BBlack has uploaded a new change for review. https://gerrit.wikimedia.org/r/218286
Change subject: HTTPS: no explicit proxy support ...................................................................... HTTPS: no explicit proxy support Change-Id: I48cdea76b3df1dfcf59df28c739a16a5494086ae --- M modules/varnish/templates/vcl/wikimedia.vcl.erb 1 file changed, 7 insertions(+), 25 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/86/218286/1 diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb b/modules/varnish/templates/vcl/wikimedia.vcl.erb index 6734342..86328e9 100644 --- a/modules/varnish/templates/vcl/wikimedia.vcl.erb +++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb @@ -171,17 +171,9 @@ sub https_recv_redirect { if (req.request == "GET" || req.request == "HEAD") { if (req.http.X-Forwarded-Proto != "https") { - if (req.url ~ "(?i)^https?:") { - if (req.url ~ "(?i)^https?://(ca|el|en|he|it|ru|ug|zh)\.") { - set req.http.Location = regsub(req.url, "(?i)^http:", "https:"); - error 751 "TLS Redirect"; - } - } - else { - if (req.http.Host ~ "(?i)^(ca|el|en|he|it|ru|ug|zh)\.") { - set req.http.Location = "https://" + req.http.Host + req.url; - error 751 "TLS Redirect"; - } + if (req.http.Host ~ "(?i)^(ca|el|en|he|it|ru|ug|zh)\.") { + set req.http.Location = "https://" + req.http.Host + req.url; + error 751 "TLS Redirect"; } } } @@ -206,21 +198,11 @@ // *** HTTPS deliver code - domain-based HSTS headers sub https_deliver_hsts { if (req.http.X-Forwarded-Proto == "https") { - if (req.url ~ "(?i)^https?:") { - if (req.url ~ "(?i)^https?://ru\.") { - set resp.http.Strict-Transport-Security = "max-age=15768000"; - } - else if (req.url ~ "(?i)^https?://(ca|el|en|he|it|ug|zh)\.") { - set resp.http.Strict-Transport-Security = "max-age=86400"; - } + if (req.http.Host ~ "(?i)^ru\.") { + set resp.http.Strict-Transport-Security = "max-age=15768000"; } - else { - if (req.http.Host ~ "(?i)^ru\.") { - set resp.http.Strict-Transport-Security = "max-age=15768000"; - } - else if (req.http.Host ~ "(?i)^(ca|el|en|he|it|ug|zh)\.") { - set resp.http.Strict-Transport-Security = "max-age=86400"; - } + else if (req.http.Host ~ "(?i)^(ca|el|en|he|it|ug|zh)\.") { + set resp.http.Strict-Transport-Security = "max-age=86400"; } } } -- To view, visit https://gerrit.wikimedia.org/r/218286 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I48cdea76b3df1dfcf59df28c739a16a5494086ae Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BBlack <bbl...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits