From: Paul Norman <penorman@mac.com>
Date: Sun, 8 Mar 2026 05:37:29 +0000 (-0800)
Subject: web: Remove HTTP 1.1 rules
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain

web: Remove HTTP 1.1 rules

These rules need to be run on Fastly as the HTTP connection
to the backend may use a different version from the client.
---

diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb
index 20ca12485..98168ddc6 100644
--- a/cookbooks/web/templates/default/apache.frontend.erb
+++ b/cookbooks/web/templates/default/apache.frontend.erb
@@ -131,9 +131,10 @@ ErrorLog /var/log/apache2/error.log
   #
   # Block bogus user agents
   #
-  RewriteCond %{SERVER_PROTOCOL} =HTTP/1.1
-  RewriteCond %{HTTP_USER_AGENT} Chrome/((103|105|107|108|109|110|111|112|116|117|120|124|131|133)\.0\.0\.0|104\.0\.5112\.81|106\.0\.5249\.119) [NC]
-  RewriteRule . - [F,L]
+  # removed 2026-03-08, doesn't work with Fastly turning everything to http 1.1
+  # RewriteCond %{SERVER_PROTOCOL} =HTTP/1.1
+  # RewriteCond %{HTTP_USER_AGENT} Chrome/((103|105|107|108|109|110|111|112|116|117|120|124|131|133)\.0\.0\.0|104\.0\.5112\.81|106\.0\.5249\.119) [NC]
+  # RewriteRule . - [F,L]
 
   #
   # Redirect ACME certificate challenges (Fastly redirects from HTTP to HTTPS, so we need to handle them here)