On secure, two not-so-great fixes are:

• Move all that javelinjs.com / phabricator.com / www.phabricator.com stuff to a box we never touch like dumbjunk001.phacility.net and let that serve all our static redirects and parked domains.
• Handle those redirects in secure.preamble.php instead of in Apache's httpd.conf.

The desired ruleset is:

• If the request path is /status/, send it to the Phabricator stack.
• If the request host is any host except *.javelinjs.com or secure.phabricator.com or p.phcdn.net or phurl.io or blog.phacility.com, redirect to secure.phabricator.com.
• If the request host is *.javelinjs.com, redirect to Javelin.
• Send anything left to the Phabricator stack.

This may be more involved to do in httpd.conf than to do via secure.preamble.php or dumbjunk001.phacility.net.

redirect to Javelin

Technically this just redirects to the Phabricator main page, I guess.

The current ruleset implements all those rules correctly, except that it 200's directly for /status/.

Also javelinjs.com currently has bogus DNS, and there's probably no value in continuing to support it for the moment. I'll keep the bills paid on the domain in case we eventually revive Javelin as a standalone framework, but we could safely drop it from config.