Issue 2301 - Improve beta.adblockplus.org configuration

modules/web/templates/adblockplus.org.conf.erb

Index: modules/web/templates/adblockplus.org.conf.erb
===================================================================
new file mode 100644
--- /dev/null
+++ b/modules/web/templates/adblockplus.org.conf.erb
@@ -0,0 +1,220 @@
+# XSS and clickjacking prevention headers
+
+set $csp_frame "";
+if ($uri ~ ^/(:?\w\w(_\w\w)?/)?(?:index|firefox|chrome|opera|android|internet-explorer|safari|yandex-browser|maxthon)?$)
+{
+  set $csp_frame "; frame-src www.youtube-nocookie.com;";
+}
+add_header Content-Security-Policy "default-src \'self\'; img-src * data:; style-src \'self\' \'unsafe-inline\'; script-src \'self\' \'unsafe-inline\' \'unsafe-eval\' $csp_frame";
+add_header X-Frame-Options "sameorigin";
+
+# User agent sniffing
+
+set $user_agent "";
+if ($http_user_agent ~ \bGecko/\d+)
+{
+  set $user_agent "firefox";
+}
+if ($http_user_agent ~ \bSafari/\d+)
+{
+  set $user_agent "safari";
+}
+if ($http_user_agent ~ \bChrome/\d+)
+{
+  set $user_agent "chrome";
+}
+if ($http_user_agent ~ \bMSIE\ \d+)
+{
+  set $user_agent "internet-explorer";
+}
+if ($http_user_agent ~ \bTrident/\d+)
+{
+  set $user_agent "internet-explorer";
+}
+if ($http_user_agent ~ \bEdge/\d+)
+{
+  set $user_agent "internet-explorer";
+}
+if ($http_user_agent ~ \bPresto/\d+)
+{
+  set $user_agent "opera";
+}
+if ($http_user_agent ~ \bOPR/\d+)
+{
+  set $user_agent "opera";
+}
+if ($http_user_agent ~ \bAndroid\s.*\bAppleWebKit/\d+)
+{
+  set $user_agent "android";
+}
+if ($http_user_agent ~ \bYaBrowser/\d+)
+{
+  set $user_agent "yandex-browser";
+}
+if ($http_user_agent ~ \bMaxthon/\d+)
+{
+  set $user_agent "maxthon";
+}
+
+sub_filter \' id="content" class="\' \' id="content" class="ua-$user_agent \';
+
+set $index_page "firefox";
+if ($user_agent != "")
+{
+  set $index_page $user_agent;
+}
+
+# Various redirects
+
+rewrite ^/(\w\w(_\w\w)?/)?changelog-1.3.1$ /$1\changelog-1.3 permanent;
+rewrite ^/downloads/(.*) https://downloads.adblockplus.org/$1 permanent;
+
+location /redirect
+{
+  if ($arg_link = "reporter_connect_issue")
+  {
+    rewrite ^ /forum/? redirect;
+  }
+  if ($arg_link = "reporter_other_link")
+  {
+    rewrite ^ /forum/? redirect;
+  }
+  if ($arg_link = "chrome_support")
+  {
+    rewrite ^ /forum/viewforum.php?f=10? redirect;
+  }
+  if ($arg_link = "opera_support")
+  {
+    rewrite ^ /forum/viewforum.php?f=14? redirect;
+  }
+  if ($arg_link = "safari_support")
+  {
+    rewrite ^ /forum/viewforum.php?f=18? redirect;
+  }
+  if ($arg_link = "knownIssuesChrome_filterstorage")
+  {
+    rewrite ^ /forum/viewtopic.php?t=23597? redirect;
+  }
+
+  set $lang "en";
+  set $link "";
+  set $anchor "";
+
+  if ($arg_link ~ "^share-")
+  {
+    set $link "share";
+    set $anchor "?a=minimal";
+  }
+  if ($arg_link = "gettingStarted")
+  {
+    set $link "getting_started";
+  }
+  if ($arg_link = "faq")
+  {
+    set $link "faq";
+  }
+  if ($arg_link = "filterdoc")
+  {
+    set $link "filters";
+  }
+  if ($arg_link = "subscriptions")
+  {
+    set $link "subscriptions";
+  }
+  if ($arg_link = "reporter_privacy")
+  {
+    set $link "privacy";
+    set $anchor "#abp_issue_reporter";
+  }
+  if ($arg_link = "contribute")
+  {
+    set $link "contribute";
+  }
+  if ($arg_link = "donate")
+  {
+    set $link "donate";
+  }
+  if ($arg_link = "acceptable_ads")
+  {
+    set $link "acceptable-ads";
+  }
+  if ($arg_link = "acceptable_ads_criteria")
+  {
+    set $link "acceptable-ads";
+    set $anchor "#criteria";
+  }
+  if ($arg_link = "contributors")
+  {
+    set $link "contributors";
+  }
+
+  if ($link = "")
+  {
+    return 404;
+  }
+
+  if ($arg_lang ~ ^(\w+))
+  {
+    set $lang $1;
+  }
+  if (!-f "$document_root/$lang/$link")
+  {
+    set $lang "!!";
+  }
+  set $langtest "$arg_lang $lang";
+  if ($langtest ~ "^(\w+)-(\w+) !!")
+  {
+    set $lang "$1_$2";
+  }
+  if (!-f "$document_root/$lang/$link")
+  {
+    set $lang "en";
+  }
+  if ($link = "share")
+  {
+    rewrite ^ https://share.adblockplus.org/$lang/? redirect;

[Wladimir Palant, 2015/04/15 12:26:54]

While this works right now, the approach will have to change once
share.adblockplus.org moves to its own server. I think we will just redirect to
https://share.adblockplus.org/$arg_lang/ unconditionally and let the other
server figure out whether the language exists or an additional redirect is
required.

+  }
+  rewrite ^ /$lang/$link$anchor? redirect;
+}
+
+location /devbuilds
+{
+  rewrite ^(.*) https://downloads.adblockplus.org$1;
+}
+
+# Locations still served by the legacy server
+
+location ~ ^(/blog|/releases|/development-builds|/atom|/rss|/category|/section|/author|/file_download|/textpattern|/default-static|/_override-static)($|/)
+{
+  try_files $uri @proxied;
+}
+location /forum
+{
+  try_files $uri @proxied;
+}
+location /subscriptions.xml
+{
+  try_files $uri @proxied;
+}
+location /subscriptions2.xml
+{
+  try_files $uri @proxied;
+}
+location /subscriptionStatus
+{
+  try_files $uri @proxied;
+}
+location /jsdoc
+{
+  try_files $uri @proxied;
+}
+location /403.html
+{
+  try_files $uri @proxied;
+}
+location @proxied
+{
+  proxy_pass https://server_16.adblockplus.org;
+  proxy_set_header Host adblockplus.org;
+  proxy_redirect https://adblockplus.org/ https://$host/;
+}