25b08c09a8
AI crawlers continue to get more and more aggressive. To ensure that there are more webserver slots for actual users apply the user agent filter to every vhost on static.o.o. Note that at least one vhost already used the ua filter so we don't need to update config management beyond the vhost configs. The macro is already installed on static. Change-Id: I7c377d51f0a89272fd6fadbecc3d7923bba3cfd7
46 lines
1.4 KiB
Plaintext
46 lines
1.4 KiB
Plaintext
Define AFS_ROOT /afs/openstack.org/
|
|
|
|
<VirtualHost *:80>
|
|
ServerName static.opendev.org
|
|
ServerAlias static.openstack.org files.openstack.org
|
|
RewriteEngine On
|
|
Use UserAgentFilter
|
|
RewriteRule ^/(.*) https://static.opendev.org/$1 [last,redirect=permanent]
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/static.opendev.org_error.log
|
|
CustomLog /var/log/apache2/static.opendev.org_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
|
|
ServerName static.opendev.org
|
|
ServerAlias static.openstack.org files.openstack.org
|
|
|
|
DocumentRoot ${AFS_ROOT}
|
|
|
|
Use UserAgentFilter
|
|
|
|
SSLCertificateFile /etc/letsencrypt-certs/static.opendev.org/static.opendev.org.cer
|
|
SSLCertificateKeyFile /etc/letsencrypt-certs/static.opendev.org/static.opendev.org.key
|
|
SSLCertificateChainFile /etc/letsencrypt-certs/static.opendev.org/ca.cer
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Note: this list should ensure ciphers that provide forward secrecy
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
|
|
<Directory ${AFS_ROOT}>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverrideList Redirect RedirectMatch
|
|
Require all granted
|
|
</Directory>
|
|
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/static.opendev.org_error.log
|
|
CustomLog /var/log/apache2/static.opendev.org_access.log combined
|
|
ServerSignature Off
|
|
|
|
</VirtualHost>
|
|
</IfModule>
|