Exclude nagios check_http from security to security-cdn redirect

[mirror/dsa-puppet.git] / modules / roles / templates / security_mirror / security.debian.org.erb

diff --git a/modules/roles/templates/security_mirror/security.debian.org.erb b/modules/roles/templates/security_mirror/security.debian.org.erb
index bd1e40c..ce8e82a 100644 (file)
--- a/modules/roles/templates/security_mirror/security.debian.org.erb
+++ b/modules/roles/templates/security_mirror/security.debian.org.erb
@@ -5,7 +5,7 @@
 
 <VirtualHost *:80>
    ServerAdmin debian-admin@debian.org
-   DocumentRoot /srv/ftp.root/debian-security
+   DocumentRoot /srv/mirrors/debian-security
    ServerPath /debian-security
    ServerName security.debian.org
    ServerAlias security.ipv6.debian.org
@@ -28,8 +28,8 @@
    ExpiresActive On
    ExpiresDefault "access plus 2 minutes"
 
-   Alias /debian-security /srv/ftp.root/debian-security
-   Use ftp-archive /srv/ftp.root/debian-security
+   Alias /debian-security /srv/mirrors/debian-security
+   Use ftp-archive /srv/mirrors/debian-security
 
    Alias /_health /run/dsa-mirror-health-security/health
    <Directory /run/dsa-mirror-health-security/>
@@ -41,12 +41,14 @@
 
    RewriteCond %{HTTP:Fastly-Client-IP} !. [NV]
    RewriteCond %{HTTP_USER_AGENT} "!Amazon CloudFront"
+   RewriteCond %{HTTP_USER_AGENT} "!check_http"
    <% if scope.function_onion_global_service_hostname(['security.debian.org']) -%>
    RewriteCond %{HTTP_HOST} "!=<%= scope.function_onion_global_service_hostname(['security.debian.org']) %>"
    <% end %>
    RewriteRule ^/(pool/updates/main/l/linux/.*) http://security-cdn.debian.org/$1 [L,R=302]
    RewriteCond %{HTTP:Fastly-Client-IP} !. [NV]
    RewriteCond %{HTTP_USER_AGENT} "!Amazon CloudFront"
+   RewriteCond %{HTTP_USER_AGENT} "!check_http"
    <% if scope.function_onion_global_service_hostname(['security.debian.org']) -%>
    RewriteCond %{HTTP_HOST} "!=<%= scope.function_onion_global_service_hostname(['security.debian.org']) %>"
    <% end %>