-# pretend this is in a vhost
- ServerAdmin team@security.debian.org
- DocumentRoot /srv/security-master.debian.org/htdocs-security-master
- ServerName security-master.debian.org
+# push changes with: sudo apache2-vhost-update security-master.debian.org
- ErrorLog /var/log/apache2/security-master.debian.org-error.log
- LogLevel warn
- CustomLog /var/log/apache2/security-master.debian.org-access.log combined
+BrowserMatch ExtractorPro spammer
+BrowserMatch EmailSiphon spammer
+<Macro SecurityMasterConfiguration>
+ ServerName security-master.debian.org
+ ServerAdmin team@security.debian.org
- Alias /debian-security /org/security.debian.org/archive/debian-security/
- Alias /debian-security-buildd /srv/security-master.debian.org/buildd/debian-security-buildd/
- Alias /buildd/ /org/security-master.debian.org/buildd/
+ DocumentRoot /srv/security-master.debian.org/htdocs-security-master
- #RewriteEngine on
- #RewriteRule ^/$ http://www.debian.org/security/
+ ErrorLog /var/log/apache2/security-master.debian.org-error.log
+ CustomLog /var/log/apache2/security-master.debian.org-access.log combined
+ LogLevel warn
- # BuildD access list
- <LocationMatch "^/(buildd|buildd-squeeze|buildd-wheezy|debian-security|debian-security-buildd)/">
- order deny,allow
- deny from all
+ Alias /debian-security /org/security.debian.org/archive/debian-security/
+ Alias /debian-security-buildd /srv/security-master.debian.org/buildd/debian-security-buildd/
+ Alias /buildd/ /org/security-master.debian.org/buildd/
- Use DebianBuilddHostList
+ <LocationMatch "^/(buildd|buildd-squeeze|buildd-wheezy|debian-security|debian-security-buildd)/">
+ order deny,allow
+ deny from all
- # i386
- # brahms
- allow from 206.12.19.115
- allow from 2607:f8f0:610:4000:216:36ff:fe40:3802
- # murphy
- allow from 70.103.162.31
- # biber
- allow from 194.177.211.204
- allow from 2001:648:2ffc:deb:214:22ff:feb2:1268
+ Use DebianBuilddHostList
- # amd64
- # barber
- allow from 194.177.211.203
- allow from 2001:648:2ffc:deb:214:22ff:feb2:2370
+ # spohr.debian.org - not in list of buildds generated by puppet
+ allow from 192.25.206.33
- # armel
- # ancina
- allow from 157.193.39.13
- # arnold
- allow from 217.140.96.57
- # alain
- allow from 217.140.96.58
- # alwyn
- allow from 217.140.96.59
- # antheil
- allow from 217.140.96.60
+ # whitelisted for Joerg Jaspert
+ allow from 78.46.40.15
+ allow from 2001:4dd0:ff00:df::2
+ allow from 213.146.108.162
+ allow from 2a01:198:5d0:0:21c:c0ff:fead:e3a3
- # alpha
- # goetz
- allow from 193.62.202.26
+ AuthName "security.debian.org"
+ AuthType Basic
+ AuthUserFile /org/security-master.debian.org/apache.htpasswd
+ require valid-user
- # samosa
- allow from 192.25.206.57
- # spohr
- allow from 192.25.206.33
+ # either valid IP address or valid user are sufficient
+ satisfy any
+ </LocationMatch>
+</Macro>
- # mipsel
- # rem
- allow from 82.195.75.68
- allow from 2001:41b8:202:deb:202:4cff:fefe:d06
- # mayer
- allow from 140.211.166.78
- allow from 2001:6f8:1173:2:202:4cff:fefe:d06
+<VirtualHost *:80>
+ Use SecurityMasterConfiguration
+ # TODO implement http to https redirection
+</VirtualHost>
- # sparc
- # lebrun
- allow from 193.198.184.10
- # schroeder
- allow from 193.198.184.11
- # spontini
- allow from 206.12.19.14
- allow from 2607:f8f0:610:4000:a00:20ff:fea0:918b
+<VirtualHost *:443>
+ Use SecurityMasterConfiguration
+ Use common-debian-service-ssl security-master.debian.org
+ Use common-ssl-HSTS
+</VirtualHost>
- # mips
- # corelli
- allow from 206.12.19.16
- allow from 2607:f8f0:610:4000:2e0:98ff:fe00:4489
- # lucatelli
- allow from 206.12.19.15
- allow from 2607:f8f0:610:4000:2e0:98ff:fe00:4141
- # ball
- allow from 2001:41b8:202:deb:202:4cff:fefe:d09
- allow from 82.195.75.70
-
- # s390
- allow from 80.245.147.46
-
- # kfreebsd, i386
- # finzi
- allow from 206.12.19.111
- # field
- allow from 194.177.211.210
-
- # kfreebsd, amd64
- # fasch
- allow from 194.177.211.201
- # fano
- allow from 206.12.19.110
-
- # ia64
- # alkman
- allow from 192.25.206.63
- # mundy
- allow from 192.25.206.62
-
- # powerpc
- # praetorius
- allow from 130.239.18.121
- allow from 2001:6b0:e:2a18:204:acff:fede:459f
- # poulenc
- allow from 144.32.168.77
- # porpora
- allow from 144.32.168.78
-
- # Ganneff, test
- allow from 78.46.40.15
- allow from 2001:4dd0:ff00:df::2
- allow from 213.146.108.162
- allow from 2a01:198:5d0:0:21c:c0ff:fead:e3a3
-
- AuthName "security.debian.org"
- AuthType Basic
- AuthUserFile /org/security-master.debian.org/apache.htpasswd
- require valid-user
-
- # Either good IP address or good user/pass is sufficient
- satisfy any
- </LocationMatch>
-
-# end
projects / dak.git / commitdiff