From: Philipp Dallig Date: Wed, 16 Nov 2016 10:02:14 +0000 (+0100) Subject: pfizer - add locationmatch security X-Git-Tag: v0.1.0~3802 X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=7a79a4525d14e86cd7a52814949422233ce581dd;p=pixelpark%2Fhiera.git pfizer - add locationmatch security --- diff --git a/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml b/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml index d6b70aab..3fcd966f 100644 --- a/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml +++ b/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml @@ -103,8 +103,8 @@ site::profile::drupal::projects: #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 directories: - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -156,8 +156,8 @@ site::profile::typo3::projects: ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem directories: - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -587,8 +587,8 @@ site::profile::apache::vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -615,8 +615,8 @@ site::profile::apache::vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -643,8 +643,8 @@ site::profile::apache::vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -671,8 +671,8 @@ site::profile::apache::vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -702,8 +702,8 @@ site::profile::apache::vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -739,8 +739,8 @@ site::profile::apache::vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -768,8 +768,8 @@ site::profile::apache::vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -819,8 +819,8 @@ site::profile::apache::vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -862,8 +862,8 @@ site::profile::apache::vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -902,8 +902,8 @@ site::profile::apache::vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -939,8 +939,8 @@ site::profile::apache::vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -979,8 +979,8 @@ site::profile::apache::vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -1013,8 +1013,8 @@ site::profile::apache::vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -1044,8 +1044,8 @@ site::profile::apache::vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file diff --git a/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml b/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml index 1f9e5812..ad8a8377 100644 --- a/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml +++ b/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml @@ -110,8 +110,8 @@ site::profile::typo3::projects: #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 directories: - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: dev-redaktion-pfizer-de auth_digest_provider: file diff --git a/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml b/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml index a21158fb..30171be6 100644 --- a/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml +++ b/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml @@ -128,8 +128,8 @@ site::profile::drupal::projects: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -184,8 +184,8 @@ site::profile::typo3::projects: ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem directories: - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -197,7 +197,6 @@ site::profile::typo3::projects: - location_protected: provider: location path: '/protected' - order: 'deny,allow' require: - 'all denied' user: apache @@ -626,8 +625,8 @@ site::profile::apache::pp_vhosts: allow_override: - None - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -660,8 +659,8 @@ site::profile::apache::pp_vhosts: allow_override: - None - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -693,8 +692,8 @@ site::profile::apache::pp_vhosts: allow_override: - None - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -727,8 +726,8 @@ site::profile::apache::pp_vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -768,8 +767,8 @@ site::profile::apache::pp_vhosts: allow_override: - None - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -803,8 +802,8 @@ site::profile::apache::pp_vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -852,8 +851,8 @@ site::profile::apache::pp_vhosts: - All directoryindex: rheuma.html - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -895,8 +894,8 @@ site::profile::apache::pp_vhosts: - All directoryindex: psoriasis.html - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -934,8 +933,8 @@ site::profile::apache::pp_vhosts: allow_override: - None - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -966,8 +965,8 @@ site::profile::apache::pp_vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -998,8 +997,8 @@ site::profile::apache::pp_vhosts: allow_override: - All - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -1042,8 +1041,8 @@ site::profile::apache::pp_vhosts: options: - None - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file @@ -1076,8 +1075,8 @@ site::profile::apache::pp_vhosts: allow_override: - None - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: pixelrealm auth_digest_provider: file diff --git a/customer/pfizer/web02-pfizer-de.pixelpark.net.yaml b/customer/pfizer/web02-pfizer-de.pixelpark.net.yaml index 56c798e6..0b61153f 100644 --- a/customer/pfizer/web02-pfizer-de.pixelpark.net.yaml +++ b/customer/pfizer/web02-pfizer-de.pixelpark.net.yaml @@ -82,8 +82,8 @@ site::profile::typo3::projects: #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 directories: - location_root: - provider: location - path: '/' + provider: locationmatch + path: '^/!(server-status|server-info)' auth_type: Digest auth_name: redaktion-pfizer-de auth_digest_provider: file