[MediaWiki-commits] [Gerrit] HTTPS: no explicit proxy support - change (operations/puppet)

Sun, 14 Jun 2015 17:09:51 -0700 

BBlack has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/218286

Change subject: HTTPS: no explicit proxy support
......................................................................

HTTPS: no explicit proxy support

Change-Id: I48cdea76b3df1dfcf59df28c739a16a5494086ae
---
M modules/varnish/templates/vcl/wikimedia.vcl.erb
1 file changed, 7 insertions(+), 25 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/86/218286/1

diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb 
b/modules/varnish/templates/vcl/wikimedia.vcl.erb
index 6734342..86328e9 100644
--- a/modules/varnish/templates/vcl/wikimedia.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb
@@ -171,17 +171,9 @@
 sub https_recv_redirect {
        if (req.request == "GET" || req.request == "HEAD") {
                if (req.http.X-Forwarded-Proto != "https") {
-                       if (req.url ~ "(?i)^https?:") {
-                               if (req.url ~ 
"(?i)^https?://(ca|el|en|he|it|ru|ug|zh)\.") {
-                                       set req.http.Location = regsub(req.url, 
"(?i)^http:", "https:");
-                                       error 751 "TLS Redirect";
-                               }
-                       }
-                       else {
-                               if (req.http.Host ~ 
"(?i)^(ca|el|en|he|it|ru|ug|zh)\.") {
-                                       set req.http.Location = "https://"; + 
req.http.Host + req.url;
-                                       error 751 "TLS Redirect";
-                               }
+                       if (req.http.Host ~ "(?i)^(ca|el|en|he|it|ru|ug|zh)\.") 
{
+                               set req.http.Location = "https://"; + 
req.http.Host + req.url;
+                               error 751 "TLS Redirect";
                        }
                }
        }
@@ -206,21 +198,11 @@
 // *** HTTPS deliver code - domain-based HSTS headers
 sub https_deliver_hsts {
        if (req.http.X-Forwarded-Proto == "https") {
-               if (req.url ~ "(?i)^https?:") {
-                       if (req.url ~ "(?i)^https?://ru\.") {
-                               set resp.http.Strict-Transport-Security = 
"max-age=15768000";
-                       }
-                       else if (req.url ~ 
"(?i)^https?://(ca|el|en|he|it|ug|zh)\.") {
-                               set resp.http.Strict-Transport-Security = 
"max-age=86400";
-                       }
+               if (req.http.Host ~ "(?i)^ru\.") {
+                       set resp.http.Strict-Transport-Security = 
"max-age=15768000";
                }
-               else {
-                       if (req.http.Host ~ "(?i)^ru\.") {
-                               set resp.http.Strict-Transport-Security = 
"max-age=15768000";
-                       }
-                       else if (req.http.Host ~ 
"(?i)^(ca|el|en|he|it|ug|zh)\.") {
-                               set resp.http.Strict-Transport-Security = 
"max-age=86400";
-                       }
+               else if (req.http.Host ~ "(?i)^(ca|el|en|he|it|ug|zh)\.") {
+                       set resp.http.Strict-Transport-Security = 
"max-age=86400";
                }
        }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/218286
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I48cdea76b3df1dfcf59df28c739a16a5494086ae
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to