[MediaWiki-commits] [Gerrit] contint: Fix allow/deny rules for Apache 2.4 - change (operations/puppet)

Tue, 04 Nov 2014 15:03:03 -0800 

Dzahn has submitted this change and it was merged.

Change subject: contint: Fix allow/deny rules for Apache 2.4
......................................................................


contint: Fix allow/deny rules for Apache 2.4

Requests were all resulting in 403 Forbidden on Trusty instances.

Change-Id: Ifc7a6bd77c1210b354991725cad2c089e76c3ec2
---
M modules/contint/manifests/localvhost.pp
M modules/contint/templates/apache/localvhost.erb
2 files changed, 10 insertions(+), 0 deletions(-)

Approvals:
  Hashar: Looks good to me, but someone else must approve
  jenkins-bot: Verified
  Dzahn: Looks good to me, approved



diff --git a/modules/contint/manifests/localvhost.pp 
b/modules/contint/manifests/localvhost.pp
index bceffe2..791f5fd 100644
--- a/modules/contint/manifests/localvhost.pp
+++ b/modules/contint/manifests/localvhost.pp
@@ -20,6 +20,8 @@
     $log_prefix = $name,
 ){
 
+    $is_24 = ubuntu_version('>= trusty')
+
     apache::site { "${name}.localhost":
         content => template('contint/apache/localvhost.erb'),
     }
diff --git a/modules/contint/templates/apache/localvhost.erb 
b/modules/contint/templates/apache/localvhost.erb
index 3cd06b4..e391f5a 100644
--- a/modules/contint/templates/apache/localvhost.erb
+++ b/modules/contint/templates/apache/localvhost.erb
@@ -28,18 +28,26 @@
     RewriteRule ^/([\w-]+)/wiki(/.*?)$ %{DOCUMENT_ROOT}/$1/w/index.php [L]
 
     <Directory />
+<% if @is_24 -%>
+        Require all denied
+<% else -%>
         Order deny,allow
         Deny from all
+<% end -%>
     </Directory>
 
     <Directory <%= @docroot %>>
         Options +Indexes
         Options FollowSymLinks
 
+<% if @is_24 -%>
+        Require local
+<% else -%>
         Order deny,allow
         Deny from all
         Allow from 127.0.0.1/32
         Allow from ::1/128
+<% end -%>
     </Directory>
 
     LogLevel warn

-- 
To view, visit https://gerrit.wikimedia.org/r/170792
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ifc7a6bd77c1210b354991725cad2c089e76c3ec2
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Krinkle <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: Hashar <[email protected]>
Gerrit-Reviewer: Krinkle <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to