]>
Commit | Line | Data |
---|---|---|
90c973a6 MT |
1 | <VirtualHost *:444> |
2 | ||
3 | RewriteEngine on | |
4 | RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) | |
5 | RewriteRule .* - [F] | |
d733119b | 6 | DocumentRoot /srv/web/ipfire/html |
90c973a6 MT |
7 | ServerAdmin root@localhost |
8 | ErrorLog /var/log/httpd/error_log | |
9 | TransferLog /var/log/httpd/access_log | |
10 | SSLEngine on | |
11 | SSLProtocol all -SSLv2 | |
69776cc4 MT |
12 | SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK |
13 | SSLHonorCipherOrder on | |
90c973a6 MT |
14 | SSLCertificateFile /etc/httpd/server.crt |
15 | SSLCertificateKeyFile /etc/httpd/server.key | |
810a7ea2 | 16 | |
d733119b | 17 | <Directory /srv/web/ipfire/html> |
90c973a6 MT |
18 | Options ExecCGI |
19 | AllowOverride None | |
20 | Order allow,deny | |
21 | Allow from all | |
22 | </Directory> | |
d733119b | 23 | <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)"> |
90c973a6 MT |
24 | AuthName "IPFire - Restricted" |
25 | AuthType Basic | |
26 | AuthUserFile /var/ipfire/auth/users | |
27 | Require user admin | |
28 | </DirectoryMatch> | |
d733119b MT |
29 | ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ |
30 | <Directory /srv/web/ipfire/cgi-bin> | |
90c973a6 | 31 | AllowOverride None |
810a7ea2 | 32 | Options ExecCGI |
90c973a6 MT |
33 | AuthName "IPFire - Restricted" |
34 | AuthType Basic | |
35 | AuthUserFile /var/ipfire/auth/users | |
36 | Require user admin | |
37 | <Files chpasswd.cgi> | |
38 | Satisfy Any | |
39 | Allow from All | |
40 | </Files> | |
41 | <Files webaccess.cgi> | |
42 | Satisfy Any | |
43 | Allow from All | |
44 | </Files> | |
45 | <Files credits.cgi> | |
46 | Satisfy Any | |
47 | Allow from All | |
48 | </Files> | |
49 | <Files dial.cgi> | |
50 | Require user admin | |
51 | </Files> | |
52 | </Directory> | |
d733119b | 53 | <Directory /srv/web/ipfire/cgi-bin/dial> |
90c973a6 MT |
54 | AllowOverride None |
55 | Options None | |
56 | AuthName "IPFire - Restricted" | |
57 | AuthType Basic | |
58 | AuthUserFile /var/ipfire/auth/users | |
59 | Require user dial admin | |
60 | </Directory> | |
61 | <Files ~ "\.(cgi|shtml?)$"> | |
62 | SSLOptions +StdEnvVars | |
63 | </Files> | |
d733119b | 64 | <Directory /srv/web/ipfire/cgi-bin> |
90c973a6 MT |
65 | SSLOptions +StdEnvVars |
66 | </Directory> | |
67 | SetEnv HOME /home/nobody | |
68 | SetEnvIf User-Agent ".*MSIE.*" \ | |
69 | nokeepalive ssl-unclean-shutdown \ | |
70 | downgrade-1.0 force-response-1.0 | |
71 | CustomLog /var/log/httpd/ssl_request_log \ | |
72 | "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | |
0bc58278 AF |
73 | |
74 | Alias /updatecache/ /var/updatecache/ | |
75 | <Directory /var/updatecache> | |
76 | Options ExecCGI | |
77 | AllowOverride None | |
78 | Order deny,allow | |
79 | Allow from all | |
80 | </Directory> | |
7e620487 | 81 | |
a4c76879 | 82 | Alias /repository/ /var/urlrepo/ |
7e620487 CS |
83 | <Directory /var/urlrepo> |
84 | Options ExecCGI | |
85 | AllowOverride None | |
86 | Order deny,allow | |
87 | Allow from all | |
88 | </Directory> | |
f8716194 MT |
89 | |
90 | Alias /proxy-reports/ /var/log/sarg/ | |
91 | <Directory /var/log/sarg> | |
92 | AllowOverride None | |
93 | Options None | |
94 | AuthName "IPFire - Restricted" | |
95 | AuthType Basic | |
96 | AuthUserFile /var/ipfire/auth/users | |
97 | Require user admin | |
98 | </Directory> | |
90c973a6 | 99 | </VirtualHost> |