X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=config%2Fdebian-security%2Fapache.conf;h=4886ab0d60336967c53bbe8817918f5a66be06cc;hb=e3afeb722a6057e96d646155bfdea066bf2a21bf;hp=b2ae925ad5ad6175f1ba1061b24bc6e71dea2e74;hpb=1932206c4696333cd2723083b65b92d36d5188fc;p=dak.git
diff --git a/config/debian-security/apache.conf b/config/debian-security/apache.conf
index b2ae925a..4886ab0d 100644
--- a/config/debian-security/apache.conf
+++ b/config/debian-security/apache.conf
@@ -1,135 +1,55 @@
-# pretend this is in a vhost
- ServerAdmin team@security.debian.org
- DocumentRoot /srv/security-master.debian.org/htdocs-security-master
- ServerName security-master.debian.org
+# push changes with: sudo apache2-vhost-update security-master.debian.org
- ErrorLog /var/log/apache2/security-master.debian.org-error.log
- LogLevel warn
- CustomLog /var/log/apache2/security-master.debian.org-access.log combined
+BrowserMatch ExtractorPro spammer
+BrowserMatch EmailSiphon spammer
+
+ ServerName security-master.debian.org
+ ServerAdmin team@security.debian.org
- Alias /debian-security /org/security.debian.org/archive/debian-security/
- Alias /buildd/ /org/security-master.debian.org/buildd/
+ DocumentRoot /srv/security-master.debian.org/htdocs-security-master
- #RewriteEngine on
- #RewriteRule ^/$ http://www.debian.org/security/
+ ErrorLog /var/log/apache2/security-master.debian.org-error.log
+ CustomLog /var/log/apache2/security-master.debian.org-access.log combined
+ LogLevel warn
- # New suite aliases
- Alias /buildd-lenny /srv/security-master.debian.org/buildd/lenny/
- Alias /buildd-squeeze /srv/security-master.debian.org/buildd/squeeze/
+ Alias /debian-security /org/security.debian.org/archive/debian-security/
+ Alias /debian-security-buildd /srv/security-master.debian.org/buildd/debian-security-buildd/
+ Alias /buildd/ /org/security-master.debian.org/buildd/
- # BuildD access list
-
- order deny,allow
- deny from all
+
+ order deny,allow
+ deny from all
- # i386
- # brahms
- allow from 206.12.19.115
- allow from 2607:f8f0:610:4000:216:36ff:fe40:3802
- # murphy
- allow from 70.103.162.31
- # biber
- allow from 194.177.211.204
- allow from 2001:648:2ffc:deb:214:22ff:feb2:1268
+ Use DebianBuilddHostList
- # amd64
- # barber
- allow from 194.177.211.203
- allow from 2001:648:2ffc:deb:214:22ff:feb2:2370
+ # spohr.debian.org - not in list of buildds generated by puppet
+ allow from 192.25.206.33
- # armel
- # ancina
- allow from 157.193.39.13
- # arnold
- allow from 217.140.96.57
- # alain
- allow from 217.140.96.58
- # alwyn
- allow from 217.140.96.59
- # antheil
- allow from 217.140.96.60
+ # whitelisted for Joerg Jaspert
+ allow from 78.46.40.15
+ allow from 2001:4dd0:ff00:df::2
+ allow from 213.146.108.162
+ allow from 2a01:198:5d0:0:21c:c0ff:fead:e3a3
- # alpha
- # goetz
- allow from 193.62.202.26
+ AuthName "security.debian.org"
+ AuthType Basic
+ AuthUserFile /org/security-master.debian.org/apache.htpasswd
+ require valid-user
- # samosa
- allow from 192.25.206.57
- # spohr
- allow from 192.25.206.33
+ # either valid IP address or valid user are sufficient
+ satisfy any
+
+
- # mipsel
- # rem
- allow from 82.195.75.68
- allow from 2001:41b8:202:deb:202:4cff:fefe:d06
- # mayer
- allow from 140.211.166.78
- allow from 2001:6f8:1173:2:202:4cff:fefe:d06
+
+ Use SecurityMasterConfiguration
+ # TODO implement http to https redirection
+
- # sparc
- # lebrun
- allow from 193.198.184.10
- # schroeder
- allow from 193.198.184.11
- # spontini
- allow from 206.12.19.14
- allow from 2607:f8f0:610:4000:a00:20ff:fea0:918b
+
+ Use SecurityMasterConfiguration
+ Use common-debian-service-ssl security-master.debian.org
+ Use common-ssl-HSTS
+
- # mips
- # corelli
- allow from 206.12.19.16
- allow from 2607:f8f0:610:4000:2e0:98ff:fe00:4489
- # lucatelli
- allow from 206.12.19.15
- allow from 2607:f8f0:610:4000:2e0:98ff:fe00:4141
- # ball
- allow from 2001:41b8:202:deb:202:4cff:fefe:d09
- allow from 82.195.75.70
-
- # s390
- allow from 80.245.147.46
-
- # kfreebsd, i386
- # finzi
- allow from 206.12.19.111
- # field
- allow from 194.177.211.210
-
- # kfreebsd, amd64
- # fasch
- allow from 194.177.211.201
- # fano
- allow from 206.12.19.110
-
- # ia64
- # alkman
- allow from 192.25.206.63
- # mundy
- allow from 192.25.206.62
-
- # powerpc
- # praetorius
- allow from 130.239.18.121
- allow from 2001:6b0:e:2a18:204:acff:fede:459f
- # poulenc
- allow from 144.32.168.77
- # porpora
- allow from 144.32.168.78
-
- # Ganneff, test
- allow from 78.46.40.15
- allow from 2001:4dd0:ff00:df::2
- allow from 213.146.108.162
- allow from 2a01:198:5d0:0:21c:c0ff:fead:e3a3
-
- AuthName "security.debian.org"
- AuthType Basic
- AuthUserFile /org/security-master.debian.org/apache.htpasswd
- require valid-user
-
- # Either good IP address or good user/pass is sufficient
- satisfy any
-
-
-# end