From 5c9533de60a1a21fd0d656bb8df92e09fd5a090c Mon Sep 17 00:00:00 2001 From: Ansgar Burchardt Date: Wed, 15 Jan 2014 18:17:25 +0100 Subject: [PATCH] Update apache.conf-ftp with current live version. --- config/debian-security/apache.conf | 161 ++++++++--------------------- 1 file changed, 41 insertions(+), 120 deletions(-) diff --git a/config/debian-security/apache.conf b/config/debian-security/apache.conf index 172cbcee..4886ab0d 100644 --- a/config/debian-security/apache.conf +++ b/config/debian-security/apache.conf @@ -1,134 +1,55 @@ -# pretend this is in a vhost - ServerAdmin team@security.debian.org - DocumentRoot /srv/security-master.debian.org/htdocs-security-master - ServerName security-master.debian.org +# push changes with: sudo apache2-vhost-update security-master.debian.org - ErrorLog /var/log/apache2/security-master.debian.org-error.log - LogLevel warn - CustomLog /var/log/apache2/security-master.debian.org-access.log combined +BrowserMatch ExtractorPro spammer +BrowserMatch EmailSiphon spammer + + ServerName security-master.debian.org + ServerAdmin team@security.debian.org - Alias /debian-security /org/security.debian.org/archive/debian-security/ - Alias /debian-security-buildd /srv/security-master.debian.org/buildd/debian-security-buildd/ - Alias /buildd/ /org/security-master.debian.org/buildd/ + DocumentRoot /srv/security-master.debian.org/htdocs-security-master - #RewriteEngine on - #RewriteRule ^/$ http://www.debian.org/security/ + ErrorLog /var/log/apache2/security-master.debian.org-error.log + CustomLog /var/log/apache2/security-master.debian.org-access.log combined + LogLevel warn - # BuildD access list - - order deny,allow - deny from all + Alias /debian-security /org/security.debian.org/archive/debian-security/ + Alias /debian-security-buildd /srv/security-master.debian.org/buildd/debian-security-buildd/ + Alias /buildd/ /org/security-master.debian.org/buildd/ - Use DebianBuilddHostList + + order deny,allow + deny from all - # i386 - # brahms - allow from 206.12.19.115 - allow from 2607:f8f0:610:4000:216:36ff:fe40:3802 - # murphy - allow from 70.103.162.31 - # biber - allow from 194.177.211.204 - allow from 2001:648:2ffc:deb:214:22ff:feb2:1268 + Use DebianBuilddHostList - # amd64 - # barber - allow from 194.177.211.203 - allow from 2001:648:2ffc:deb:214:22ff:feb2:2370 + # spohr.debian.org - not in list of buildds generated by puppet + allow from 192.25.206.33 - # armel - # ancina - allow from 157.193.39.13 - # arnold - allow from 217.140.96.57 - # alain - allow from 217.140.96.58 - # alwyn - allow from 217.140.96.59 - # antheil - allow from 217.140.96.60 + # whitelisted for Joerg Jaspert + allow from 78.46.40.15 + allow from 2001:4dd0:ff00:df::2 + allow from 213.146.108.162 + allow from 2a01:198:5d0:0:21c:c0ff:fead:e3a3 - # alpha - # goetz - allow from 193.62.202.26 + AuthName "security.debian.org" + AuthType Basic + AuthUserFile /org/security-master.debian.org/apache.htpasswd + require valid-user - # samosa - allow from 192.25.206.57 - # spohr - allow from 192.25.206.33 + # either valid IP address or valid user are sufficient + satisfy any + + - # mipsel - # rem - allow from 82.195.75.68 - allow from 2001:41b8:202:deb:202:4cff:fefe:d06 - # mayer - allow from 140.211.166.78 - allow from 2001:6f8:1173:2:202:4cff:fefe:d06 + + Use SecurityMasterConfiguration + # TODO implement http to https redirection + - # sparc - # lebrun - allow from 193.198.184.10 - # schroeder - allow from 193.198.184.11 - # spontini - allow from 206.12.19.14 - allow from 2607:f8f0:610:4000:a00:20ff:fea0:918b + + Use SecurityMasterConfiguration + Use common-debian-service-ssl security-master.debian.org + Use common-ssl-HSTS + - # mips - # corelli - allow from 206.12.19.16 - allow from 2607:f8f0:610:4000:2e0:98ff:fe00:4489 - # lucatelli - allow from 206.12.19.15 - allow from 2607:f8f0:610:4000:2e0:98ff:fe00:4141 - # ball - allow from 2001:41b8:202:deb:202:4cff:fefe:d09 - allow from 82.195.75.70 - - # s390 - allow from 80.245.147.46 - - # kfreebsd, i386 - # finzi - allow from 206.12.19.111 - # field - allow from 194.177.211.210 - - # kfreebsd, amd64 - # fasch - allow from 194.177.211.201 - # fano - allow from 206.12.19.110 - - # ia64 - # alkman - allow from 192.25.206.63 - # mundy - allow from 192.25.206.62 - - # powerpc - # praetorius - allow from 130.239.18.121 - allow from 2001:6b0:e:2a18:204:acff:fede:459f - # poulenc - allow from 144.32.168.77 - # porpora - allow from 144.32.168.78 - - # Ganneff, test - allow from 78.46.40.15 - allow from 2001:4dd0:ff00:df::2 - allow from 213.146.108.162 - allow from 2a01:198:5d0:0:21c:c0ff:fead:e3a3 - - AuthName "security.debian.org" - AuthType Basic - AuthUserFile /org/security-master.debian.org/apache.htpasswd - require valid-user - - # Either good IP address or good user/pass is sufficient - satisfy any - - -# end -- 2.39.5