config/debian-security/apache.conf

   1 # push changes with: sudo apache2-vhost-update security-master.debian.org
   2
   3 BrowserMatch ExtractorPro spammer
   4 BrowserMatch EmailSiphon spammer
   5
   6 <Macro SecurityMasterConfiguration>
   7   ServerName security-master.debian.org
   8   ServerAdmin team@security.debian.org
   9
  10   DocumentRoot /srv/security-master.debian.org/htdocs-security-master
  11
  12   ErrorLog /var/log/apache2/security-master.debian.org-error.log
  13   CustomLog /var/log/apache2/security-master.debian.org-access.log combined
  14   LogLevel warn
  15
  16   Alias /debian-security /srv/security.debian.org/archive/debian-security/
  17   Alias /debian-security-buildd /srv/security-master.debian.org/buildd/debian-security-buildd/
  18   Alias /buildd/ /srv/security-master.debian.org/buildd/
  19
  20   <LocationMatch "^/(buildd|buildd-squeeze|buildd-wheezy|debian-security|debian-security-buildd)/">
  21     order deny,allow
  22     deny from all
  23
  24     Use DebianBuilddHostList
  25
  26     # spohr.debian.org - not in list of buildds generated by puppet
  27     allow from 192.25.206.33
  28
  29     # whitelisted for Joerg Jaspert
  30     allow from 78.46.40.15
  31     allow from 2001:4dd0:ff00:df::2
  32     allow from 213.146.108.162
  33     allow from 2a01:198:5d0:0:21c:c0ff:fead:e3a3
  34
  35     AuthName "security.debian.org"
  36     AuthType Basic
  37     AuthUserFile /srv/security-master.debian.org/apache.htpasswd
  38     require valid-user
  39
  40     # either valid IP address or valid user are sufficient
  41     satisfy any
  42   </LocationMatch>
  43 </Macro>
  44
  45 <VirtualHost *:80>
  46   Use SecurityMasterConfiguration
  47   # TODO implement http to https redirection
  48 </VirtualHost>
  49
  50 <VirtualHost *:443>
  51   Use SecurityMasterConfiguration
  52   Use common-debian-service-ssl security-master.debian.org
  53   Use common-ssl-HSTS
  54 </VirtualHost>
  55