From 8b0910f1caf19884b6b46976b72536ee1f570ed5 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Tue, 15 Sep 2015 11:52:20 -0400
Subject: Fix server-status availability to tor hidden services (#7456)

Make the server-status information unavailable by putting the vhost on a
port that isn't configured as available to the tor hidden-service.

Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
---
 .../modules/site_webapp/files/server-status.conf   | 28 ++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 puppet/modules/site_webapp/files/server-status.conf

(limited to 'puppet/modules/site_webapp/files')

diff --git a/puppet/modules/site_webapp/files/server-status.conf b/puppet/modules/site_webapp/files/server-status.conf
new file mode 100644
index 00000000..84cb9ae0
--- /dev/null
+++ b/puppet/modules/site_webapp/files/server-status.conf
@@ -0,0 +1,28 @@
+# Keep track of extended status information for each request
+ExtendedStatus On
+
+# Determine if mod_status displays the first 63 characters of a request or
+# the last 63, assuming the request itself is greater than 63 chars.
+# Default: Off
+#SeeRequestTail On
+
+Listen 127.0.0.1:8162
+NameVirtualHost 127.0.0.1:8162
+
+<VirtualHost 127.0.0.1:8162>
+
+<Location /server-status>
+    SetHandler server-status
+    Order deny,allow
+    Deny from all
+    Allow from 127.0.0.1
+</Location>
+
+</VirtualHost>
+
+
+<IfModule mod_proxy.c>
+    # Show Proxy LoadBalancer status in mod_status
+    ProxyStatus On
+</IfModule>
+
-- 
cgit v1.2.3


From ee6cad0750e853b3ac210d17b79471772bfae2a5 Mon Sep 17 00:00:00 2001
From: Micah <micah@leap.se>
Date: Fri, 11 Mar 2016 12:16:42 -0500
Subject: fix tor-related jessie deprecation problems (#7962)

Change-Id: If493b8a1f06a786df36a28aa1fc592e270eba639
---
 puppet/modules/site_webapp/files/server-status.conf | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'puppet/modules/site_webapp/files')

diff --git a/puppet/modules/site_webapp/files/server-status.conf b/puppet/modules/site_webapp/files/server-status.conf
index 84cb9ae0..10b2d4ed 100644
--- a/puppet/modules/site_webapp/files/server-status.conf
+++ b/puppet/modules/site_webapp/files/server-status.conf
@@ -7,14 +7,12 @@ ExtendedStatus On
 #SeeRequestTail On
 
 Listen 127.0.0.1:8162
-NameVirtualHost 127.0.0.1:8162
 
 <VirtualHost 127.0.0.1:8162>
 
 <Location /server-status>
     SetHandler server-status
-    Order deny,allow
-    Deny from all
+    Require all granted
     Allow from 127.0.0.1
 </Location>
 
-- 
cgit v1.2.3