25b08c09a8
AI crawlers continue to get more and more aggressive. To ensure that there are more webserver slots for actual users apply the user agent filter to every vhost on static.o.o. Note that at least one vhost already used the ua filter so we don't need to update config management beyond the vhost configs. The macro is already installed on static. Change-Id: I7c377d51f0a89272fd6fadbecc3d7923bba3cfd7
36 lines
1.2 KiB
Plaintext
36 lines
1.2 KiB
Plaintext
<VirtualHost *:80>
|
|
ServerName eavesdrop.openstack.org
|
|
|
|
RewriteEngine On
|
|
Use UserAgentFilter
|
|
|
|
RewriteRule ^/(.*) https://meetings.opendev.org/$1 [last,redirect=permanent]
|
|
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/eavesdrop.openstack.org_error.log
|
|
CustomLog /var/log/apache2/eavesdrop.openstack.org_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:443>
|
|
ServerName eavesdrop.openstack.org
|
|
|
|
SSLCertificateFile /etc/letsencrypt-certs/eavesdrop.openstack.org/eavesdrop.openstack.org.cer
|
|
SSLCertificateKeyFile /etc/letsencrypt-certs/eavesdrop.openstack.org/eavesdrop.openstack.org.key
|
|
SSLCertificateChainFile /etc/letsencrypt-certs/eavesdrop.openstack.org/ca.cer
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Note: this list should ensure ciphers that provide forward secrecy
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
|
|
RewriteEngine On
|
|
Use UserAgentFilter
|
|
|
|
RewriteRule ^/(.*) https://meetings.opendev.org/$1 [last,redirect=permanent]
|
|
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/eavesdrop.openstack.org_error.log
|
|
CustomLog /var/log/apache2/eavesdrop.openstack.org_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|