projects / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| 90c973a6 MT |
1 | <VirtualHost *:444> |
| 2 | ||
| 3 | RewriteEngine on | |
| 4 | RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) | |
| 5 | RewriteRule .* - [F] | |
| 0cabaf35 | 6 | |
| d733119b | 7 | DocumentRoot /srv/web/ipfire/html |
| 90c973a6 MT |
8 | ServerAdmin root@localhost |
| 9 | ErrorLog /var/log/httpd/error_log | |
| 10 | TransferLog /var/log/httpd/access_log | |
| 0cabaf35 | 11 | |
| 90c973a6 | 12 | SSLEngine on |
| 63b515dc | 13 | SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 |
| 4636ed66 | 14 | SSLCipherSuite AESGCM+EECDH:CHACHA20+EECDH:@STRENGTH:+aRSA |
| 69776cc4 | 15 | SSLHonorCipherOrder on |
| a57f4a9f PM |
16 | SSLCompression off |
| 17 | SSLSessionTickets off | |
| 90c973a6 MT |
18 | SSLCertificateFile /etc/httpd/server.crt |
| 19 | SSLCertificateKeyFile /etc/httpd/server.key | |
| 73ba2286 PM |
20 | SSLCertificateFile /etc/httpd/server-ecdsa.crt |
| 21 | SSLCertificateKeyFile /etc/httpd/server-ecdsa.key | |
| 810a7ea2 | 22 | |
| 0cabaf35 | 23 | Header always set X-Content-Type-Options nosniff |
| eb6d7151 | 24 | Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'" |
| 583687a8 | 25 | Header always set Referrer-Policy strict-origin |
| 0cabaf35 | 26 | |
| d733119b | 27 | <Directory /srv/web/ipfire/html> |
| 90c973a6 MT |
28 | Options ExecCGI |
| 29 | AllowOverride None | |
| d41fe99f | 30 | Require all granted |
| 90c973a6 | 31 | </Directory> |
| d733119b | 32 | <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)"> |
| 90c973a6 MT |
33 | AuthName "IPFire - Restricted" |
| 34 | AuthType Basic | |
| 35 | AuthUserFile /var/ipfire/auth/users | |
| 50846453 PM |
36 | <RequireAll> |
| 37 | Require user admin | |
| 38 | Require ssl | |
| 39 | </RequireAll> | |
| 90c973a6 | 40 | </DirectoryMatch> |
| d733119b MT |
41 | ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ |
| 42 | <Directory /srv/web/ipfire/cgi-bin> | |
| 90c973a6 | 43 | AllowOverride None |
| 810a7ea2 | 44 | Options ExecCGI |
| 90c973a6 MT |
45 | AuthName "IPFire - Restricted" |
| 46 | AuthType Basic | |
| 47 | AuthUserFile /var/ipfire/auth/users | |
| 50846453 PM |
48 | <RequireAll> |
| 49 | Require user admin | |
| 50 | Require ssl | |
| 51 | </RequireAll> | |
| d41fe99f WA |
52 | <Files chpasswd.cgi> |
| 53 | Require all granted | |
| 90c973a6 MT |
54 | </Files> |
| 55 | <Files webaccess.cgi> | |
| d41fe99f | 56 | Require all granted |
| 90c973a6 | 57 | </Files> |
| 90c973a6 MT |
58 | </Directory> |
| 59 | <Files ~ "\.(cgi|shtml?)$"> | |
| 60 | SSLOptions +StdEnvVars | |
| 61 | </Files> | |
| d733119b | 62 | <Directory /srv/web/ipfire/cgi-bin> |
| 90c973a6 MT |
63 | SSLOptions +StdEnvVars |
| 64 | </Directory> | |
| 65 | SetEnv HOME /home/nobody | |
| 66 | SetEnvIf User-Agent ".*MSIE.*" \ | |
| 67 | nokeepalive ssl-unclean-shutdown \ | |
| 68 | downgrade-1.0 force-response-1.0 | |
| 69 | CustomLog /var/log/httpd/ssl_request_log \ | |
| 70 | "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | |
| 0bc58278 AF |
71 | |
| 72 | Alias /updatecache/ /var/updatecache/ | |
| 73 | <Directory /var/updatecache> | |
| 74 | Options ExecCGI | |
| 75 | AllowOverride None | |
| d41fe99f | 76 | Require all granted |
| 0bc58278 | 77 | </Directory> |
| 7e620487 | 78 | |
| a4c76879 | 79 | Alias /repository/ /var/urlrepo/ |
| 7e620487 CS |
80 | <Directory /var/urlrepo> |
| 81 | Options ExecCGI | |
| 82 | AllowOverride None | |
| d41fe99f | 83 | Require all granted |
| 7e620487 | 84 | </Directory> |
| f8716194 MT |
85 | |
| 86 | Alias /proxy-reports/ /var/log/sarg/ | |
| 87 | <Directory /var/log/sarg> | |
| 88 | AllowOverride None | |
| 89 | Options None | |
| 90 | AuthName "IPFire - Restricted" | |
| 91 | AuthType Basic | |
| 92 | AuthUserFile /var/ipfire/auth/users | |
| 50846453 PM |
93 | <RequireAll> |
| 94 | Require user admin | |
| 95 | Require ssl | |
| 96 | </RequireAll> | |
| f8716194 | 97 | </Directory> |
| 90c973a6 | 98 | </VirtualHost> |