diff options
| author | Patrick Uiterwijk <puiterwijk@redhat.com> | 2017-08-02 17:29:00 +0000 |
|---|---|---|
| committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2017-08-02 17:29:00 +0000 |
| commit | ef52ab8e89380b0ac2f051b46303389bc6693462 (patch) | |
| tree | 00124d18732f1345a5e28fedbc4b3951615a4013 /roles/httpd/website | |
| parent | 753f640cd6b8497a9d2def9e6e39aa757a90e05d (diff) | |
| download | ansible-ef52ab8e89380b0ac2f051b46303389bc6693462.tar.gz ansible-ef52ab8e89380b0ac2f051b46303389bc6693462.tar.xz ansible-ef52ab8e89380b0ac2f051b46303389bc6693462.zip | |
Deploy httpd config to prevent varnish attacks
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'roles/httpd/website')
| -rw-r--r-- | roles/httpd/website/tasks/main.yml | 14 | ||||
| -rw-r--r-- | roles/httpd/website/templates/blockchunked.conf | 4 |
2 files changed, 18 insertions, 0 deletions
diff --git a/roles/httpd/website/tasks/main.yml b/roles/httpd/website/tasks/main.yml index 12bc2333e..641457b83 100644 --- a/roles/httpd/website/tasks/main.yml +++ b/roles/httpd/website/tasks/main.yml @@ -52,6 +52,20 @@ - httpd - httpd/website +- name: Copy over varnish workaround for {{name}} + template: > + src=blockchunked.conf + dest=/etc/httpd/conf.d/{{name}}/blockchunked.conf + owner=root + group=root + mode=0644 + notify: + - reload proxyhttpd + tags: + - httpd + - httpd/website + - security/workaround + - name: And lastly, the robots.txt file copy: > src={{item}} diff --git a/roles/httpd/website/templates/blockchunked.conf b/roles/httpd/website/templates/blockchunked.conf new file mode 100644 index 000000000..efae29c39 --- /dev/null +++ b/roles/httpd/website/templates/blockchunked.conf @@ -0,0 +1,4 @@ +# Workaround for https://www.varnish-cache.org/lists/pipermail/varnish-announce/2017-August/000722.html +<If "%{HTTP:Transfer-Encoding} == 'chunked'"> + Require all denied +</If> |