Hashar has uploaded a new change for review.
https://gerrit.wikimedia.org/r/81930
Change subject: contint: tweak Zuul git apache rule
......................................................................
contint: tweak Zuul git apache rule
We get to apply the Order directive on the ScriptAlias destination, and
specially to the directory holding the script: /usr/lib/git-core
Also changed the Order rule to Allow,Deny, which would deny anything
uneless the request is solely matched by an Allow.
Change-Id: Ibbcc127e624e596a32ee94d0861acd9491461e69
---
M modules/contint/templates/apache/integration.wikimedia.org.erb
1 file changed, 2 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/30/81930/1
diff --git a/modules/contint/templates/apache/integration.wikimedia.org.erb
b/modules/contint/templates/apache/integration.wikimedia.org.erb
index 6b92e67..0e1c4fc 100644
--- a/modules/contint/templates/apache/integration.wikimedia.org.erb
+++ b/modules/contint/templates/apache/integration.wikimedia.org.erb
@@ -30,9 +30,8 @@
ScriptAlias /zuul/git/ /usr/lib/git-core/git-http-backend/
# Restrict access to internal network
- <Directory <%= @zuul_git_dir %>>
- Order Deny,Allow
- Deny from all
+ <Directory "/usr/lib/git-core/">
+ Order Allow,Deny
Allow from 10.0.0.0/8
Allow from 127.0.0.1
# gallium is a slave with a public IP address
--
To view, visit https://gerrit.wikimedia.org/r/81930
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibbcc127e624e596a32ee94d0861acd9491461e69
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Hashar <has...@free.fr>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
