Project

General

Profile

Bug #52984

https://*.ceph.io not redirected to https://ceph.io

Added by Dan van der Ster over 1 year ago. Updated 11 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):

Description

Looks like we have a wildcard DNS for *.ceph.io to a single A record, and that the web server is configured to accept any vhost?

These are all serving the same content:

https://ceph.io/
https://dan.ceph.io/
https://i❤️.ceph.io/

IMHO we should redirect *.ceph.io -> ceph.io

(motivation: potential abuse, and maybe SEO https://developers.google.com/search/docs/advanced/guidelines/duplicate-content?visit_id=637703411304016532-804299933&rd=1 )

History

#1 Updated by Dan van der Ster over 1 year ago

  • Project changed from Ceph to website
  • Category deleted (documentation)

#2 Updated by adam kraitman over 1 year ago

  • Status changed from New to In Progress

Looking in to it

#3 Updated by David Galloway over 1 year ago

Hi Dan,

Here is the motivation for the wildcard cert: https://github.com/ceph/ceph.io/blob/main/ansible/roles/deploy/templates/site.j2#L76-L78

Here's where we serve up the main site is if whatever.ceph.io doesn't exist: https://github.com/ceph/ceph.io/blob/main/ansible/roles/deploy/templates/site.j2#L92-L95

I'm not sure how this could be abused as we only whitelist members of the Ceph github org and a couple folks from SoftIron to trigger website builds: https://github.com/ceph/ceph-build/blob/master/ceph-website-prs/config/definitions/ceph-website-prs.yml#L24-L30

Given that background information, how do you feel about the setup?

#4 Updated by Dan van der Ster about 1 year ago

David Galloway wrote:

Hi Dan,

Here's where we serve up the main site is if whatever.ceph.io doesn't exist: https://github.com/ceph/ceph.io/blob/main/ansible/roles/deploy/templates/site.j2#L92-L95

Thanks for the background, makes sense.

Would it be possible / better to issue a temporary redirect to https://ceph.io in this case, rather than serve the main site content?

#5 Updated by David Galloway 11 months ago

  • Status changed from In Progress to Resolved

Also available in: Atom PDF