web: Remove HTTP 1.1 rules

These rules need to be run on Fastly as the HTTP connection
to the backend may use a different version from the client.

diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb
index 20ca124858975bfbd9b02252b3a3faa0211bea36..98168ddc62070a9ae84e90f35f4e683fd8a3d6c3 100644 (file)
--- a/cookbooks/web/templates/default/apache.frontend.erb
+++ b/cookbooks/web/templates/default/apache.frontend.erb
@@ -131,9 +131,10 @@ ErrorLog /var/log/apache2/error.log
   #
   # Block bogus user agents
   #
-  RewriteCond %{SERVER_PROTOCOL} =HTTP/1.1
-  RewriteCond %{HTTP_USER_AGENT} Chrome/((103|105|107|108|109|110|111|112|116|117|120|124|131|133)\.0\.0\.0|104\.0\.5112\.81|106\.0\.5249\.119) [NC]
-  RewriteRule . - [F,L]
+  # removed 2026-03-08, doesn't work with Fastly turning everything to http 1.1
+  # RewriteCond %{SERVER_PROTOCOL} =HTTP/1.1
+  # RewriteCond %{HTTP_USER_AGENT} Chrome/((103|105|107|108|109|110|111|112|116|117|120|124|131|133)\.0\.0\.0|104\.0\.5112\.81|106\.0\.5249\.119) [NC]
+  # RewriteRule . - [F,L]
 
   #
   # Redirect ACME certificate challenges (Fastly redirects from HTTP to HTTPS, so we need to handle them here)