source: trunk/server/fedora/config/etc/httpd/conf.d/scripts-special.conf @ 2703

Last change on this file since 2703 was 2703, checked in by andersk, 7 years ago
Disable /.well-known/acme-challenge This will prevent users from trying to generate certificates via Let’s Encrypt that we cannot accept.
File size: 1.6 KB
Line 
1Alias /__scripts/heartbeat /afs/athena.mit.edu/contrib/scripts/web_scripts/heartbeat
2Alias /__scripts/django/static/admin /usr/lib/python2.7/site-packages/django/contrib/admin/static/admin
3Alias /__scripts /etc/httpd/scripts-special
4
5Alias /.well-known/acme-challenge /etc/httpd/scripts-special/.well-known/acme-challenge
6
7<Directory /etc/httpd/scripts-special>
8    <Files *>
9        SetHandler none
10    </Files>
11    SSILegacyExprParser off
12</Directory>
13
14<Directory /usr/lib/python2.7/site-packages/django/contrib/admin/static/admin>
15    <Files *>
16        SetHandler none
17    </Files>
18</Directory>
19
20<Location /__scripts/needcerts>
21    RewriteEngine On
22
23    RewriteCond %{HTTP_HOST} !:444$
24    RewriteCond %{SERVER_NAME} ^(.*\.)?scripts$
25    RewriteCond %{THE_REQUEST} ^[^\ ]*\ (.*)\ .*
26    RewriteRule ^ https://%{SERVER_NAME}.mit.edu:444%1 [L,R]
27
28    RewriteCond %{HTTP_HOST} !:444$
29    RewriteCond %{SERVER_NAME} !=scripts-cert.mit.edu
30    RewriteCond %{SERVER_NAME} !=scripts-cert
31    RewriteCond %{THE_REQUEST} ^[^\ ]*\ (.*)\ .*
32    RewriteRule ^ https://%{SERVER_NAME}:444%1 [L,R]
33
34    RewriteCond %{HTTP_USER_AGENT} Mac\ OS\ X.*AppleWebKit
35    RewriteRule /etc/httpd/scripts-special/needcerts(.*) /__scripts/certerror$1 [L]
36
37    RewriteRule /etc/httpd/scripts-special/needcerts(.+) $1 [L]
38    RewriteRule /etc/httpd/scripts-special/needcerts /__scripts/unauthorized.html [L]
39</Location>
40
41<IfModule ssl_module>
42<Location /__scripts/certerror>
43    SSLVerifyClient require
44    RewriteRule /etc/httpd/scripts-special/certerror(.+) $1 [L]
45    RewriteRule /etc/httpd/scripts-special/certerror /__scripts/unauthorized.html [L]
46</Location>
47</IfModule>
48
49ErrorDocument 403 /__scripts/forbidden.shtml
Note: See TracBrowser for help on using the repository browser.