]>
Commit | Line | Data |
---|---|---|
90c973a6 MT |
1 | <VirtualHost *:444> |
2 | ||
3 | RewriteEngine on | |
4 | RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) | |
5 | RewriteRule .* - [F] | |
d733119b | 6 | DocumentRoot /srv/web/ipfire/html |
90c973a6 MT |
7 | ServerAdmin root@localhost |
8 | ErrorLog /var/log/httpd/error_log | |
9 | TransferLog /var/log/httpd/access_log | |
10 | SSLEngine on | |
a7006325 | 11 | SSLProtocol all -SSLv2 -SSLv3 |
f227ae4f | 12 | SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA |
69776cc4 | 13 | SSLHonorCipherOrder on |
a57f4a9f PM |
14 | SSLCompression off |
15 | SSLSessionTickets off | |
90c973a6 MT |
16 | SSLCertificateFile /etc/httpd/server.crt |
17 | SSLCertificateKeyFile /etc/httpd/server.key | |
73ba2286 PM |
18 | SSLCertificateFile /etc/httpd/server-ecdsa.crt |
19 | SSLCertificateKeyFile /etc/httpd/server-ecdsa.key | |
810a7ea2 | 20 | |
d733119b | 21 | <Directory /srv/web/ipfire/html> |
90c973a6 MT |
22 | Options ExecCGI |
23 | AllowOverride None | |
d41fe99f | 24 | Require all granted |
90c973a6 | 25 | </Directory> |
d733119b | 26 | <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)"> |
90c973a6 MT |
27 | AuthName "IPFire - Restricted" |
28 | AuthType Basic | |
29 | AuthUserFile /var/ipfire/auth/users | |
50846453 PM |
30 | <RequireAll> |
31 | Require user admin | |
32 | Require ssl | |
33 | </RequireAll> | |
90c973a6 | 34 | </DirectoryMatch> |
d733119b MT |
35 | ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ |
36 | <Directory /srv/web/ipfire/cgi-bin> | |
90c973a6 | 37 | AllowOverride None |
810a7ea2 | 38 | Options ExecCGI |
90c973a6 MT |
39 | AuthName "IPFire - Restricted" |
40 | AuthType Basic | |
41 | AuthUserFile /var/ipfire/auth/users | |
50846453 PM |
42 | <RequireAll> |
43 | Require user admin | |
44 | Require ssl | |
45 | </RequireAll> | |
d41fe99f WA |
46 | <Files chpasswd.cgi> |
47 | Require all granted | |
90c973a6 MT |
48 | </Files> |
49 | <Files webaccess.cgi> | |
d41fe99f | 50 | Require all granted |
90c973a6 | 51 | </Files> |
90c973a6 MT |
52 | </Directory> |
53 | <Files ~ "\.(cgi|shtml?)$"> | |
54 | SSLOptions +StdEnvVars | |
55 | </Files> | |
d733119b | 56 | <Directory /srv/web/ipfire/cgi-bin> |
90c973a6 MT |
57 | SSLOptions +StdEnvVars |
58 | </Directory> | |
59 | SetEnv HOME /home/nobody | |
60 | SetEnvIf User-Agent ".*MSIE.*" \ | |
61 | nokeepalive ssl-unclean-shutdown \ | |
62 | downgrade-1.0 force-response-1.0 | |
63 | CustomLog /var/log/httpd/ssl_request_log \ | |
64 | "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | |
0bc58278 AF |
65 | |
66 | Alias /updatecache/ /var/updatecache/ | |
67 | <Directory /var/updatecache> | |
68 | Options ExecCGI | |
69 | AllowOverride None | |
d41fe99f | 70 | Require all granted |
0bc58278 | 71 | </Directory> |
7e620487 | 72 | |
a4c76879 | 73 | Alias /repository/ /var/urlrepo/ |
7e620487 CS |
74 | <Directory /var/urlrepo> |
75 | Options ExecCGI | |
76 | AllowOverride None | |
d41fe99f | 77 | Require all granted |
7e620487 | 78 | </Directory> |
f8716194 MT |
79 | |
80 | Alias /proxy-reports/ /var/log/sarg/ | |
81 | <Directory /var/log/sarg> | |
82 | AllowOverride None | |
83 | Options None | |
84 | AuthName "IPFire - Restricted" | |
85 | AuthType Basic | |
86 | AuthUserFile /var/ipfire/auth/users | |
50846453 PM |
87 | <RequireAll> |
88 | Require user admin | |
89 | Require ssl | |
90 | </RequireAll> | |
f8716194 | 91 | </Directory> |
90c973a6 | 92 | </VirtualHost> |