standard Evolix name is /etc/apache2/ipaddr_whitelist.conf cf https://wiki.evolix.org/HowtoApache

This commit is contained in:
Gregory Colpart 2017-08-18 02:31:41 +02:00
parent 463ae97508
commit e5e44d5bc1
2 changed files with 18 additions and 18 deletions

View File

@ -1,9 +1,9 @@
--- ---
- name: Init private_ipaddr_whitelist.conf file - name: Init ipaddr_whitelist.conf file
copy: copy:
src: private_ipaddr_whitelist.conf src: private_ipaddr_whitelist.conf
dest: /etc/apache2/private_ipaddr_whitelist.conf dest: /etc/apache2/ipaddr_whitelist.conf
owner: root owner: root
group: root group: root
mode: "0640" mode: "0640"
@ -13,7 +13,7 @@
- name: add IP addresses to private IP whitelist - name: add IP addresses to private IP whitelist
lineinfile: lineinfile:
dest: /etc/apache2/private_ipaddr_whitelist.conf dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}" line: "Require ip {{ item }}"
state: present state: present
with_items: "{{ apache_private_ipaddr_whitelist_present }}" with_items: "{{ apache_private_ipaddr_whitelist_present }}"
@ -23,7 +23,7 @@
- name: remove IP addresses from private IP whitelist - name: remove IP addresses from private IP whitelist
lineinfile: lineinfile:
dest: /etc/apache2/private_ipaddr_whitelist.conf dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}" line: "Require ip {{ item }}"
state: absent state: absent
with_items: "{{ apache_private_ipaddr_whitelist_absent }}" with_items: "{{ apache_private_ipaddr_whitelist_absent }}"
@ -34,7 +34,7 @@
- name: include private IP whitelist for server-status - name: include private IP whitelist for server-status
lineinfile: lineinfile:
dest: /etc/apache2/mods-available/status.conf dest: /etc/apache2/mods-available/status.conf
line: " include /etc/apache2/private_ipaddr_whitelist.conf" line: " include /etc/apache2/ipaddr_whitelist.conf"
insertafter: 'SetHandler server-status' insertafter: 'SetHandler server-status'
state: present state: present
tags: tags:

View File

@ -5,24 +5,24 @@
DocumentRoot /var/www/ DocumentRoot /var/www/
<Directory /> <Directory />
Include /etc/apache2/private_ipaddr_whitelist.conf Include /etc/apache2/ipaddr_whitelist.conf
</Directory> </Directory>
<Directory /var/www/> <Directory /var/www/>
Options -Indexes Options -Indexes
Require all denied Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf Include /etc/apache2/ipaddr_whitelist.conf
</Directory> </Directory>
# Munin. We need to set Directory directive as Alias take precedence. # Munin. We need to set Directory directive as Alias take precedence.
Alias /munin /var/cache/munin/www Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/> <Directory /var/cache/munin/>
Require all denied Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf Include /etc/apache2/ipaddr_whitelist.conf
</Directory> </Directory>
<Directory /usr/lib/munin/cgi/> <Directory /usr/lib/munin/cgi/>
Options -Indexes Options -Indexes
Require all denied Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf Include /etc/apache2/ipaddr_whitelist.conf
</Directory> </Directory>
# For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence. # For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence.
@ -30,7 +30,7 @@
<Directory /usr/lib/cgi-bin> <Directory /usr/lib/cgi-bin>
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Require all denied Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf Include /etc/apache2/ipaddr_whitelist.conf
</Directory> </Directory>
CustomLog /var/log/apache2/access.log vhost_combined CustomLog /var/log/apache2/access.log vhost_combined
@ -53,7 +53,7 @@
<IfModule mod_status.c> <IfModule mod_status.c>
<Location /server-status> <Location /server-status>
SetHandler server-status SetHandler server-status
include /etc/apache2/private_ipaddr_whitelist.conf include /etc/apache2/ipaddr_whitelist.conf
Require local Require local
</Location> </Location>
</IfModule> </IfModule>
@ -68,12 +68,12 @@
DocumentRoot /var/www/ DocumentRoot /var/www/
<Directory /> <Directory />
Include /etc/apache2/private_ipaddr_whitelist.conf Include /etc/apache2/ipaddr_whitelist.conf
</Directory> </Directory>
<Directory /var/www/> <Directory /var/www/>
Options -Indexes Options -Indexes
Require all denied Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf Include /etc/apache2/ipaddr_whitelist.conf
</Directory> </Directory>
SSLEngine on SSLEngine on
@ -83,19 +83,19 @@
# We override these 2 Directory directives setted in apache2.conf. # We override these 2 Directory directives setted in apache2.conf.
# We want no access except from allowed IP address. # We want no access except from allowed IP address.
<Directory /> <Directory />
Include /etc/apache2/private_ipaddr_whitelist.conf Include /etc/apache2/ipaddr_whitelist.conf
</Directory> </Directory>
# Munin. We need to set Directory directive as Alias take precedence. # Munin. We need to set Directory directive as Alias take precedence.
Alias /munin /var/cache/munin/www Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/> <Directory /var/cache/munin/>
Require all denied Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf Include /etc/apache2/ipaddr_whitelist.conf
</Directory> </Directory>
<Directory /usr/lib/munin/cgi/> <Directory /usr/lib/munin/cgi/>
Options -Indexes Options -Indexes
Require all denied Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf Include /etc/apache2/ipaddr_whitelist.conf
</Directory> </Directory>
# For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence. # For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence.
@ -103,7 +103,7 @@
<Directory /usr/lib/cgi-bin> <Directory /usr/lib/cgi-bin>
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Require all denied Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf Include /etc/apache2/ipaddr_whitelist.conf
</Directory> </Directory>
CustomLog /var/log/apache2/access.log vhost_combined CustomLog /var/log/apache2/access.log vhost_combined
@ -113,7 +113,7 @@
<IfModule mod_status.c> <IfModule mod_status.c>
<Location /server-status> <Location /server-status>
SetHandler server-status SetHandler server-status
include /etc/apache2/private_ipaddr_whitelist.conf include /etc/apache2/ipaddr_whitelist.conf
Require local Require local
</Location> </Location>
</IfModule> </IfModule>