Revert "Make security -> security-cdn redirect global, not just for the linux package"

I need to update the mirror health check to account for this.

This reverts commit d8b6b760a99f36fc6bf6088b8e998c1d67d46ab6.

diff --git a/modules/roles/templates/security_mirror/security.debian.org.erb b/modules/roles/templates/security_mirror/security.debian.org.erb
index 52e7950..3d79591 100644 (file)
--- a/modules/roles/templates/security_mirror/security.debian.org.erb
+++ b/modules/roles/templates/security_mirror/security.debian.org.erb
@@ -44,7 +44,13 @@
    <% if scope.function_onion_global_service_hostname(['security.debian.org']) -%>
    RewriteCond %{HTTP_HOST} "!=<%= scope.function_onion_global_service_hostname(['security.debian.org']) %>"
    <% end %>
-   RewriteRule ^/(.*) http://security-cdn.debian.org/$1 [L,R=302]
+   RewriteRule ^/(pool/updates/main/l/linux/.*) http://security-cdn.debian.org/$1 [L,R=302]
+   RewriteCond %{HTTP:Fastly-Client-IP} !. [NV]
+   RewriteCond %{HTTP_USER_AGENT} "!Amazon CloudFront"
+   <% if scope.function_onion_global_service_hostname(['security.debian.org']) -%>
+   RewriteCond %{HTTP_HOST} "!=<%= scope.function_onion_global_service_hostname(['security.debian.org']) %>"
+   <% end %>
+   RewriteRule ^/debian-security/(pool/updates/main/l/linux/.*) http://security-cdn.debian.org/$1 [L,R=302]
 
    CustomLog /var/log/apache2/security.debian.org-access.log privacy
    ServerSignature On