[people/pmueller/ipfire-2.x.git] / config / httpd / httpd.conf

##\r
## httpd.conf -- Apache HTTP server configuration file\r
##\r
ServerType standalone\r
ServerRoot /etc/httpd\r
\r
LockFile /var/lock/httpd.lock\r
PidFile /var/run/httpd.pid\r
ScoreBoardFile /var/run/httpd.scoreboard\r
Timeout 900\r
KeepAlive On\r
MaxKeepAliveRequests 100\r
KeepAliveTimeout 15\r
MinSpareServers 1\r
MaxSpareServers 2\r
StartServers 2\r
MaxClients 10\r
MaxRequestsPerChild 100\r
Port 81\r
Listen 81\r
Listen 444\r
User nobody\r
Group nobody\r
ServerAdmin root@localhost\r
ServerTokens Prod\r
DocumentRoot /home/httpd/html\r
# Limit track/trace requests\r
RewriteEngine on\r
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)\r
RewriteRule .* - [F]\r
\r
<Directory />\r
    Options None\r
    AllowOverride None\r
</Directory>\r
<Directory /home/httpd/html>\r
    Options ExecCGI\r
    AllowOverride None\r
    Order allow,deny\r
    Allow from all\r
</Directory>\r
<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">\r
    AuthName "IPFire - Restricted"\r
    AuthType Basic\r
    AuthUserFile /var/ipfire/auth/users\r
    Require user admin\r
</DirectoryMatch>\r
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/\r
<Directory /home/httpd/cgi-bin>\r
    AllowOverride None\r
    Options None\r
    AuthName "IPFire - Restricted"\r
    AuthType Basic\r
    AuthUserFile /var/ipfire/auth/users\r
    Require user admin\r
    <Files chpasswd.cgi>\r
        Satisfy Any\r
        Allow from All\r
    </Files>\r
    <Files webaccess.cgi>\r
        Satisfy Any\r
        Allow from All\r
    </Files>\r
    <Files credits.cgi>\r
        Satisfy Any\r
        Allow from All\r
    </Files>\r
    <Files dial.cgi>\r
        Require user admin\r
    </Files>\r
</Directory>\r
<Directory /home/httpd/cgi-bin/dial>\r
    AllowOverride None\r
    Options None\r
    AuthName "IPFire - Restricted"\r
    AuthType Basic\r
    AuthUserFile /var/ipfire/auth/users\r
    Require user dial admin\r
</Directory>\r
<IfModule mod_dir.c>\r
    DirectoryIndex index.html index.htm index.shtml index.cgi\r
</IfModule>\r
AccessFileName .htaccess\r
<Files ~ "^\.ht">\r
    Order allow,deny\r
    Deny from all\r
</Files>\r
<IfModule mod_mime.c>\r
    TypesConfig /etc/mime.types\r
</IfModule>\r
DefaultType text/plain\r
\r
HostnameLookups Off\r
ErrorLog /var/log/httpd/error_log\r
LogLevel warn\r
LogFormat "%h %l %u %t \"%r\" %>s %b" common\r
CustomLog /var/log/httpd/access_log common\r
ServerSignature Off\r
AddHandler cgi-script .cgi\r
<IfModule mod_setenvif.c>\r
    BrowserMatch "Mozilla/2" nokeepalive\r
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0\r
    BrowserMatch "RealPlayer 4\.0" force-response-1.0\r
    BrowserMatch "Java/1\.0" force-response-1.0\r
    BrowserMatch "JDK/1\.0" force-response-1.0\r
</IfModule>\r
\r
###\r
### SSL Configuration\r
###\r
AddType application/x-x509-ca-cert .crt\r
AddType application/x-pkcs7-crl    .crl\r
\r
SSLPassPhraseDialog  builtin\r
SSLSessionCache         dbm:/var/log/httpd/ssl_scache\r
SSLSessionCacheTimeout  900\r
SSLMutex  file:/var/log/httpd/ssl_mutex\r
SSLRandomSeed startup builtin\r
SSLRandomSeed connect builtin\r
SSLLog      /var/log/httpd/ssl_engine_log\r
SSLLogLevel info\r
\r
<VirtualHost _default_:444>\r
    RewriteEngine on\r
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)\r
    RewriteRule .* - [F]\r
    DocumentRoot /home/httpd/html\r
    ServerAdmin root@localhost\r
    ErrorLog /var/log/httpd/error_log\r
    TransferLog /var/log/httpd/access_log\r
    SSLEngine on\r
    SSLProtocol all -SSLv2\r
    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP\r
    SSLCertificateFile /etc/httpd/server.crt\r
    SSLCertificateKeyFile /etc/httpd/server.key\r
    <Files ~ "\.(cgi|shtml?)$">\r
	SSLOptions +StdEnvVars\r
    </Files>\r
    <Directory /home/httpd/cgi-bin>\r
	SSLOptions +StdEnvVars\r
    </Directory>\r
    SetEnv HOME /home/nobody\r
    SetEnvIf User-Agent ".*MSIE.*" \\r
	nokeepalive ssl-unclean-shutdown \\r
	downgrade-1.0 force-response-1.0\r
    CustomLog /var/log/httpd/ssl_request_log \\r
	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"\r
</VirtualHost>\r
\r
<Directory /home/httpd/html/backup>\r
    Options None\r
    AllowOverride None\r
    AuthName "IPFire - Restricted"\r
    AuthType Basic\r
    AuthUserFile /var/ipfire/auth/users\r
    require user admin\r
</Directory>\r
\r
include /etc/httpd/conf/hostname.conf\r
Commit	Line	Data
e3a8510a MT	1	##\r
	2	## httpd.conf -- Apache HTTP server configuration file\r
	3	##\r
	4	ServerType standalone\r
	5	ServerRoot /etc/httpd\r
	6	\r
	7	LockFile /var/lock/httpd.lock\r
	8	PidFile /var/run/httpd.pid\r
	9	ScoreBoardFile /var/run/httpd.scoreboard\r
	10	Timeout 900\r
	11	KeepAlive On\r
	12	MaxKeepAliveRequests 100\r
	13	KeepAliveTimeout 15\r
	14	MinSpareServers 1\r
	15	MaxSpareServers 2\r
	16	StartServers 2\r
	17	MaxClients 10\r
	18	MaxRequestsPerChild 100\r
	19	Port 81\r
	20	Listen 81\r
	21	Listen 444\r
	22	User nobody\r
	23	Group nobody\r
	24	ServerAdmin root@localhost\r
	25	ServerTokens Prod\r
	26	DocumentRoot /home/httpd/html\r
	27	# Limit track/trace requests\r
	28	RewriteEngine on\r
	29	RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK\|OPTIONS)\r
	30	RewriteRule .* - [F]\r
	31	\r
	32	<Directory />\r
	33	Options None\r
	34	AllowOverride None\r
	35	</Directory>\r
	36	<Directory /home/httpd/html>\r
	37	Options ExecCGI\r
	38	AllowOverride None\r
	39	Order allow,deny\r
	40	Allow from all\r
	41	</Directory>\r
	42	<DirectoryMatch "/home/httpd/html/(graphs\|sgraph)">\r
	43	AuthName "IPFire - Restricted"\r
	44	AuthType Basic\r
	45	AuthUserFile /var/ipfire/auth/users\r
	46	Require user admin\r
	47	</DirectoryMatch>\r
	48	ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/\r
	49	<Directory /home/httpd/cgi-bin>\r
	50	AllowOverride None\r
	51	Options None\r
	52	AuthName "IPFire - Restricted"\r
	53	AuthType Basic\r
	54	AuthUserFile /var/ipfire/auth/users\r
	55	Require user admin\r
	56	<Files chpasswd.cgi>\r
	57	Satisfy Any\r
	58	Allow from All\r
	59	</Files>\r
	60	<Files webaccess.cgi>\r
	61	Satisfy Any\r
	62	Allow from All\r
	63	</Files>\r
	64	<Files credits.cgi>\r
65	Satisfy Any\r
66	Allow from All\r
67	</Files>\r
68	<Files dial.cgi>\r
69	Require user admin\r
70	</Files>\r
71	</Directory>\r
72	<Directory /home/httpd/cgi-bin/dial>\r
73	AllowOverride None\r
74	Options None\r
75	AuthName "IPFire - Restricted"\r
76	AuthType Basic\r
77	AuthUserFile /var/ipfire/auth/users\r
78	Require user dial admin\r
79	</Directory>\r
80	<IfModule mod_dir.c>\r
81	DirectoryIndex index.html index.htm index.shtml index.cgi\r
82	</IfModule>\r
83	AccessFileName .htaccess\r
84	<Files ~ "^\.ht">\r
85	Order allow,deny\r
86	Deny from all\r
87	</Files>\r
88	<IfModule mod_mime.c>\r
89	TypesConfig /etc/mime.types\r
90	</IfModule>\r
91	DefaultType text/plain\r
92	\r
93	HostnameLookups Off\r
94	ErrorLog /var/log/httpd/error_log\r
95	LogLevel warn\r
96	LogFormat "%h %l %u %t \"%r\" %>s %b" common\r
97	CustomLog /var/log/httpd/access_log common\r
98	ServerSignature Off\r
99	AddHandler cgi-script .cgi\r
100	<IfModule mod_setenvif.c>\r
101	BrowserMatch "Mozilla/2" nokeepalive\r
102	BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0\r
103	BrowserMatch "RealPlayer 4\.0" force-response-1.0\r
104	BrowserMatch "Java/1\.0" force-response-1.0\r
105	BrowserMatch "JDK/1\.0" force-response-1.0\r
106	</IfModule>\r
107	\r
108	###\r
109	### SSL Configuration\r
110	###\r
111	AddType application/x-x509-ca-cert .crt\r
112	AddType application/x-pkcs7-crl .crl\r
113	\r
114	SSLPassPhraseDialog builtin\r
115	SSLSessionCache dbm:/var/log/httpd/ssl_scache\r
116	SSLSessionCacheTimeout 900\r
117	SSLMutex file:/var/log/httpd/ssl_mutex\r
118	SSLRandomSeed startup builtin\r
119	SSLRandomSeed connect builtin\r
120	SSLLog /var/log/httpd/ssl_engine_log\r
121	SSLLogLevel info\r
122	\r
123	<VirtualHost _default_:444>\r
124	RewriteEngine on\r
125	RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK\|OPTIONS)\r
126	RewriteRule .* - [F]\r
127	DocumentRoot /home/httpd/html\r
128	ServerAdmin root@localhost\r
129	ErrorLog /var/log/httpd/error_log\r
130	TransferLog /var/log/httpd/access_log\r
131	SSLEngine on\r
132	SSLProtocol all -SSLv2\r
133	SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP\r
134	SSLCertificateFile /etc/httpd/server.crt\r
135	SSLCertificateKeyFile /etc/httpd/server.key\r
136	<Files ~ "\.(cgi\|shtml?)$">\r
137	SSLOptions +StdEnvVars\r
138	</Files>\r
139	<Directory /home/httpd/cgi-bin>\r
140	SSLOptions +StdEnvVars\r
141	</Directory>\r
142	SetEnv HOME /home/nobody\r
143	SetEnvIf User-Agent ".MSIE." \\r
144	nokeepalive ssl-unclean-shutdown \\r
145	downgrade-1.0 force-response-1.0\r
146	CustomLog /var/log/httpd/ssl_request_log \\r
147	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"\r
148	</VirtualHost>\r
149	\r
150	<Directory /home/httpd/html/backup>\r
151	Options None\r
152	AllowOverride None\r
153	AuthName "IPFire - Restricted"\r
154	AuthType Basic\r
155	AuthUserFile /var/ipfire/auth/users\r
156	require user admin\r
157	</Directory>\r
158	\r
159	include /etc/httpd/conf/hostname.conf\r