[people/pmueller/ipfire-2.x.git] / config / httpd / httpd.conf

##
## httpd.conf -- Apache HTTP server configuration file
##
## $Id: httpd.conf,v 1.15.2.7 2005/04/16 11:40:15 rkerr Exp $
##
ServerType standalone
ServerRoot /etc/httpd

LockFile /var/lock/httpd.lock
PidFile /var/run/httpd.pid
ScoreBoardFile /var/run/httpd.scoreboard
Timeout 900
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 1
MaxSpareServers 2
StartServers 2
MaxClients 10
MaxRequestsPerChild 100
Port 444
Listen 444
User nobody
Group nobody
ServerAdmin root@localhost
ServerTokens Prod
DocumentRoot /home/httpd/html
# Limit track/trace requests
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]

<Directory />
    Options None
    AllowOverride None
</Directory>
<Directory /home/httpd/html>
    Options ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
    AuthName "Restricted"
    AuthType Basic
    AuthUserFile /var/ipfire/auth/users
    require user admin
</DirectoryMatch>
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
<Directory /home/httpd/cgi-bin>
    AllowOverride None
    Options None
    AuthName "IPFire - Restricted"
    AuthType Basic
    AuthUserFile /var/ipfire/auth/users
    Require user admin
    <Files chpasswd.cgi>
        Satisfy Any
        Allow from All
    </Files>
    <Files webaccess.cgi>
        Satisfy Any
        Allow from All
    </Files>
    <Files credits.cgi>
        Satisfy Any
        Allow from All
    </Files>
    <Files dial.cgi>
        Require user admin dial
    </Files>
</Directory>
<IfModule mod_dir.c>
    DirectoryIndex index.html index.htm index.shtml index.cgi
</IfModule>
AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>
<IfModule mod_mime.c>
    TypesConfig /etc/mime.types
</IfModule>
DefaultType text/plain

HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /var/log/httpd/access_log common
ServerSignature Off
AddHandler cgi-script .cgi
<IfModule mod_setenvif.c>
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>

###
### SSL Configuration
###
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/var/log/httpd/ssl_scache
SSLSessionCacheTimeout  900
SSLMutex  file:/var/log/httpd/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog      /var/log/httpd/ssl_engine_log
SSLLogLevel info

<VirtualHost _default_:444>
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
    RewriteRule .* - [F]
    DocumentRoot /home/httpd/html
    ServerAdmin root@localhost
    ErrorLog /var/log/httpd/error_log
    TransferLog /var/log/httpd/access_log
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
    SSLCertificateFile /etc/httpd/server.crt
    SSLCertificateKeyFile /etc/httpd/server.key
    <Files ~ "\.(cgi|shtml?)$">
	SSLOptions +StdEnvVars
    </Files>
    <Directory /home/httpd/cgi-bin>
	SSLOptions +StdEnvVars
    </Directory>
    SetEnv HOME /home/nobody
    SetEnvIf User-Agent ".*MSIE.*" \
	nokeepalive ssl-unclean-shutdown \
	downgrade-1.0 force-response-1.0
    CustomLog /var/log/httpd/ssl_request_log \
	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

<Directory /home/httpd/html/backup>
    Options None
    AllowOverride None
    AuthName "Restricted"
    AuthType Basic
    AuthUserFile /var/ipfire/auth/users
    require user admin
</Directory>

include /etc/httpd/conf/hostname.conf
Commit	Line	Data
3ea75603 MT	1	##
	2	## httpd.conf -- Apache HTTP server configuration file
	3	##
	4	## $Id: httpd.conf,v 1.15.2.7 2005/04/16 11:40:15 rkerr Exp $
	5	##
	6	ServerType standalone
	7	ServerRoot /etc/httpd
	8
	9	LockFile /var/lock/httpd.lock
	10	PidFile /var/run/httpd.pid
	11	ScoreBoardFile /var/run/httpd.scoreboard
	12	Timeout 900
	13	KeepAlive On
	14	MaxKeepAliveRequests 100
	15	KeepAliveTimeout 15
	16	MinSpareServers 1
	17	MaxSpareServers 2
	18	StartServers 2
	19	MaxClients 10
	20	MaxRequestsPerChild 100
894c6feb	21	Port 444
3ea75603 MT	22	Listen 444
	23	User nobody
	24	Group nobody
	25	ServerAdmin root@localhost
	26	ServerTokens Prod
	27	DocumentRoot /home/httpd/html
	28	# Limit track/trace requests
	29	RewriteEngine on
	30	RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK\|OPTIONS)
	31	RewriteRule .* - [F]
	32
	33	<Directory />
	34	Options None
	35	AllowOverride None
	36	</Directory>
	37	<Directory /home/httpd/html>
	38	Options ExecCGI
	39	AllowOverride None
	40	Order allow,deny
	41	Allow from all
	42	</Directory>
	43	<DirectoryMatch "/home/httpd/html/(graphs\|sgraph)">
	44	AuthName "Restricted"
	45	AuthType Basic
894c6feb	46	AuthUserFile /var/ipfire/auth/users
3ea75603 MT	47	require user admin
	48	</DirectoryMatch>
	49	ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
	50	<Directory /home/httpd/cgi-bin>
	51	AllowOverride None
	52	Options None
894c6feb	53	AuthName "IPFire - Restricted"
3ea75603 MT	54	AuthType Basic
	55	AuthUserFile /var/ipfire/auth/users
	56	Require user admin
ed38f89d MT	57	<Files chpasswd.cgi>
	58	Satisfy Any
	59	Allow from All
	60	</Files>
	61	<Files webaccess.cgi>
	62	Satisfy Any
	63	Allow from All
	64	</Files>
3ea75603 MT	65	<Files credits.cgi>
	66	Satisfy Any
	67	Allow from All
	68	</Files>
	69	<Files dial.cgi>
	70	Require user admin dial
	71	</Files>
	72	</Directory>
	73	<IfModule mod_dir.c>
	74	DirectoryIndex index.html index.htm index.shtml index.cgi
	75	</IfModule>
	76	AccessFileName .htaccess
	77	<Files ~ "^\.ht">
	78	Order allow,deny
	79	Deny from all
	80	</Files>
	81	<IfModule mod_mime.c>
	82	TypesConfig /etc/mime.types
	83	</IfModule>
	84	DefaultType text/plain
	85
	86	HostnameLookups Off
	87	ErrorLog /var/log/httpd/error_log
	88	LogLevel warn
	89	LogFormat "%h %l %u %t \"%r\" %>s %b" common
	90	CustomLog /var/log/httpd/access_log common
	91	ServerSignature Off
	92	AddHandler cgi-script .cgi
	93	<IfModule mod_setenvif.c>
	94	BrowserMatch "Mozilla/2" nokeepalive
	95	BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
	96	BrowserMatch "RealPlayer 4\.0" force-response-1.0
	97	BrowserMatch "Java/1\.0" force-response-1.0
	98	BrowserMatch "JDK/1\.0" force-response-1.0
	99	</IfModule>
	100
	101	###
	102	### SSL Configuration
	103	###
	104	AddType application/x-x509-ca-cert .crt
	105	AddType application/x-pkcs7-crl .crl
	106
	107	SSLPassPhraseDialog builtin
	108	SSLSessionCache dbm:/var/log/httpd/ssl_scache
	109	SSLSessionCacheTimeout 900
	110	SSLMutex file:/var/log/httpd/ssl_mutex
	111	SSLRandomSeed startup builtin
	112	SSLRandomSeed connect builtin
	113	SSLLog /var/log/httpd/ssl_engine_log
	114	SSLLogLevel info
	115
	116	<VirtualHost _default_:444>
	117	RewriteEngine on
	118	RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK\|OPTIONS)
	119	RewriteRule .* - [F]
	120	DocumentRoot /home/httpd/html
	121	ServerAdmin root@localhost
	122	ErrorLog /var/log/httpd/error_log
	123	TransferLog /var/log/httpd/access_log
	124	SSLEngine on
	125	SSLProtocol all -SSLv2
	126	SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
	127	SSLCertificateFile /etc/httpd/server.crt
	128	SSLCertificateKeyFile /etc/httpd/server.key
129	<Files ~ "\.(cgi\|shtml?)$">
130	SSLOptions +StdEnvVars
131	</Files>
132	<Directory /home/httpd/cgi-bin>
133	SSLOptions +StdEnvVars
134	</Directory>
135	SetEnv HOME /home/nobody
136	SetEnvIf User-Agent ".MSIE." \
137	nokeepalive ssl-unclean-shutdown \
138	downgrade-1.0 force-response-1.0
139	CustomLog /var/log/httpd/ssl_request_log \
140	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
141	</VirtualHost>
142
143	<Directory /home/httpd/html/backup>
144	Options None
145	AllowOverride None
146	AuthName "Restricted"
147	AuthType Basic
148	AuthUserFile /var/ipfire/auth/users
149	require user admin
150	</Directory>
151
152	include /etc/httpd/conf/hostname.conf