]>
Commit | Line | Data |
---|---|---|
90c973a6 MT |
1 | <VirtualHost *:444> |
2 | ||
3 | RewriteEngine on | |
4 | RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) | |
5 | RewriteRule .* - [F] | |
0cabaf35 | 6 | |
d733119b | 7 | DocumentRoot /srv/web/ipfire/html |
90c973a6 MT |
8 | ServerAdmin root@localhost |
9 | ErrorLog /var/log/httpd/error_log | |
10 | TransferLog /var/log/httpd/access_log | |
0cabaf35 | 11 | |
90c973a6 | 12 | SSLEngine on |
63b515dc | 13 | SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 |
4636ed66 | 14 | SSLCipherSuite AESGCM+EECDH:CHACHA20+EECDH:@STRENGTH:+aRSA |
69776cc4 | 15 | SSLHonorCipherOrder on |
a57f4a9f PM |
16 | SSLCompression off |
17 | SSLSessionTickets off | |
90c973a6 MT |
18 | SSLCertificateFile /etc/httpd/server.crt |
19 | SSLCertificateKeyFile /etc/httpd/server.key | |
73ba2286 PM |
20 | SSLCertificateFile /etc/httpd/server-ecdsa.crt |
21 | SSLCertificateKeyFile /etc/httpd/server-ecdsa.key | |
810a7ea2 | 22 | |
0cabaf35 | 23 | Header always set X-Content-Type-Options nosniff |
eb6d7151 | 24 | Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'" |
583687a8 | 25 | Header always set Referrer-Policy strict-origin |
be8afd15 | 26 | Header always set X-Frame-Options sameorigin |
0cabaf35 | 27 | |
d733119b | 28 | <Directory /srv/web/ipfire/html> |
90c973a6 MT |
29 | Options ExecCGI |
30 | AllowOverride None | |
d41fe99f | 31 | Require all granted |
90c973a6 | 32 | </Directory> |
d733119b | 33 | <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)"> |
90c973a6 MT |
34 | AuthName "IPFire - Restricted" |
35 | AuthType Basic | |
36 | AuthUserFile /var/ipfire/auth/users | |
50846453 PM |
37 | <RequireAll> |
38 | Require user admin | |
39 | Require ssl | |
40 | </RequireAll> | |
90c973a6 | 41 | </DirectoryMatch> |
d733119b MT |
42 | ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ |
43 | <Directory /srv/web/ipfire/cgi-bin> | |
90c973a6 | 44 | AllowOverride None |
810a7ea2 | 45 | Options ExecCGI |
90c973a6 MT |
46 | AuthName "IPFire - Restricted" |
47 | AuthType Basic | |
48 | AuthUserFile /var/ipfire/auth/users | |
50846453 PM |
49 | <RequireAll> |
50 | Require user admin | |
51 | Require ssl | |
52 | </RequireAll> | |
d41fe99f WA |
53 | <Files chpasswd.cgi> |
54 | Require all granted | |
90c973a6 MT |
55 | </Files> |
56 | <Files webaccess.cgi> | |
d41fe99f | 57 | Require all granted |
90c973a6 | 58 | </Files> |
90c973a6 MT |
59 | </Directory> |
60 | <Files ~ "\.(cgi|shtml?)$"> | |
61 | SSLOptions +StdEnvVars | |
62 | </Files> | |
d733119b | 63 | <Directory /srv/web/ipfire/cgi-bin> |
90c973a6 MT |
64 | SSLOptions +StdEnvVars |
65 | </Directory> | |
66 | SetEnv HOME /home/nobody | |
67 | SetEnvIf User-Agent ".*MSIE.*" \ | |
68 | nokeepalive ssl-unclean-shutdown \ | |
69 | downgrade-1.0 force-response-1.0 | |
70 | CustomLog /var/log/httpd/ssl_request_log \ | |
71 | "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | |
0bc58278 AF |
72 | |
73 | Alias /updatecache/ /var/updatecache/ | |
74 | <Directory /var/updatecache> | |
75 | Options ExecCGI | |
76 | AllowOverride None | |
d41fe99f | 77 | Require all granted |
0bc58278 | 78 | </Directory> |
7e620487 | 79 | |
a4c76879 | 80 | Alias /repository/ /var/urlrepo/ |
7e620487 CS |
81 | <Directory /var/urlrepo> |
82 | Options ExecCGI | |
83 | AllowOverride None | |
d41fe99f | 84 | Require all granted |
7e620487 | 85 | </Directory> |
f8716194 MT |
86 | |
87 | Alias /proxy-reports/ /var/log/sarg/ | |
88 | <Directory /var/log/sarg> | |
89 | AllowOverride None | |
90 | Options None | |
91 | AuthName "IPFire - Restricted" | |
92 | AuthType Basic | |
93 | AuthUserFile /var/ipfire/auth/users | |
50846453 PM |
94 | <RequireAll> |
95 | Require user admin | |
96 | Require ssl | |
97 | </RequireAll> | |
f8716194 | 98 | </Directory> |
90c973a6 | 99 | </VirtualHost> |