← Back to team overview

launchpad-reviewers team mailing list archive

  1. launchpad-reviewers team
  2. Mailing list archive
  3. Message #30631

[Merge] ~cjwatson/launchpad:charm-ftpmaster-top-level-directory-index into launchpad:master

  Thread PreviousDate PreviousThread Next 
Colin Watson has proposed merging ~cjwatson/launchpad:charm-ftpmaster-top-level-directory-index into launchpad:master.

Commit message:
charm: Enable a top-level directory index on ftpmaster-publish

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/454137

Although it doesn't strictly break anything if http://ftpmaster.internal/ returns 403 (as opposed to http://ftpmaster.internal/ubuntu/ etc.), it's a bit ugly and makes it look as though things are broken.  Restructure the Apache configuration so that requests for a top-level directory index return 200 with a filtered index showing only the permitted subdirectories.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:charm-ftpmaster-top-level-directory-index into launchpad:master.

diff --git a/charm/launchpad-ftpmaster-publisher/templates/vhost.conf.j2 b/charm/launchpad-ftpmaster-publisher/templates/vhost.conf.j2
index 169ff83..b24e533 100644
--- a/charm/launchpad-ftpmaster-publisher/templates/vhost.conf.j2
+++ b/charm/launchpad-ftpmaster-publisher/templates/vhost.conf.j2
@@ -6,14 +6,19 @@
     CustomLog /var/log/apache2/{{ domain_ftpmaster }}-access.log combined
     ErrorLog /var/log/apache2/{{ domain_ftpmaster }}-error.log
 
-{% for distribution in ("ubuntu", "ubuntu-partner") %}
-    <Directory "{{ archives_dir }}/ubuntu-archive/{{ distribution }}/">
+    <Directory "{{ archives_dir }}/ubuntu-archive/">
         IndexOptions NameWidth=* +SuppressDescription
         Options +Indexes +FollowSymLinks
         IndexIgnore favicon.ico
         AllowOverride None
         Require all granted
     </Directory>
-{% endfor %}
+
+    # Deny access to subdirectories other than "ubuntu" and
+    # "ubuntu-partner".  (This also has the effect of including only those
+    # subdirectories in the top-level directory index.)
+    <DirectoryMatch "{{ archives_dir }}/ubuntu-archive/[^/]+(?<!/ubuntu|/ubuntu-partner)/">
+        Require all denied
+    </DirectoryMatch>
 </VirtualHost>
  Thread PreviousDate PreviousThread Next