Bug #52984
closedhttps://*.ceph.io not redirected to https://ceph.io
0%
Description
Looks like we have a wildcard DNS for *.ceph.io to a single A record, and that the web server is configured to accept any vhost?
These are all serving the same content:
https://ceph.io/
https://dan.ceph.io/
https://i❤️.ceph.io/
IMHO we should redirect *.ceph.io -> ceph.io
(motivation: potential abuse, and maybe SEO https://developers.google.com/search/docs/advanced/guidelines/duplicate-content?visit_id=637703411304016532-804299933&rd=1 )
Updated by Dan van der Ster over 2 years ago
- Project changed from Ceph to website
- Category deleted (
documentation)
Updated by David Galloway over 2 years ago
Hi Dan,
Here is the motivation for the wildcard cert: https://github.com/ceph/ceph.io/blob/main/ansible/roles/deploy/templates/site.j2#L76-L78
Here's where we serve up the main site is if whatever.ceph.io doesn't exist: https://github.com/ceph/ceph.io/blob/main/ansible/roles/deploy/templates/site.j2#L92-L95
I'm not sure how this could be abused as we only whitelist members of the Ceph github org and a couple folks from SoftIron to trigger website builds: https://github.com/ceph/ceph-build/blob/master/ceph-website-prs/config/definitions/ceph-website-prs.yml#L24-L30
Given that background information, how do you feel about the setup?
Updated by Dan van der Ster over 2 years ago
David Galloway wrote:
Hi Dan,
Here's where we serve up the main site is if whatever.ceph.io doesn't exist: https://github.com/ceph/ceph.io/blob/main/ansible/roles/deploy/templates/site.j2#L92-L95
Thanks for the background, makes sense.
Would it be possible / better to issue a temporary redirect to https://ceph.io in this case, rather than serve the main site content?
Updated by David Galloway about 2 years ago
- Status changed from In Progress to Resolved