| |
| Listen 80 |
| |
| <IfModule mod_ssl.c> |
| Listen 443 |
| </IfModule> |
| |
| SSLStaplingCache "shmcb:/var/log/apache2/stapling-cache(32768)" |
| |
| <VirtualHost *:80> |
| ServerName ruleqa.spamassassin.org |
| ServerAlias ruleqa-trunk.spamassassin.org |
| ServerAlias ruleqa-stable.spamassassin.org |
| |
| ErrorLog ${APACHE_LOG_DIR}/ruleqa.spamassassin.org-error.log |
| CustomLog ${APACHE_LOG_DIR}/ruleqa.spamassassin.org-access.log combined |
| |
| RewriteEngine On |
| RewriteCond %{HTTPS} !=on |
| RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] |
| </VirtualHost> |
| |
| <IfModule mod_ssl.c> |
| <VirtualHost *:443> |
| ServerName ruleqa.spamassassin.org |
| ServerAlias ruleqa-trunk.spamassassin.org |
| ServerAlias ruleqa-stable.spamassassin.org |
| |
| ErrorLog ${APACHE_LOG_DIR}/ruleqa.spamassassin.org-ssl-error.log |
| CustomLog ${APACHE_LOG_DIR}/ruleqa.spamassassin.org-ssl-access.log combined |
| |
| DocumentRoot /var/www/ruleqa.spamassassin.org |
| ServerAdmin webmaster@spamassassin.org |
| |
| SSLEngine on |
| SSLCertificateFile /etc/letsencrypt/live/spamassassin.org/fullchain.pem |
| SSLCertificateKeyFile /etc/letsencrypt/live/spamassassin.org/privkey.pem |
| # https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.1.1f&hsts=false&guideline=5.4 |
| # intermediate configuration |
| SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 |
| SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 |
| SSLHonorCipherOrder off |
| SSLSessionTickets off |
| SSLUseStapling On |
| |
| <Directory /var/www/ruleqa.spamassassin.org> |
| Options Indexes FollowSymLinks ExecCGI |
| AllowOverride Indexes |
| Require all granted |
| </Directory> |
| |
| <Directory /usr/local/spamassassin/automc/svn/masses/rule-qa/automc> |
| AllowOverride None |
| Options ExecCGI SymLinksIfOwnerMatch |
| Require all granted |
| </Directory> |
| |
| ScriptAlias /ruleqa.cgi /usr/local/spamassassin/automc/svn/masses/rule-qa/automc/ruleqa.cgi |
| |
| RewriteEngine On |
| # debugging: |
| # RewriteLogLevel 9 |
| # RewriteLog /var/apache2/logs/rewrite_log |
| |
| # "%2F" is used to grep rule subsets, allow it |
| AllowEncodedSlashes On |
| |
| # Redirect nagios to simple ok page |
| RewriteCond %{HTTP_USER_AGENT} ^check_http |
| RewriteRule .* /ok.html [L] |
| |
| # Disallow some pesky robots |
| RewriteCond %{REMOTE_ADDR} !^(?:127\.0\.0\.1|10\..*)$ |
| RewriteCond %{REQUEST_URI} !=/robots.txt |
| RewriteCond %{HTTP_USER_AGENT} "(?:Bot|Spider|Crawl)" [NC,OR] |
| RewriteCond %{HTTP_USER_AGENT} "(?:Chrome/4|Firefox/4)" |
| RewriteRule ^ - [F] |
| |
| # Serve cached index for all except ourselves (/usr/local/bin/updateRuleqaIndex.sh) |
| RewriteCond %{REQUEST_URI} ^/$ |
| RewriteCond %{QUERY_STRING} ^$ |
| RewriteCond %{REMOTE_ADDR} !^(?:127\.0\.0\.1|10\..*)$ |
| RewriteRule .* /index_cached.html [L] |
| |
| # Index: straight through |
| RewriteRule ^/$ /ruleqa.cgi [PT,L] |
| |
| # Aliases |
| RewriteRule ^/ruleqa\.css$ /usr/local/spamassassin/automc/svn/masses/rule-qa/automc/ruleqa.css [L] |
| RewriteRule ^/sorttable\.js$ /usr/local/spamassassin/automc/svn/masses/rule-qa/automc/sorttable.js [L] |
| |
| # Satisfy local files |
| RewriteCond /var/www/ruleqa.spamassassin.org/%{REQUEST_FILENAME} !-d |
| RewriteCond /var/www/ruleqa.spamassassin.org/%{REQUEST_FILENAME} !-f |
| # Otherwise the CGI, only send known urls |
| RewriteCond %{REQUEST_URI} !^/ruleqa\.cgi$ |
| RewriteRule ^/((?:20\d\d|last-|\d+-days-ago|today).*) /ruleqa.cgi/$1 [PT,L] |
| </VirtualHost> |
| </IfModule> |
| |