pfizer - add locationmatch security

diff --git a/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml b/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml
index d6b70aab63670f3d941f879db9605da938d9d43f..3fcd966f8a9b1b2924ed3b3de85bcf2a6ba7cf5c 100644 (file)
--- a/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml
+++ b/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml
@@ -103,8 +103,8 @@ site::profile::drupal::projects:
     #SetEnvIf User-Agent         ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
     directories:
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -156,8 +156,8 @@ site::profile::typo3::projects:
     ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem
     directories:
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -587,8 +587,8 @@ site::profile::apache::vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -615,8 +615,8 @@ site::profile::apache::vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -643,8 +643,8 @@ site::profile::apache::vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -671,8 +671,8 @@ site::profile::apache::vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -702,8 +702,8 @@ site::profile::apache::vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -739,8 +739,8 @@ site::profile::apache::vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -768,8 +768,8 @@ site::profile::apache::vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -819,8 +819,8 @@ site::profile::apache::vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -862,8 +862,8 @@ site::profile::apache::vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -902,8 +902,8 @@ site::profile::apache::vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -939,8 +939,8 @@ site::profile::apache::vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -979,8 +979,8 @@ site::profile::apache::vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -1013,8 +1013,8 @@ site::profile::apache::vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -1044,8 +1044,8 @@ site::profile::apache::vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file

diff --git a/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml b/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml
index 1f9e58123cf4983eb394476c946cedb764ef7cdd..ad8a8377af18c28648cd914b5a1a0cc787d633b0 100644 (file)
--- a/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml
+++ b/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml
@@ -110,8 +110,8 @@ site::profile::typo3::projects:
     #SetEnvIf User-Agent   ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
     directories:
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: dev-redaktion-pfizer-de
         auth_digest_provider: file

diff --git a/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml b/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml
index a21158fb981046931a61e0e9bfa4e55ce205c81c..30171be60ad37983012776835ae4753cca6c625f 100644 (file)
--- a/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml
+++ b/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml
@@ -128,8 +128,8 @@ site::profile::drupal::projects:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -184,8 +184,8 @@ site::profile::typo3::projects:
     ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem
     directories:
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -197,7 +197,6 @@ site::profile::typo3::projects:
       - location_protected:
         provider: location
         path: '/protected'
-        order: 'deny,allow'
         require:
           - 'all denied'
     user: apache
@@ -626,8 +625,8 @@ site::profile::apache::pp_vhosts:
         allow_override:
           - None
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -660,8 +659,8 @@ site::profile::apache::pp_vhosts:
         allow_override:
           - None
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -693,8 +692,8 @@ site::profile::apache::pp_vhosts:
         allow_override:
           - None
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -727,8 +726,8 @@ site::profile::apache::pp_vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -768,8 +767,8 @@ site::profile::apache::pp_vhosts:
         allow_override:
           - None
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -803,8 +802,8 @@ site::profile::apache::pp_vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -852,8 +851,8 @@ site::profile::apache::pp_vhosts:
           - All
         directoryindex: rheuma.html
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -895,8 +894,8 @@ site::profile::apache::pp_vhosts:
           - All
         directoryindex: psoriasis.html
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -934,8 +933,8 @@ site::profile::apache::pp_vhosts:
         allow_override:
           - None
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -966,8 +965,8 @@ site::profile::apache::pp_vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -998,8 +997,8 @@ site::profile::apache::pp_vhosts:
         allow_override:
           - All
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -1042,8 +1041,8 @@ site::profile::apache::pp_vhosts:
         options:
         - None
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file
@@ -1076,8 +1075,8 @@ site::profile::apache::pp_vhosts:
         allow_override:
           - None
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: pixelrealm
         auth_digest_provider: file

diff --git a/customer/pfizer/web02-pfizer-de.pixelpark.net.yaml b/customer/pfizer/web02-pfizer-de.pixelpark.net.yaml
index 56c798e6aef4caddb2ee78b5e06875c8a391fb7c..0b61153fe0beb5369ba59b0be6757d9a8a055f38 100644 (file)
--- a/customer/pfizer/web02-pfizer-de.pixelpark.net.yaml
+++ b/customer/pfizer/web02-pfizer-de.pixelpark.net.yaml
@@ -82,8 +82,8 @@ site::profile::typo3::projects:
     #SetEnvIf User-Agent   ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
     directories:
       - location_root:
-        provider: location
-        path: '/'
+        provider: locationmatch
+        path: '^/!(server-status|server-info)'
         auth_type: Digest
         auth_name: redaktion-pfizer-de
         auth_digest_provider: file