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="object" data-og-title="GitHub - bunkerity/bunkerweb: ️ Open-source and next-generation Web Application Firewall (WAF)" data-og-description=" ️ Open-source and next-generation Web Application Firewall (WAF) - bunkerity/bunkerweb" data-og-host="github.com" data-og-source-url="https://github.com/bunkerity/bunkerweb" data-og-url="https://github.com/bunkerity/bunkerweb" data-og-image="https://scrap.kakaocdn.net/dn/brx3Gf/hyY1iNevff/tn9AiDu2Gwe3DWOOjYQ381/img.png?width=1280&amp;height=640&amp;face=0_0_1280_640,https://scrap.kakaocdn.net/dn/Pa4d8/hyYYFDiHic/LNmyHgRbPSjsBeBPPfLMbK/img.png?width=1280&amp;height=640&amp;face=0_0_1280_640"><a href="https://github.com/bunkerity/bunkerweb" target="_blank" rel="noopener" data-source-url="https://github.com/bunkerity/bunkerweb"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/brx3Gf/hyY1iNevff/tn9AiDu2Gwe3DWOOjYQ381/img.png?width=1280&amp;height=640&amp;face=0_0_1280_640,https://scrap.kakaocdn.net/dn/Pa4d8/hyYYFDiHic/LNmyHgRbPSjsBeBPPfLMbK/img.png?width=1280&amp;height=640&amp;face=0_0_1280_640');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">GitHub - bunkerity/bunkerweb: ️ Open-source and next-generation Web Application Firewall (WAF)</p> <p class="og-desc" data-ke-size="size16"> ️ Open-source and next-generation Web Application Firewall (WAF) - bunkerity/bunkerweb</p> <p class="og-host" data-ke-size="size16">github.com</p> </div> </a></figure> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>Github Star:<span style="color: #333333; text-align: left;"><span> 8K<span style="color: #333333; text-align: left;"><span>&nbsp;</span>(2025-05 기준)</span></span></span></li> <li><a href="https://www.bunkerweb.io/?utm_campaign=self&amp;utm_source=github">홈페이지</a>, <a href="https://demo.bunkerweb.io/?utm_campaign=self&amp;utm_source=github">데모</a>, <a href="https://docs.bunkerweb.io/?utm_campaign=self&amp;utm_source=github">문서</a> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>레퍼런스, 포럼 잘 준비되어 있음</li> </ol> </li> <li>웹관리자 지원</li> <li>플러그인도 있고 구성이 다양하고 유연함.</li> <li>Anti-exploit, anti-bot, rate-limiting 기능 없음.</li> <li>DB 서버 조합으로 무거운 인프라 구성 <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>웹서버 인스턴스 외 별도 서버로 구성해야 하므로 비용을 더 써야 함</li> </ol> </li> </ol> <h2 data-ke-size="size26">aaWAF</h2> <figure id="og_1748447230524" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="object" data-og-title="GitHub - aaPanel/aaWAF: 堡塔云WAF,宝塔免费(free)的私有云网站应用防火墙(firewall),基于docker/nginx/lua开" data-og-description="堡塔云WAF,宝塔免费(free)的私有云网站应用防火墙(firewall),基于docker/nginx/lua开发 - aaPanel/aaWAF" data-og-host="github.com" data-og-source-url="https://github.com/aaPanel/aaWAF" data-og-url="https://github.com/aaPanel/aaWAF" data-og-image="https://scrap.kakaocdn.net/dn/xbof5/hyY1bAyZ2r/5WIxbwtYH6gkoXvnVJwMPk/img.png?width=1200&amp;height=600&amp;face=0_0_1200_600,https://scrap.kakaocdn.net/dn/c5193x/hyY1jeiCwN/uYFSA9NbLjnHfLcZwZ1UpK/img.png?width=1200&amp;height=600&amp;face=0_0_1200_600"><a href="https://github.com/aaPanel/aaWAF" target="_blank" rel="noopener" data-source-url="https://github.com/aaPanel/aaWAF"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/xbof5/hyY1bAyZ2r/5WIxbwtYH6gkoXvnVJwMPk/img.png?width=1200&amp;height=600&amp;face=0_0_1200_600,https://scrap.kakaocdn.net/dn/c5193x/hyY1jeiCwN/uYFSA9NbLjnHfLcZwZ1UpK/img.png?width=1200&amp;height=600&amp;face=0_0_1200_600');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">GitHub - aaPanel/aaWAF: 堡塔云WAF,宝塔免费(free)的私有云网站应用防火墙(firewall),基于docker/nginx/lua开</p> <p class="og-desc" data-ke-size="size16">堡塔云WAF,宝塔免费(free)的私有云网站应用防火墙(firewall),基于docker/nginx/lua开发 - aaPanel/aaWAF</p> <p class="og-host" data-ke-size="size16">github.com</p> </div> </a></figure> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>Github Star:<span style="color: #333333; text-align: left;"><span> 472<span style="color: #333333; text-align: left;"><span>&nbsp;</span>(2025-05 기준)</span></span></span></li> <li>중국인 메인테이너</li> <li>영문 설치 메뉴얼 <a href="https://github.com/aaPanel/aaWAF/blob/main/english.md">https://github.com/aaPanel/aaWAF/blob/main/english.md</a></li> <li>홈페이지(<a href="https://www.bt.cn/new/btwaf.html">https://www.bt.cn/new/btwaf.html</a>) <a href="https://btwaf-demo.bt.cn:8379/c0edce7a">데모 보기</a></li> <li>쉬운 설치 지원 - 터미널 명령 한줄</li> <li>웹관리자 지원 <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>Attack map - 세계 지도에서 패킷이 날아오는 에니메이션 지원하는 비쥬얼 인상적 <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li><a href="https://github.com/aaPanel/aaWAF/blob/main/img/wafMap.png">https://github.com/aaPanel/aaWAF/blob/main/img/wafMap.png</a></li> </ol> </li> </ol> </li> <li>무료버젼 제한사항 <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>클러스터 보호 모드 없음</li> </ol> </li> <li>주로 중국어 지원이라 국제화가 아쉬움</li> </ol> <h2 data-ke-size="size26">uuWAF</h2> <figure id="og_1748447267798" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="object" data-og-title="GitHub - Safe3/uuWAF: An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Se" data-og-description="An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF. - Safe3/uuWAF" data-og-host="github.com" data-og-source-url="https://github.com/Safe3/uuWAF" data-og-url="https://github.com/Safe3/uuWAF" data-og-image="https://scrap.kakaocdn.net/dn/Lklr4/hyYYuBLQVf/UvaZrCdKK87ZvVWuYkpKg0/img.png?width=1881&amp;height=897&amp;face=0_0_1881_897,https://scrap.kakaocdn.net/dn/c21qDL/hyY0tauGvl/RUJz7jYAL3gvkLDn7K9f6k/img.png?width=1881&amp;height=897&amp;face=0_0_1881_897"><a href="https://github.com/Safe3/uuWAF" target="_blank" rel="noopener" data-source-url="https://github.com/Safe3/uuWAF"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/Lklr4/hyYYuBLQVf/UvaZrCdKK87ZvVWuYkpKg0/img.png?width=1881&amp;height=897&amp;face=0_0_1881_897,https://scrap.kakaocdn.net/dn/c21qDL/hyY0tauGvl/RUJz7jYAL3gvkLDn7K9f6k/img.png?width=1881&amp;height=897&amp;face=0_0_1881_897');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">GitHub - Safe3/uuWAF: An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Se</p> <p class="og-desc" data-ke-size="size16">An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF. - Safe3/uuWAF</p> <p class="og-host" data-ke-size="size16">github.com</p> </div> </a></figure> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>Github Star:<span style="color: #333333; text-align: left;"><span><span> 1.1K<span style="color: #333333; text-align: left;"><span>&nbsp;</span>(2025-05 기준)</span></span></span></span></li> <li>중국인 메인테이너</li> <li>홈페이지 : <a href="https://uuwaf.uusec.com/">https://uuwaf.uusec.com/</a></li> <li>커뮤니티 에디션이 무료 오픈소스</li> <li>쉬운 설치 지원 - 터미널 명령 몇줄</li> <li>웹관리자 지원</li> <li>Mysql 서버 조합으로 무거운 인프라 구성 <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>웹서버 인스턴스 외 별도 서버로 구성해야 하므로 비용을 더 써야 함</li> </ol> </li> <li>업그레이드 이슈 : 부분 업그레이드 지원 안되고 전체 재설치 해야 함.</li> </ol> 보안 modsecurity nginx WAF 무료 공허공자 https://itzone.tistory.com/764 https://itzone.tistory.com/764#entry764comment Thu, 29 May 2025 01:01:23 +0900 로컬 컴퓨터에서 LLM 실행 방법들 https://itzone.tistory.com/763 <p data-ke-size="size16">Ollama, LMStudio, vLLM, LamaCPP</p> <h1>1. Ollama</h1> <p data-ke-size="size16">터미널에서 실행할 수 있는 오픈소스 LLM</p> <p data-ke-size="size16">설치 명령:</p> <pre class="vim"><code>curl -sSfL https://ollama.com/download.sh | sh</code></pre> <p data-ke-size="size16">모델 실행 명령:</p> <pre class="dockerfile"><code>ollama run &lt;모델명&gt;</code></pre> <p data-ke-size="size16">터미널 명령 다양한 옵션 지원되니 모델을 여러 옵션으로 커스터마이징 실행하기 좋아하는 유저에 추천. </p> <h1>2. LMStudio</h1> <p data-ke-size="size16">GUI 기반 LLM 실행 환경</p> <p data-ke-size="size16">설치 명령:</p> <pre class="crmsh"><code>git clone https://github.com/LMStudio/LMStudio.git cd LMStudio npm install</code></pre> <p data-ke-size="size16">실행 명령:</p> <pre class="coffeescript"><code>npm start</code></pre> <p data-ke-size="size16">GUI 환경으로 사용이 편리하므로 모든 유저에 추천. </p> <h1>3. vLLM</h1> <p data-ke-size="size16">고성능 LLM을 위한 경량화된 솔루션</p> <p data-ke-size="size16">설치 명령:</p> <pre class="cmake"><code>pip install vllm</code></pre> <p data-ke-size="size16">실행 명령:</p> <pre class="dockerfile"><code>vllm run &lt;모델명&gt;</code></pre> <p data-ke-size="size16">메모리 사용량을 최소화하면서도 빠른 속도가 장점이니 성능충에 추천. </p> <h1>4. LamaCPP</h1> <p data-ke-size="size16">C++ 기반의 LLM 실행 환경으로, 성능이 뛰어남</p> <p data-ke-size="size16">설치 명령:</p> <pre class="vim"><code>git clone https://github.com/LamaCPP/LamaCPP.git cd LamaCPP mkdir build &amp;&amp; cd build cmake .. make</code></pre> <p data-ke-size="size16">실행 명령:</p> <pre class="xml"><code>./LamaCPP &lt;모델명&gt;</code></pre> <p data-ke-size="size16">성능 최적화가 잘 되어 있어서, 대규모 모델을 효율적으로 실행 가능하며 C++에 익숙한 사용자에게 추천. </p> AI ai Lama lamacpp LLM lmstudio ollama vllm 공허공자 https://itzone.tistory.com/763 https://itzone.tistory.com/763#entry763comment Tue, 27 May 2025 20:27:50 +0900 AI MCP 개인적 요약 https://itzone.tistory.com/762 <h1>Model Context Protocol</h1> <p data-ke-size="size16">LLM 앱과 연결할때 통신 규약</p> <h1>MCP Client</h1> <p data-ke-size="size16"><a href="https://claude.ai/">https://claude.ai/</a> 채팅 사이트에 <b>웹브라우저</b>로 접속 했을때</p> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>웹브라우저가 Client이다.</li> <li>웹브라우저가 LLM 서버의 Client이다.</li> <li>웹브라우저가 LLM 서버의 채팅 Client이다.</li> </ol> <h1>MCP Server</h1> <p data-ke-size="size16">LLM이 못하는 기능들을 LLM 명령에 따라 수행하는 서버.</p> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>Client에 채팅창에 https fetch 해서 학습 뒤 어떤 답변해달라 프롬프팅</li> <li>LLM 자체는 말만 알아듣고 위 URL의 문서를 fetch하는 기능은 하지 못하기에 <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>요즘은 LLM 채팅에서 URL fetch 기능도 수행 하지만...</li> </ol> </li> <li>LLM의 명령을 받아 URL fetch 기능을 수행하는 Server를 만들고 <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>이 서버가 MCP 서버</li> <li>이 서버에 LLM 명령 프로토콜(MCP)로 입력하고 출력받음</li> </ol> </li> <li>LLM에 MCP fetch server 연결해두면 LLM이 해당 서버에 fetch 명령 내리고 응답 받아옴</li> </ol> <p data-ke-size="size16">예를들어, LLM 채팅창에 아래와 같이 프롬프트 명령 내렸다 가정 :</p> <pre class="armasm"><code>장고 사이트를 만드려고 하는데 코딩시 Django 문서(&lt;https://docs.djangoproject.com/ko/5.2/&gt;)를 참고해서 아래 Instruction에 따라 만들어줘. # Instruction 1. bla bla bla bla bla 2. bla bla bla bla bla 3. bla bla bla bla bla ...... </code></pre> <p data-ke-size="size16">MCP 없이 LLM에 질문했을때의 답변은 <br />'URL에 연결할 수 없습니다.', <br />'bla.py 소스 코드는 다음과 같습니다'라는 식으로 소스 코드를 알려주고 끝남.</p> <p data-ke-size="size16">fetch 기능이 있는 MCP 연결 상태에서라면&nbsp;<br />Django URL 문서를 fetch하고 조회하고&nbsp;<br />bla bla 작업에 반영함.</p> AI ai LLM mcp 공허공자 https://itzone.tistory.com/762 https://itzone.tistory.com/762#entry762comment Mon, 5 May 2025 21:30:19 +0900 macOS 로컬 HTTPS 위한 TLS/SSL 인증서 쉽게 만들기 https://itzone.tistory.com/761 <p data-ke-size="size16">터미널 명령 실행</p> <pre id="code_1746111099907" class="bash" data-ke-language="bash" data-ke-type="codeblock"><code>brew install mkcert mkcert -key-file key.pem -cert-file cert.pem localhost mkcert -install</code></pre> <p data-ke-size="size16">&nbsp;</p> OS-서버-서비스/macOS https local Mac macos ssl tls 로컬 인증서 공허공자 https://itzone.tistory.com/761 https://itzone.tistory.com/761#entry761comment Thu, 1 May 2025 23:54:37 +0900 VSCode에서 Gemini AI API 바이브 코딩 사용 리뷰 - 429 오류 응답 https://itzone.tistory.com/760 <p data-ke-size="size16">Visual Studio Code에서 Roo code 플러그인으로 요즘 유행중인 AI 바이브 코딩이었는데<br />두번째 프롬프트 명령 내린 후 수행이 좀 되다가 아래 스샷과 같이 429 상태 오류 응답 발생함.</p> <p><figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-filename="gemini-api-response-429-error.png" data-origin-width="2066" data-origin-height="2632"><span data-url="https://blog.kakaocdn.net/dn/cLYhrY/btsNAP5av5s/eLiTll7jdmAKy35WoUe6X1/img.png" data-phocus="https://blog.kakaocdn.net/dn/cLYhrY/btsNAP5av5s/eLiTll7jdmAKy35WoUe6X1/img.png" data-alt="Gemini AI API Request Failed. got status 429 Too Many Requests error."><img src="https://blog.kakaocdn.net/dn/cLYhrY/btsNAP5av5s/eLiTll7jdmAKy35WoUe6X1/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcLYhrY%2FbtsNAP5av5s%2FeLiTll7jdmAKy35WoUe6X1%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="2066" height="2632" data-filename="gemini-api-response-429-error.png" data-origin-width="2066" data-origin-height="2632"/></span><figcaption>Gemini AI API Request Failed. got status 429 Too Many Requests error.</figcaption> </figure> </p> <p data-ke-size="size16">AI API 호출을 너무 여러번 숨쉴 틈 없이 하는게 부하를 줘서 그런가보다~ 추측하고</p> <p data-ke-size="size16">Root Code 설정 중 Rate limit을 30초로 늘려보았으나&nbsp;<br />AI API 요청을 간격 위 설정과 관계없이&nbsp;<br />바로 바로 해버려서 동일 오류 계속 발생!</p> <p data-ke-size="size16">해결책은?</p> 개발 옆차기 429 ai cline Gemini roocode vibe coding Visual Studio Code Vive VSCode 바이브 코딩 공허공자 https://itzone.tistory.com/760 https://itzone.tistory.com/760#entry760comment Sun, 27 Apr 2025 23:34:36 +0900 macOS의 Spotlight, Alfred, Raycast 에서 한글 파일명 검색 안될때 https://itzone.tistory.com/759 <pre id="code_1745761309298" class="bash" data-ke-language="bash" data-ke-type="codeblock"><code>sudo -i mdutil -Ea mdutil -ai off mdutil -ai on</code></pre> <p data-ke-size="size16">별안간 어느날 갑자기<br />Sportlight에서 파일 검색이 되지 않음.</p> <p data-ke-size="size16">검색 인덱스가 문제라 짐작하고&nbsp;<br /><span style="color: #333333; text-align: start;">터미널에서 시스템 문제 해결 보고자 하는<span> </span></span>습성에 따라 <br />해결에 필요한 커맨드를 구글링하고 아래와 같이 터미널 명령 수행함.</p> <pre id="code_1745761384406" class="bash" data-ke-language="bash" data-ke-type="codeblock"><code>sudo -i mdutil -Ea mdutil -ai off mdutil -ai on</code></pre> <p data-ke-size="size16">그러나, 영문 파일들은 검색이 되는데 한글 파일이 검색되지 않았음.</p> <p data-ke-size="size16"><b>해결법 요약 :</b> GUI 시스템 설정의 Spotlight 설정의 개인정보 보호 폴더로 지정했다가 해제.</p> <p><figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-filename="스크린샷 2025-04-27 오후 10.30.19.png" data-origin-width="1490" data-origin-height="512"><span data-url="https://blog.kakaocdn.net/dn/c6Bzhb/btsNBwjnOfA/GkuAN7SQGbKIr6Hj1lxu21/img.png" data-phocus="https://blog.kakaocdn.net/dn/c6Bzhb/btsNBwjnOfA/GkuAN7SQGbKIr6Hj1lxu21/img.png" data-alt="Spotlight(또는 Raycast 등)에서 시스템 설정 열기"><img src="https://blog.kakaocdn.net/dn/c6Bzhb/btsNBwjnOfA/GkuAN7SQGbKIr6Hj1lxu21/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fc6Bzhb%2FbtsNBwjnOfA%2FGkuAN7SQGbKIr6Hj1lxu21%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="1490" height="512" data-filename="스크린샷 2025-04-27 오후 10.30.19.png" data-origin-width="1490" data-origin-height="512"/></span><figcaption>Spotlight(또는 Raycast 등)에서 시스템 설정 열기</figcaption> </figure> <figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-filename="스크린샷 2025-04-27 오후 10.31.03.png" data-origin-width="1418" data-origin-height="1422"><span data-url="https://blog.kakaocdn.net/dn/ccohWQ/btsNA5GIa42/FtJulfkIMC95z9Egsd9RNK/img.png" data-phocus="https://blog.kakaocdn.net/dn/ccohWQ/btsNA5GIa42/FtJulfkIMC95z9Egsd9RNK/img.png" data-alt="시스템 설정 창의 Spotlight 메뉴 클릭 후 오른쪽 아래 검색 개인정보 보호 버튼 클릭"><img src="https://blog.kakaocdn.net/dn/ccohWQ/btsNA5GIa42/FtJulfkIMC95z9Egsd9RNK/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FccohWQ%2FbtsNA5GIa42%2FFtJulfkIMC95z9Egsd9RNK%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="1418" height="1422" data-filename="스크린샷 2025-04-27 오후 10.31.03.png" data-origin-width="1418" data-origin-height="1422"/></span><figcaption>시스템 설정 창의 Spotlight 메뉴 클릭 후 오른쪽 아래 검색 개인정보 보호 버튼 클릭</figcaption> </figure> <figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-filename="스크린샷 2025-04-27 오후 10.32.09.png" data-origin-width="1408" data-origin-height="1418"><span data-url="https://blog.kakaocdn.net/dn/bt3aRA/btsNA2iNxCw/aCKbMbKPfy7xnhwXw9oJAk/img.png" data-phocus="https://blog.kakaocdn.net/dn/bt3aRA/btsNA2iNxCw/aCKbMbKPfy7xnhwXw9oJAk/img.png" data-alt="개인정보 보호 모달창의 + 버튼 클릭 후 한글 검색 필요한 폴더 추가 후 10초 기다린 뒤 추가했던 폴더를 - 버튼 클릭하여 제거"><img src="https://blog.kakaocdn.net/dn/bt3aRA/btsNA2iNxCw/aCKbMbKPfy7xnhwXw9oJAk/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fbt3aRA%2FbtsNA2iNxCw%2FaCKbMbKPfy7xnhwXw9oJAk%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="1408" height="1418" data-filename="스크린샷 2025-04-27 오후 10.32.09.png" data-origin-width="1408" data-origin-height="1418"/></span><figcaption>개인정보 보호 모달창의 + 버튼 클릭 후 한글 검색 필요한 폴더 추가 후 10초 기다린 뒤 추가했던 폴더를 - 버튼 클릭하여 제거</figcaption> </figure> </p> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li>Spotlight 단축키로 호출하고 시스템 설정 검색하고 항목에 뜨면 선택하여 실행.</li> <li>좌측 메뉴에서 Sportlight 선택.</li> <li>오른쪽 아래로 스크롤 후 '검색 개인정보 보호' 버튼 클릭.</li> <li>한글 검색 안되는 디스크 또는 폴더를 개인정보 보호 목록으로 드래그 또는 추가(+) 버튼을 클릭하고 선택.</li> <li>몇 초간 기다린 후 추가했던 디스크 또는 폴더를 선택 후 제거(-) 버튼을 클릭. (재인덱싱 시작됨)</li> <li>검색 재인덱싱 시작되는데 정보의 양에 따라 시간이 다소 걸릴 수 있으니 기다렸다가.</li> <li>한글 파일 검색 테스트!</li> </ol> OS-서버-서비스/macOS alfred Mac maos Raycast search spotlight 검색 맥북 한글 한글파일 공허공자 https://itzone.tistory.com/759 https://itzone.tistory.com/759#entry759comment Sun, 27 Apr 2025 22:55:41 +0900