[people/pmueller/ipfire-2.x.git] / config / httpd / httpd.conf

##
## httpd.conf -- Apache HTTP server configuration file
##
## $Id: httpd.conf,v 1.15.2.7 2005/04/16 11:40:15 rkerr Exp $
##
ServerType standalone
ServerRoot /etc/httpd

LockFile /var/lock/httpd.lock
PidFile /var/run/httpd.pid
ScoreBoardFile /var/run/httpd.scoreboard
Timeout 900
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 1
MaxSpareServers 2
StartServers 2
MaxClients 10
MaxRequestsPerChild 100
Port 81
Listen 81
Listen 444
User nobody
Group nobody
ServerAdmin root@localhost
ServerTokens Prod
DocumentRoot /home/httpd/html
# Limit track/trace requests
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]

<Directory />
    Options None
    AllowOverride None
</Directory>
<Directory /home/httpd/html>
    Options ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
    AuthName "Restricted"
    AuthType Basic
    AuthUserFile CONFIG_ROOT/auth/users
    require user admin
</DirectoryMatch>
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
<Directory /home/httpd/cgi-bin>
    AllowOverride None
    Options None
    AuthName "Restricted"
    AuthType Basic
    AuthUserFile /var/ipfire/auth/users
    Require user admin
#    <Files index.cgi>
#        Satisfy Any
#        Allow from All
#    </Files>
    <Files credits.cgi>
        Satisfy Any
        Allow from All
    </Files>
    <Files dial.cgi>
        Require user admin dial
    </Files>
</Directory>
<IfModule mod_dir.c>
    DirectoryIndex index.html index.htm index.shtml index.cgi
</IfModule>
AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>
<IfModule mod_mime.c>
    TypesConfig /etc/mime.types
</IfModule>
DefaultType text/plain

HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /var/log/httpd/access_log common
ServerSignature Off
AddHandler cgi-script .cgi
<IfModule mod_setenvif.c>
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>

###
### SSL Configuration
###
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/var/log/httpd/ssl_scache
SSLSessionCacheTimeout  900
SSLMutex  file:/var/log/httpd/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog      /var/log/httpd/ssl_engine_log
SSLLogLevel info

<VirtualHost _default_:444>
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
    RewriteRule .* - [F]
    DocumentRoot /home/httpd/html
    ServerAdmin root@localhost
    ErrorLog /var/log/httpd/error_log
    TransferLog /var/log/httpd/access_log
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
    SSLCertificateFile /etc/httpd/server.crt
    SSLCertificateKeyFile /etc/httpd/server.key
    <Files ~ "\.(cgi|shtml?)$">
	SSLOptions +StdEnvVars
    </Files>
    <Directory /home/httpd/cgi-bin>
	SSLOptions +StdEnvVars
    </Directory>
    SetEnv HOME /home/nobody
    SetEnvIf User-Agent ".*MSIE.*" \
	nokeepalive ssl-unclean-shutdown \
	downgrade-1.0 force-response-1.0
    CustomLog /var/log/httpd/ssl_request_log \
	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

<Directory /home/httpd/html/backup>
    Options None
    AllowOverride None
    AuthName "Restricted"
    AuthType Basic
    AuthUserFile /var/ipfire/auth/users
    require user admin
</Directory>

include /etc/httpd/conf/hostname.conf
Commit	Line	Data
3ea75603 MT	1	##
	2	## httpd.conf -- Apache HTTP server configuration file
	3	##
	4	## $Id: httpd.conf,v 1.15.2.7 2005/04/16 11:40:15 rkerr Exp $
	5	##
	6	ServerType standalone
	7	ServerRoot /etc/httpd
	8
	9	LockFile /var/lock/httpd.lock
	10	PidFile /var/run/httpd.pid
	11	ScoreBoardFile /var/run/httpd.scoreboard
	12	Timeout 900
	13	KeepAlive On
	14	MaxKeepAliveRequests 100
	15	KeepAliveTimeout 15
	16	MinSpareServers 1
	17	MaxSpareServers 2
	18	StartServers 2
	19	MaxClients 10
	20	MaxRequestsPerChild 100
	21	Port 81
	22	Listen 81
	23	Listen 444
	24	User nobody
	25	Group nobody
	26	ServerAdmin root@localhost
	27	ServerTokens Prod
	28	DocumentRoot /home/httpd/html
	29	# Limit track/trace requests
	30	RewriteEngine on
	31	RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK\|OPTIONS)
	32	RewriteRule .* - [F]
	33
	34	<Directory />
	35	Options None
	36	AllowOverride None
	37	</Directory>
	38	<Directory /home/httpd/html>
	39	Options ExecCGI
	40	AllowOverride None
	41	Order allow,deny
	42	Allow from all
	43	</Directory>
	44	<DirectoryMatch "/home/httpd/html/(graphs\|sgraph)">
	45	AuthName "Restricted"
	46	AuthType Basic
	47	AuthUserFile CONFIG_ROOT/auth/users
	48	require user admin
	49	</DirectoryMatch>
	50	ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
	51	<Directory /home/httpd/cgi-bin>
	52	AllowOverride None
	53	Options None
	54	AuthName "Restricted"
	55	AuthType Basic
	56	AuthUserFile /var/ipfire/auth/users
	57	Require user admin
	58	# <Files index.cgi>
	59	# Satisfy Any
	60	# Allow from All
	61	# </Files>
	62	<Files credits.cgi>
	63	Satisfy Any
	64	Allow from All
65	</Files>
66	<Files dial.cgi>
67	Require user admin dial
68	</Files>
69	</Directory>
70	<IfModule mod_dir.c>
71	DirectoryIndex index.html index.htm index.shtml index.cgi
72	</IfModule>
73	AccessFileName .htaccess
74	<Files ~ "^\.ht">
75	Order allow,deny
76	Deny from all
77	</Files>
78	<IfModule mod_mime.c>
79	TypesConfig /etc/mime.types
80	</IfModule>
81	DefaultType text/plain
82
83	HostnameLookups Off
84	ErrorLog /var/log/httpd/error_log
85	LogLevel warn
86	LogFormat "%h %l %u %t \"%r\" %>s %b" common
87	CustomLog /var/log/httpd/access_log common
88	ServerSignature Off
89	AddHandler cgi-script .cgi
90	<IfModule mod_setenvif.c>
91	BrowserMatch "Mozilla/2" nokeepalive
92	BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
93	BrowserMatch "RealPlayer 4\.0" force-response-1.0
94	BrowserMatch "Java/1\.0" force-response-1.0
95	BrowserMatch "JDK/1\.0" force-response-1.0
96	</IfModule>
97
98	###
99	### SSL Configuration
100	###
101	AddType application/x-x509-ca-cert .crt
102	AddType application/x-pkcs7-crl .crl
103
104	SSLPassPhraseDialog builtin
105	SSLSessionCache dbm:/var/log/httpd/ssl_scache
106	SSLSessionCacheTimeout 900
107	SSLMutex file:/var/log/httpd/ssl_mutex
108	SSLRandomSeed startup builtin
109	SSLRandomSeed connect builtin
110	SSLLog /var/log/httpd/ssl_engine_log
111	SSLLogLevel info
112
113	<VirtualHost _default_:444>
114	RewriteEngine on
115	RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK\|OPTIONS)
116	RewriteRule .* - [F]
117	DocumentRoot /home/httpd/html
118	ServerAdmin root@localhost
119	ErrorLog /var/log/httpd/error_log
120	TransferLog /var/log/httpd/access_log
121	SSLEngine on
122	SSLProtocol all -SSLv2
123	SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
124	SSLCertificateFile /etc/httpd/server.crt
125	SSLCertificateKeyFile /etc/httpd/server.key
126	<Files ~ "\.(cgi\|shtml?)$">
127	SSLOptions +StdEnvVars
128	</Files>
129	<Directory /home/httpd/cgi-bin>
130	SSLOptions +StdEnvVars
131	</Directory>
132	SetEnv HOME /home/nobody
133	SetEnvIf User-Agent ".MSIE." \
134	nokeepalive ssl-unclean-shutdown \
135	downgrade-1.0 force-response-1.0
136	CustomLog /var/log/httpd/ssl_request_log \
137	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
138	</VirtualHost>
139
140	<Directory /home/httpd/html/backup>
141	Options None
142	AllowOverride None
143	AuthName "Restricted"
144	AuthType Basic
145	AuthUserFile /var/ipfire/auth/users
146	require user admin
147	</Directory>
148
149	include /etc/httpd/conf/hostname.conf