cfpb · CFPBot · Aug 6, 2019 · Mar 5, 2019 · Mar 20, 2019 · Mar 29, 2019
diff --git a/.gitignore b/.gitignore
@@ -132,3 +132,8 @@ cfgov/paying_for_college/fixtures/national_stats_backup.json
 # Auto-generated service workers #
 ##################################
 cfgov/regulations3k/jinja2/regulations3k/regulations3k-service-worker.js
+
+# Apache #
+##########
+cfgov/apache/logs/*
+cfgov/apache/modules
diff --git a/cfgov/apache/conf.d/alias.conf b/cfgov/apache/conf.d/alias.conf
@@ -0,0 +1,13 @@
+# Bing site auth
+Alias /BingSiteAuth.xml ${STATIC_PATH}/BingSiteAuth.xml
+Alias /code.json ${STATIC_PATH}/code.json
+Alias /data.json ${STATIC_PATH}/data.json
+Alias /favicon.ico ${STATIC_PATH}/favicon.ico
+Alias /foia/quarterly ${STATIC_PATH}/foia/quarterly
+# Facebook site auth
+Alias /lln8595c61g9qnvuwvtlcwo1k6kem8.html ${STATIC_PATH}/lln8595c61g9qnvuwvtlcwo1k6kem8.html
+Alias /robots.txt ${STATIC_PATH}/robots.txt
+Alias /static/f/ ${STATIC_PATH}/nemo/_/f/
+# Preserves legacy URL compatibility, but this is not actually using Wordpress
+Alias /wp-content/themes/cfpb_nemo/_/  ${STATIC_PATH}/nemo/_/
+Alias /static/ ${STATIC_PATH}/
diff --git a/cfgov/apache/conf.d/headers.conf b/cfgov/apache/conf.d/headers.conf
@@ -0,0 +1,30 @@
+ServerTokens ProductOnly
+ServerSignature Off
+TraceEnable off
+LimitRequestFieldSize 8190
+KeepAlive On
+MaxKeepAliveRequests 500
+
+
+Header always set X-Frame-Options SAMEORIGIN
+Header always set X-XSS-Protection: "1; mode=block"
+Header always set X-Content-Type-Options: nosniff
+
+<LocationMatch "^\/owning-a-home\/.+.pdf">
+        Header set Content-Disposition attachment
+</LocationMatch>
+
+<LocationMatch ^\/static\/.+\.[0-9a-f]{12}\..+$>
+        ExpiresActive On
+        Header always set Edge-Control: cache-maxage=1000d,downstream-ttl=1000d
+        ExpiresDefault "now plus 1000 days"
+</LocationMatch>
+
+# this was a test, that we may want to refer back to later. Leaving it (but commented) for posterity
+#<LocationMatch ^\/company-signup\/$>
+#        Header always set Edge-Control: no-store
+#</LocationMatch>
+
+<LocationMatch ^\/consumer-tools/prepaid-cards\/>
+        Header always set Edge-Control: no-store
+</LocationMatch>
diff --git a/cfgov/apache/conf.d/maintenance.conf b/cfgov/apache/conf.d/maintenance.conf
@@ -0,0 +1,9 @@
+RewriteEngine On
+
+# We use the presence of a specific file to indicate whether or not the website
+# is down for maintenance. If this file exists, we respond to all requests with
+# 503 Service Unavailable.
+RewriteCond ${CFGOV_CURRENT}/WEBSITE_DOWN_FOR_MAINTENANCE -f
+
+# If that file exists, return a 503 for all requests.
+RewriteRule ^ - [R=503,L]
diff --git a/cfgov/apache/conf.d/redirects.conf b/cfgov/apache/conf.d/redirects.conf
diff --git a/cfgov/apache/conf.d/user-testing.conf b/cfgov/apache/conf.d/user-testing.conf
@@ -0,0 +1,38 @@
+# User testing pages
+
+Alias /testing/ ${CFGOV_SANDBOX}
+<Directory "${CFGOV_SANDBOX}">
+    # Disable directory browsing
+    Options All -Indexes -Includes -IncludesNOEXEC
+
+    Require all granted
+</Directory>
+<Location "/testing/">
+
+
+    # prevent gz encoding, which breaks substitutions
+    RequestHeader unset Accept-Encoding
+    AddOutputFilterByType SUBSTITUTE text/html
+    Substitute "s|(<body.*?>)|$1 \
+<div class=\"beta-banner expandable\" id=\"beta-banner\" \
+     style=\"padding: 30px 0; background: #FFECD1; font-size: 16px; \
+            font-family: AvenirNextLTW01-Regular, Arial, sans-serif;\"> \
+    <div style=\"padding-left: 30px; padding-right: 30px; max-width: 1140px; margin: 0 34.5px\"> \
+        <div class=\"beta-banner_head\" style=\"font-size: 1.125em; margin-bottom: .31325em; line-height=1.2222222\"> \
+            <span class=\"cf-icon cf-icon-error-round beta-banner_icon\" style=\"color: #FF9E1B;\"></span> \
+            This testing site is under construction. \
+        </div> \
+        <p class=\"beta-banner_desc expandable_content\" style=\"margin: 0; font-size: 1em; line-height=1.375\"> \
+            Some things may not work as expected. \
+            Our regular site continues to be at \
+            <a href=\"http://www.consumerfinance.gov/\">www.consumerfinance.gov</a>. \
+        </p> \
+    </div> \
+</div>|i"
+
+    # Use Django's 404 page for errors. Any non-existant URL outsite of
+    # /testing/ will result in a pretty 404 page. This tweak piggypacks
+    # on Django's page generator by redirecting under the hood
+    ErrorDocument 404 /i-want-an-error-page/
+    ErrorDocument 403 /i-want-an-error-page/
+</Location>
diff --git a/cfgov/apache/conf.d/wsgi.conf b/cfgov/apache/conf.d/wsgi.conf
@@ -0,0 +1,20 @@
+ServerName consumerfinance.gov
+
+WSGIApplicationGroup %{GLOBAL}
+WSGIDaemonProcess django  processes=${APACHE_PROCESS_COUNT} threads=15 display-name=%{GROUP} python-path=${CFGOV_CURRENT}/venv/lib/python2.7/site-packages:${CFGOV_CURRENT}/venv/lib64/python2.7/site-packages:${CFGOV_CURRENT} home=${CFGOV_CURRENT}
+WSGIProcessGroup django
+WSGIScriptAlias / ${CFGOV_CURRENT}/wsgi.py
+
+<Directory ${CFGOV_PATH}>
+    Require all granted
+    Options +FollowSymLinks
+</Directory>
+
+<Directory ${CFGOV_CURRENT}>
+    Require all granted
+    Options +FollowSymLinks
+</Directory>
+
+<Directory ${STATIC_PATH}>
+    Require all granted
+</Directory>
diff --git a/cfgov/apache/conf.modules.d/00-base.conf b/cfgov/apache/conf.modules.d/00-base.conf
@@ -0,0 +1,69 @@
+#
+# This file loads most of the modules included with the Apache HTTP
+# Server itself.
+#
+
+LoadModule mpm_event_module modules/mod_mpm_event.so
+LoadModule wsgi_module modules/mod_python27-wsgi.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule actions_module modules/mod_actions.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule allowmethods_module modules/mod_allowmethods.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule auth_digest_module modules/mod_auth_digest.so
+LoadModule authn_anon_module modules/mod_authn_anon.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authn_dbd_module modules/mod_authn_dbd.so
+LoadModule authn_dbm_module modules/mod_authn_dbm.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authn_socache_module modules/mod_authn_socache.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_dbd_module modules/mod_authz_dbd.so
+LoadModule authz_dbm_module modules/mod_authz_dbm.so
+LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_owner_module modules/mod_authz_owner.so
+LoadModule authz_user_module modules/mod_authz_user.so
+# LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule cache_module modules/mod_cache.so
+LoadModule cache_disk_module modules/mod_cache_disk.so
+LoadModule cache_socache_module modules/mod_cache_socache.so
+LoadModule data_module modules/mod_data.so
+LoadModule dbd_module modules/mod_dbd.so
+LoadModule deflate_module modules/mod_deflate.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule dumpio_module modules/mod_dumpio.so
+LoadModule echo_module modules/mod_echo.so
+LoadModule env_module modules/mod_env.so
+LoadModule expires_module modules/mod_expires.so
+LoadModule ext_filter_module modules/mod_ext_filter.so
+LoadModule filter_module modules/mod_filter.so
+LoadModule headers_module modules/mod_headers.so
+# LoadModule http2_module modules/mod_http2.so
+LoadModule include_module modules/mod_include.so
+# LoadModule info_module modules/mod_info.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule logio_module modules/mod_logio.so
+LoadModule macro_module modules/mod_macro.so
+LoadModule mime_magic_module modules/mod_mime_magic.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule remoteip_module modules/mod_remoteip.so
+LoadModule reqtimeout_module modules/mod_reqtimeout.so
+LoadModule request_module modules/mod_request.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
+LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
+LoadModule socache_dbm_module modules/mod_socache_dbm.so
+LoadModule socache_memcache_module modules/mod_socache_memcache.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+# LoadModule status_module modules/mod_status.so
+LoadModule substitute_module modules/mod_substitute.so
+LoadModule suexec_module modules/mod_suexec.so
+LoadModule unique_id_module modules/mod_unique_id.so
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule userdir_module modules/mod_userdir.so
+LoadModule version_module modules/mod_version.so
+LoadModule vhost_alias_module modules/mod_vhost_alias.so
+