# push changes with: sudo apache2-vhost-update security-master.debian.org

BrowserMatch ExtractorPro spammer
BrowserMatch EmailSiphon spammer

<Macro SecurityMasterConfiguration>
  ServerName security-master.debian.org
  ServerAdmin team@security.debian.org

  DocumentRoot /srv/security-master.debian.org/htdocs-security-master

  ErrorLog /var/log/apache2/security-master.debian.org-error.log
  CustomLog /var/log/apache2/security-master.debian.org-access.log combined
  LogLevel warn

  Alias /debian-security /srv/security.debian.org/archive/debian-security/
  Alias /debian-security-buildd /srv/security-master.debian.org/buildd/debian-security-buildd/
  Alias /buildd/ /srv/security-master.debian.org/buildd/

  <LocationMatch "^/(buildd|buildd-squeeze|buildd-wheezy|debian-security|debian-security-buildd)/">
    order deny,allow
    deny from all

    Use DebianBuilddHostList

    # spohr.debian.org - not in list of buildds generated by puppet
    allow from 192.25.206.33

    # whitelisted for Joerg Jaspert
    allow from 78.46.40.15
    allow from 2001:4dd0:ff00:df::2
    allow from 213.146.108.162
    allow from 2a01:198:5d0:0:21c:c0ff:fead:e3a3

    AuthName "security.debian.org"
    AuthType Basic
    AuthUserFile /srv/security-master.debian.org/apache.htpasswd
    require valid-user

    # either valid IP address or valid user are sufficient
    satisfy any
  </LocationMatch>
</Macro>

<VirtualHost *:80>
  Use SecurityMasterConfiguration
  # TODO implement http to https redirection
</VirtualHost>

<VirtualHost *:443>
  Use SecurityMasterConfiguration
  Use common-debian-service-ssl security-master.debian.org
  Use common-ssl-HSTS
</VirtualHost>