[Git][qa/jenkins.debian.net][master] 2 commits: apache: use 2.4 syntax for access control
Mattia Rizzolo (@mattia)
gitlab at salsa.debian.org
Sat Dec 6 08:45:10 GMT 2025
Mattia Rizzolo pushed to branch master at Debian QA / jenkins.debian.net
Commits:
e2b41d66 by Mattia Rizzolo at 2025-12-06T09:44:23+01:00
apache: use 2.4 syntax for access control
Also add the bad_bot restrictions in more paths
Signed-off-by: Mattia Rizzolo <mattia at debian.org>
- - - - -
f0ab82bd by Mattia Rizzolo at 2025-12-06T09:44:41+01:00
apache: block more bad User-Agents
Signed-off-by: Mattia Rizzolo <mattia at debian.org>
- - - - -
1 changed file:
- hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net.conf
Changes:
=====================================
hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net.conf
=====================================
@@ -41,6 +41,18 @@
SetEnvIf User-Agent "Twitterbot" bad_bot
SetEnvIf User-Agent "yacybot" bad_bot
SetEnvIf User-Agent "ZoomBot" bad_bot
+ SetEnvIf User-Agent "Bytespider" bad_bot
+ SetEnvIf User-Agent "Scrapy" bad_bot
+ SetEnvIf User-Agent "Aliyun" bad_bot
+ SetEnvIf User-Agent "ClaudeBot" bad_bot
+ SetEnvIf User-Agent "PetalBot" bad_bot
+
+ # (nowadays) unrealistic User-Agents
+ SetEnvIf User-Agent "^.*Opera/(8|9)\..*$" bad_bot
+ SetEnvIf User-Agent "^.*trident/(3|4|5).*$" bad_bot
+ SetEnvIf User-Agent "^.*Windows\ (95|98|CE|NT\ [02346789]|NT\ 5\.[023456789]).*$" bad_bot
+ SetEnvIf User-Agent "^.*Ipod.*$" bad_bot
+ SetEnvIf User-Agent "^.*Firefox/(3\.8|3\.6\.([0-9]+)).*$" bad_bot
</Macro>
<Macro common-directives $name>
@@ -50,43 +62,33 @@
<Directory />
Options FollowSymLinks
AllowOverride None
- <Limit GET POST HEAD>
- Order Allow,Deny
- Allow from all
- Deny from env=bad_bot
- </Limit>
+ Require all denied
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
- Require all granted
+ <RequireAll>
+ Require all granted
+ Require not env bad_bot
+ </RequireAll>
AddType text/plain .log
- <Limit GET POST HEAD>
- Order Allow,Deny
- Allow from all
- Deny from env=bad_bot
- </Limit>
</Directory>
<Directory /var/lib/jenkins/userContent>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
- Require all granted
+ <RequireAll>
+ Require all granted
+ Require not env bad_bot
+ </RequireAll>
AddType text/plain .log
- <Limit GET POST HEAD>
- Order Allow,Deny
- Allow from all
- Deny from env=bad_bot
- </Limit>
</Directory>
<Directory /srv/reproducible-builds.org/lfs>
Options Indexes FollowSymlinks MultiViews
AllowOverride None
- Require all granted
- <Limit GET POST HEAD>
- Order Allow,Deny
- Allow from all
- Deny from env=bad_bot
- </Limit>
+ <RequireAll>
+ Require all granted
+ Require not env bad_bot
+ </RequireAll>
</Directory>
<FilesMatch "\.gz$">
@@ -107,11 +109,10 @@
<Macro r-b-artifacts $base>
<Directory /var/lib/jenkins/userContent/reproducible/$base/artifacts>
HeaderName .HEADER.html
- <Limit GET POST HEAD>
- Order Allow,Deny
- Allow from all
- Deny from env=bad_bot
- </Limit>
+ <RequireAll>
+ Require all granted
+ Require not env bad_bot
+ </RequireAll>
</Directory>
</Macro>
@@ -137,7 +138,10 @@ Use https-redirect www.diffoscope.org
Alias /archive /srv/reproducible-builds.org/lfs/releases/diffoscope
<Directory /srv/diffoscope.org/www>
AllowOverride None
- Require all granted
+ <RequireAll>
+ Require all granted
+ Require not env bad_bot
+ </RequireAll>
</Directory>
</VirtualHost>
@@ -184,7 +188,10 @@ Use https-redirect www.diffoscope.org
RequestHeader set X-Forwarded-Port "443"
RequestHeader set X-Forwarded-Proto "https"
<Proxy *>
- Require all granted
+ <RequireAll>
+ Require all granted
+ Require not env bad_bot
+ </RequireAll>
</Proxy>
ProxyPreserveHost on
AllowEncodedSlashes NoDecode
@@ -220,12 +227,10 @@ Use https-redirect www.diffoscope.org
<Directory "/srv/jenkins/bin/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Require all granted
- <Limit GET POST HEAD>
- Order Allow,Deny
- Allow from all
- Deny from env=bad_bot
- </Limit>
+ <RequireAll>
+ Require all granted
+ Require not env bad_bot
+ </RequireAll>
</Directory>
# Authenticate with with salsa.debian.org OpenIDc
@@ -242,7 +247,10 @@ Use https-redirect www.diffoscope.org
ScriptAlias /auth/schedule /srv/jenkins/bin/cgi-bin/schedule
<Proxy *>
- Require all granted
+ <RequireAll>
+ Require all granted
+ Require not env bad_bot
+ </RequireAll>
</Proxy>
</VirtualHost>
@@ -265,16 +273,25 @@ Use https-redirect www.diffoscope.org
<Directory /srv/reproducible-builds.org/www>
AllowOverride None
- Require all granted
+ <RequireAll>
+ Require all granted
+ Require not env bad_bot
+ </RequireAll>
</Directory>
<Directory /srv/reproducible-builds.org/style>
AllowOverride None
- Require all granted
+ <RequireAll>
+ Require all granted
+ Require not env bad_bot
+ </RequireAll>
</Directory>
<Directory /srv/reproducible-builds.org/git>
Options Indexes
AllowOverride None
- Require all granted
+ <RequireAll>
+ Require all granted
+ Require not env bad_bot
+ </RequireAll>
</Directory>
</VirtualHost>
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/6531a4b5ba150e8f3fabafdab1b6d31e5d16e229...f0ab82bd7a0350a145a44adeb2fbf3bf32f423f7
--
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/6531a4b5ba150e8f3fabafdab1b6d31e5d16e229...f0ab82bd7a0350a145a44adeb2fbf3bf32f423f7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20251206/e5ead2af/attachment-0001.htm>
More information about the Qa-jenkins-scm
mailing list