From 9bda5645d8f39ea43f6d24d854422f07f172e0ad Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Tue, 30 Jan 2018 15:03:44 +0100
Subject: [PATCH] Do not provide private files from Varnish

---
 templates/haproxy_cfg.jinja2 | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/templates/haproxy_cfg.jinja2 b/templates/haproxy_cfg.jinja2
index 154b675..0fabc57 100644
--- a/templates/haproxy_cfg.jinja2
+++ b/templates/haproxy_cfg.jinja2
@@ -162,7 +162,8 @@ frontend http_in
   acl domain_ignores_varnish hdr(host) -i -n -f /etc/haproxy/ignore_varnish.list
   use_backend backend_varnish_bigpipe if domain_uses_bigpipe !domain_ignores_varnish
   acl static_content path_end .jpg .jpeg .gif .png .ico .swf .css .js .htm .html
-  use_backend backend_varnish if static_content !domain_ignores_varnish
+  acl static_content_private path_beg /system/
+  use_backend backend_varnish if static_content !static_content_private !domain_ignores_varnish
 {% endif %}
 {% if 'webserver' in groups %}
 {% for host in groups['webserver']|sort %}
@@ -289,7 +290,8 @@ frontend https_in_{{ cert.ip }}
   acl domain_ignores_varnish hdr(host) -i -n -f /etc/haproxy/ignore_varnish.list
   use_backend backend_varnish_bigpipe if domain_uses_bigpipe !domain_ignores_varnish
   acl static_content path_end .jpg .jpeg .gif .png .ico .swf .css .js .htm .html
-  use_backend backend_varnish if static_content !domain_ignores_varnish
+  acl static_content_private path_beg /system/
+  use_backend backend_varnish if static_content !static_content_private !domain_ignores_varnish
 {% endif %}
 {% if 'webserver' in groups %}
 {% for host in groups['webserver']|sort %}
-- 
GitLab