From: Ansgar Burchardt <ansgar@debian.org>
Date: Wed, 15 Jan 2014 17:17:25 +0000 (+0100)
Subject: Update apache.conf-ftp with current live version.
X-Git-Url: https://git.decadent.org.uk/gitweb/?p=dak.git;a=commitdiff_plain;h=5c9533de60a1a21fd0d656bb8df92e09fd5a090c

Update apache.conf-ftp with current live version.
---

diff --git a/config/debian-security/apache.conf b/config/debian-security/apache.conf
index 172cbcee..4886ab0d 100644
--- a/config/debian-security/apache.conf
+++ b/config/debian-security/apache.conf
@@ -1,134 +1,55 @@
-# pretend this is in a vhost
-    ServerAdmin team@security.debian.org
-    DocumentRoot /srv/security-master.debian.org/htdocs-security-master
-    ServerName security-master.debian.org
+# push changes with: sudo apache2-vhost-update security-master.debian.org
 
-    ErrorLog /var/log/apache2/security-master.debian.org-error.log
-    LogLevel warn
-    CustomLog /var/log/apache2/security-master.debian.org-access.log combined
+BrowserMatch ExtractorPro spammer
+BrowserMatch EmailSiphon spammer
 
+<Macro SecurityMasterConfiguration>
+  ServerName security-master.debian.org
+  ServerAdmin team@security.debian.org
 
-    Alias /debian-security /org/security.debian.org/archive/debian-security/
-    Alias /debian-security-buildd /srv/security-master.debian.org/buildd/debian-security-buildd/
-    Alias /buildd/ /org/security-master.debian.org/buildd/
+  DocumentRoot /srv/security-master.debian.org/htdocs-security-master
 
-    #RewriteEngine on
-    #RewriteRule ^/$    http://www.debian.org/security/
+  ErrorLog /var/log/apache2/security-master.debian.org-error.log
+  CustomLog /var/log/apache2/security-master.debian.org-access.log combined
+  LogLevel warn
 
-    # BuildD access list
-    <LocationMatch "^/(buildd|buildd-squeeze|buildd-wheezy|debian-security|debian-security-buildd)/">
-        order deny,allow
-        deny from all
+  Alias /debian-security /org/security.debian.org/archive/debian-security/
+  Alias /debian-security-buildd /srv/security-master.debian.org/buildd/debian-security-buildd/
+  Alias /buildd/ /org/security-master.debian.org/buildd/
 
-        Use DebianBuilddHostList
+  <LocationMatch "^/(buildd|buildd-squeeze|buildd-wheezy|debian-security|debian-security-buildd)/">
+    order deny,allow
+    deny from all
 
-        # i386
-        # brahms
-        allow from 206.12.19.115
-        allow from 2607:f8f0:610:4000:216:36ff:fe40:3802
-        # murphy
-        allow from 70.103.162.31
-        # biber
-        allow from 194.177.211.204
-        allow from 2001:648:2ffc:deb:214:22ff:feb2:1268
+    Use DebianBuilddHostList
 
-        # amd64
-        # barber
-        allow from 194.177.211.203
-        allow from 2001:648:2ffc:deb:214:22ff:feb2:2370
+    # spohr.debian.org - not in list of buildds generated by puppet
+    allow from 192.25.206.33
 
-        # armel
-        # ancina
-        allow from 157.193.39.13
-        # arnold
-        allow from 217.140.96.57
-        # alain
-        allow from 217.140.96.58
-        # alwyn
-        allow from 217.140.96.59
-        # antheil
-        allow from 217.140.96.60
+    # whitelisted for Joerg Jaspert
+    allow from 78.46.40.15
+    allow from 2001:4dd0:ff00:df::2
+    allow from 213.146.108.162
+    allow from 2a01:198:5d0:0:21c:c0ff:fead:e3a3
 
-        # alpha
-        # goetz
-        allow from 193.62.202.26
+    AuthName "security.debian.org"
+    AuthType Basic
+    AuthUserFile /org/security-master.debian.org/apache.htpasswd
+    require valid-user
 
-        # samosa
-        allow from 192.25.206.57
-        # spohr
-        allow from 192.25.206.33
+    # either valid IP address or valid user are sufficient
+    satisfy any
+  </LocationMatch>
+</Macro>
 
-        # mipsel
-        # rem
-        allow from 82.195.75.68
-        allow from 2001:41b8:202:deb:202:4cff:fefe:d06
-        # mayer
-        allow from 140.211.166.78
-        allow from 2001:6f8:1173:2:202:4cff:fefe:d06
+<VirtualHost *:80>
+  Use SecurityMasterConfiguration
+  # TODO implement http to https redirection
+</VirtualHost>
 
-        # sparc
-        # lebrun
-        allow from 193.198.184.10
-        # schroeder
-        allow from 193.198.184.11
-        # spontini
-        allow from 206.12.19.14
-        allow from 2607:f8f0:610:4000:a00:20ff:fea0:918b
+<VirtualHost *:443>
+  Use SecurityMasterConfiguration
+  Use common-debian-service-ssl security-master.debian.org
+  Use common-ssl-HSTS
+</VirtualHost>
 
-        # mips
-        # corelli
-        allow from 206.12.19.16
-        allow from 2607:f8f0:610:4000:2e0:98ff:fe00:4489
-        # lucatelli
-        allow from 206.12.19.15
-        allow from 2607:f8f0:610:4000:2e0:98ff:fe00:4141
-        # ball
-        allow from 2001:41b8:202:deb:202:4cff:fefe:d09
-        allow from 82.195.75.70
-
-        # s390
-        allow from 80.245.147.46
-
-        # kfreebsd, i386
-        # finzi
-        allow from 206.12.19.111
-        # field
-        allow from 194.177.211.210
-
-        # kfreebsd, amd64
-        # fasch
-        allow from 194.177.211.201
-        # fano
-        allow from 206.12.19.110
-
-        # ia64
-        # alkman
-        allow from 192.25.206.63
-        # mundy
-        allow from 192.25.206.62
-
-        # powerpc
-        # praetorius
-        allow from 130.239.18.121
-        allow from 2001:6b0:e:2a18:204:acff:fede:459f
-        # poulenc
-        allow from 144.32.168.77
-        # porpora
-        allow from 144.32.168.78
-
-        # Ganneff, test
-        allow from 78.46.40.15
-        allow from 2001:4dd0:ff00:df::2
-        allow from 213.146.108.162
-        allow from 2a01:198:5d0:0:21c:c0ff:fead:e3a3
-
-        AuthName "security.debian.org"
-        AuthType Basic
-        AuthUserFile /org/security-master.debian.org/apache.htpasswd
-        require valid-user
-
-        # Either good IP address or good user/pass is sufficient
-        satisfy any
-    </LocationMatch>
-
-# end