[people/pmueller/ipfire-2.x.git] / config / httpd / httpd.conf

##
## httpd.conf -- Apache HTTP server configuration file
##
ServerType standalone
ServerRoot /etc/httpd

LockFile /var/lock/httpd.lock
PidFile /var/run/httpd.pid
ScoreBoardFile /var/run/httpd.scoreboard
Timeout 900
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 1
MaxSpareServers 2
StartServers 2
MaxClients 10
MaxRequestsPerChild 100
Port 81
Listen 81
Listen 444
User nobody
Group nobody
ServerAdmin root@localhost
ServerTokens Prod
DocumentRoot /home/httpd/html
# Limit track/trace requests
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]

<Directory />
    Options None
    AllowOverride None
</Directory>
<Directory /home/httpd/html>
    Options ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
    AuthName "IPFire - Restricted"
    AuthType Basic
    AuthUserFile /var/ipfire/auth/users
    Require user admin
</DirectoryMatch>
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
<Directory /home/httpd/cgi-bin>
    AllowOverride None
    Options None
    AuthName "IPFire - Restricted"
    AuthType Basic
    AuthUserFile /var/ipfire/auth/users
    Require user admin
    <Files chpasswd.cgi>
        Satisfy Any
        Allow from All
    </Files>
    <Files webaccess.cgi>
        Satisfy Any
        Allow from All
    </Files>
    <Files credits.cgi>
        Satisfy Any
        Allow from All
    </Files>
    <Files dial.cgi>
        Require user admin dial
    </Files>
</Directory>
<IfModule mod_dir.c>
    DirectoryIndex index.html index.htm index.shtml index.cgi
</IfModule>
AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>
<IfModule mod_mime.c>
    TypesConfig /etc/mime.types
</IfModule>
DefaultType text/plain

HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /var/log/httpd/access_log common
ServerSignature Off
AddHandler cgi-script .cgi
<IfModule mod_setenvif.c>
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>

###
### SSL Configuration
###
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/var/log/httpd/ssl_scache
SSLSessionCacheTimeout  900
SSLMutex  file:/var/log/httpd/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog      /var/log/httpd/ssl_engine_log
SSLLogLevel info

<VirtualHost _default_:444>
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
    RewriteRule .* - [F]
    DocumentRoot /home/httpd/html
    ServerAdmin root@localhost
    ErrorLog /var/log/httpd/error_log
    TransferLog /var/log/httpd/access_log
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
    SSLCertificateFile /etc/httpd/server.crt
    SSLCertificateKeyFile /etc/httpd/server.key
    <Files ~ "\.(cgi|shtml?)$">
	SSLOptions +StdEnvVars
    </Files>
    <Directory /home/httpd/cgi-bin>
	SSLOptions +StdEnvVars
    </Directory>
    SetEnv HOME /home/nobody
    SetEnvIf User-Agent ".*MSIE.*" \
	nokeepalive ssl-unclean-shutdown \
	downgrade-1.0 force-response-1.0
    CustomLog /var/log/httpd/ssl_request_log \
	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

<Directory /home/httpd/html/backup>
    Options None
    AllowOverride None
    AuthName "IPFire - Restricted"
    AuthType Basic
    AuthUserFile /var/ipfire/auth/users
    require user admin
</Directory>

include /etc/httpd/conf/hostname.conf
Commit	Line	Data
3ea75603 MT	1	##
	2	## httpd.conf -- Apache HTTP server configuration file
	3	##
3ea75603 MT	4	ServerType standalone
	5	ServerRoot /etc/httpd
	6
	7	LockFile /var/lock/httpd.lock
	8	PidFile /var/run/httpd.pid
	9	ScoreBoardFile /var/run/httpd.scoreboard
	10	Timeout 900
	11	KeepAlive On
	12	MaxKeepAliveRequests 100
	13	KeepAliveTimeout 15
	14	MinSpareServers 1
	15	MaxSpareServers 2
	16	StartServers 2
	17	MaxClients 10
	18	MaxRequestsPerChild 100
10e4f239 MT	19	Port 81
10e4f239 MT	20	Listen 81
3ea75603 MT	21	Listen 444
	22	User nobody
	23	Group nobody
	24	ServerAdmin root@localhost
	25	ServerTokens Prod
	26	DocumentRoot /home/httpd/html
	27	# Limit track/trace requests
	28	RewriteEngine on
	29	RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK\|OPTIONS)
	30	RewriteRule .* - [F]
	31
	32	<Directory />
	33	Options None
	34	AllowOverride None
	35	</Directory>
	36	<Directory /home/httpd/html>
	37	Options ExecCGI
	38	AllowOverride None
	39	Order allow,deny
	40	Allow from all
	41	</Directory>
	42	<DirectoryMatch "/home/httpd/html/(graphs\|sgraph)">
6693216e	43	AuthName "IPFire - Restricted"
3ea75603	44	AuthType Basic
894c6feb	45	AuthUserFile /var/ipfire/auth/users
10e4f239	46	Require user admin
3ea75603 MT	47	</DirectoryMatch>
	48	ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
	49	<Directory /home/httpd/cgi-bin>
	50	AllowOverride None
	51	Options None
894c6feb	52	AuthName "IPFire - Restricted"
3ea75603 MT	53	AuthType Basic
	54	AuthUserFile /var/ipfire/auth/users
	55	Require user admin
ed38f89d MT	56	<Files chpasswd.cgi>
	57	Satisfy Any
	58	Allow from All
	59	</Files>
	60	<Files webaccess.cgi>
	61	Satisfy Any
	62	Allow from All
	63	</Files>
3ea75603 MT	64	<Files credits.cgi>
	65	Satisfy Any
	66	Allow from All
	67	</Files>
	68	<Files dial.cgi>
	69	Require user admin dial
	70	</Files>
	71	</Directory>
	72	<IfModule mod_dir.c>
	73	DirectoryIndex index.html index.htm index.shtml index.cgi
	74	</IfModule>
	75	AccessFileName .htaccess
	76	<Files ~ "^\.ht">
	77	Order allow,deny
	78	Deny from all
	79	</Files>
	80	<IfModule mod_mime.c>
	81	TypesConfig /etc/mime.types
	82	</IfModule>
	83	DefaultType text/plain
	84
	85	HostnameLookups Off
	86	ErrorLog /var/log/httpd/error_log
	87	LogLevel warn
	88	LogFormat "%h %l %u %t \"%r\" %>s %b" common
	89	CustomLog /var/log/httpd/access_log common
	90	ServerSignature Off
	91	AddHandler cgi-script .cgi
	92	<IfModule mod_setenvif.c>
	93	BrowserMatch "Mozilla/2" nokeepalive
	94	BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
	95	BrowserMatch "RealPlayer 4\.0" force-response-1.0
	96	BrowserMatch "Java/1\.0" force-response-1.0
	97	BrowserMatch "JDK/1\.0" force-response-1.0
	98	</IfModule>
	99
	100	###
	101	### SSL Configuration
	102	###
	103	AddType application/x-x509-ca-cert .crt
	104	AddType application/x-pkcs7-crl .crl
	105
	106	SSLPassPhraseDialog builtin
	107	SSLSessionCache dbm:/var/log/httpd/ssl_scache
	108	SSLSessionCacheTimeout 900
	109	SSLMutex file:/var/log/httpd/ssl_mutex
	110	SSLRandomSeed startup builtin
	111	SSLRandomSeed connect builtin
	112	SSLLog /var/log/httpd/ssl_engine_log
	113	SSLLogLevel info
	114
	115	<VirtualHost _default_:444>
	116	RewriteEngine on
	117	RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK\|OPTIONS)
	118	RewriteRule .* - [F]
	119	DocumentRoot /home/httpd/html
	120	ServerAdmin root@localhost
	121	ErrorLog /var/log/httpd/error_log
	122	TransferLog /var/log/httpd/access_log
	123	SSLEngine on
	124	SSLProtocol all -SSLv2
	125	SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
	126	SSLCertificateFile /etc/httpd/server.crt
	127	SSLCertificateKeyFile /etc/httpd/server.key
128	<Files ~ "\.(cgi\|shtml?)$">
129	SSLOptions +StdEnvVars
130	</Files>
131	<Directory /home/httpd/cgi-bin>
132	SSLOptions +StdEnvVars
133	</Directory>
134	SetEnv HOME /home/nobody
135	SetEnvIf User-Agent ".MSIE." \
136	nokeepalive ssl-unclean-shutdown \
137	downgrade-1.0 force-response-1.0
138	CustomLog /var/log/httpd/ssl_request_log \
139	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
140	</VirtualHost>
141
142	<Directory /home/httpd/html/backup>
143	Options None
144	AllowOverride None
6693216e	145	AuthName "IPFire - Restricted"
3ea75603 MT	146	AuthType Basic
	147	AuthUserFile /var/ipfire/auth/users
	148	require user admin
	149	</Directory>
	150
	151	include /etc/httpd/conf/hostname.conf