[people/pmueller/ipfire-2.x.git] / config / httpd / httpd.conf

##
## httpd.conf -- Apache HTTP server configuration file
##
## $Id: httpd.conf,v 1.15.2.7 2005/04/16 11:40:15 rkerr Exp $
##
ServerType standalone
ServerRoot /etc/httpd

LockFile /var/lock/httpd.lock
PidFile /var/run/httpd.pid
ScoreBoardFile /var/run/httpd.scoreboard
Timeout 900
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 1
MaxSpareServers 2
StartServers 2
MaxClients 10
MaxRequestsPerChild 100
Port 81
Listen 81
Listen 444
User nobody
Group nobody
ServerAdmin root@localhost
ServerTokens Prod
DocumentRoot /home/httpd/html
# Limit track/trace requests
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]

<Directory />
    Options None
    AllowOverride None
</Directory>
<Directory /home/httpd/html>
    Options ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
    AuthName "Restricted"
    AuthType Basic
    AuthUserFile CONFIG_ROOT/auth/users
    require user admin
</DirectoryMatch>
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
<Directory /home/httpd/cgi-bin>
    AllowOverride None
    Options None
    AuthName "Restricted"
    AuthType Basic
    AuthUserFile /var/ipfire/auth/users
    Require user admin
    <Files chpasswd.cgi>
        Satisfy Any
        Allow from All
    </Files>
    <Files webaccess.cgi>
        Satisfy Any
        Allow from All
    </Files>
    <Files credits.cgi>
        Satisfy Any
        Allow from All
    </Files>
    <Files dial.cgi>
        Require user admin dial
    </Files>
</Directory>
<IfModule mod_dir.c>
    DirectoryIndex index.html index.htm index.shtml index.cgi
</IfModule>
AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>
<IfModule mod_mime.c>
    TypesConfig /etc/mime.types
</IfModule>
DefaultType text/plain

HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /var/log/httpd/access_log common
ServerSignature Off
AddHandler cgi-script .cgi
<IfModule mod_setenvif.c>
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>

###
### SSL Configuration
###
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/var/log/httpd/ssl_scache
SSLSessionCacheTimeout  900
SSLMutex  file:/var/log/httpd/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog      /var/log/httpd/ssl_engine_log
SSLLogLevel info

<VirtualHost _default_:444>
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
    RewriteRule .* - [F]
    DocumentRoot /home/httpd/html
    ServerAdmin root@localhost
    ErrorLog /var/log/httpd/error_log
    TransferLog /var/log/httpd/access_log
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
    SSLCertificateFile /etc/httpd/server.crt
    SSLCertificateKeyFile /etc/httpd/server.key
    <Files ~ "\.(cgi|shtml?)$">
	SSLOptions +StdEnvVars
    </Files>
    <Directory /home/httpd/cgi-bin>
	SSLOptions +StdEnvVars
    </Directory>
    SetEnv HOME /home/nobody
    SetEnvIf User-Agent ".*MSIE.*" \
	nokeepalive ssl-unclean-shutdown \
	downgrade-1.0 force-response-1.0
    CustomLog /var/log/httpd/ssl_request_log \
	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

<Directory /home/httpd/html/backup>
    Options None
    AllowOverride None
    AuthName "Restricted"
    AuthType Basic
    AuthUserFile /var/ipfire/auth/users
    require user admin
</Directory>

include /etc/httpd/conf/hostname.conf
Commit	Line	Data
3ea75603 MT	1	##
	2	## httpd.conf -- Apache HTTP server configuration file
	3	##
	4	## $Id: httpd.conf,v 1.15.2.7 2005/04/16 11:40:15 rkerr Exp $
	5	##
	6	ServerType standalone
	7	ServerRoot /etc/httpd
	8
	9	LockFile /var/lock/httpd.lock
	10	PidFile /var/run/httpd.pid
	11	ScoreBoardFile /var/run/httpd.scoreboard
	12	Timeout 900
	13	KeepAlive On
	14	MaxKeepAliveRequests 100
	15	KeepAliveTimeout 15
	16	MinSpareServers 1
	17	MaxSpareServers 2
	18	StartServers 2
	19	MaxClients 10
	20	MaxRequestsPerChild 100
	21	Port 81
	22	Listen 81
	23	Listen 444
	24	User nobody
	25	Group nobody
	26	ServerAdmin root@localhost
	27	ServerTokens Prod
	28	DocumentRoot /home/httpd/html
	29	# Limit track/trace requests
	30	RewriteEngine on
	31	RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK\|OPTIONS)
	32	RewriteRule .* - [F]
	33
	34	<Directory />
	35	Options None
	36	AllowOverride None
	37	</Directory>
	38	<Directory /home/httpd/html>
	39	Options ExecCGI
	40	AllowOverride None
	41	Order allow,deny
	42	Allow from all
	43	</Directory>
	44	<DirectoryMatch "/home/httpd/html/(graphs\|sgraph)">
	45	AuthName "Restricted"
	46	AuthType Basic
	47	AuthUserFile CONFIG_ROOT/auth/users
	48	require user admin
	49	</DirectoryMatch>
	50	ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
	51	<Directory /home/httpd/cgi-bin>
	52	AllowOverride None
	53	Options None
	54	AuthName "Restricted"
	55	AuthType Basic
	56	AuthUserFile /var/ipfire/auth/users
	57	Require user admin
ed38f89d MT	58	<Files chpasswd.cgi>
	59	Satisfy Any
	60	Allow from All
	61	</Files>
	62	<Files webaccess.cgi>
	63	Satisfy Any
	64	Allow from All
	65	</Files>
3ea75603 MT	66	<Files credits.cgi>
	67	Satisfy Any
	68	Allow from All
	69	</Files>
	70	<Files dial.cgi>
	71	Require user admin dial
	72	</Files>
	73	</Directory>
	74	<IfModule mod_dir.c>
	75	DirectoryIndex index.html index.htm index.shtml index.cgi
	76	</IfModule>
	77	AccessFileName .htaccess
	78	<Files ~ "^\.ht">
	79	Order allow,deny
	80	Deny from all
	81	</Files>
	82	<IfModule mod_mime.c>
	83	TypesConfig /etc/mime.types
	84	</IfModule>
	85	DefaultType text/plain
	86
	87	HostnameLookups Off
	88	ErrorLog /var/log/httpd/error_log
	89	LogLevel warn
	90	LogFormat "%h %l %u %t \"%r\" %>s %b" common
	91	CustomLog /var/log/httpd/access_log common
	92	ServerSignature Off
	93	AddHandler cgi-script .cgi
	94	<IfModule mod_setenvif.c>
	95	BrowserMatch "Mozilla/2" nokeepalive
	96	BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
	97	BrowserMatch "RealPlayer 4\.0" force-response-1.0
	98	BrowserMatch "Java/1\.0" force-response-1.0
	99	BrowserMatch "JDK/1\.0" force-response-1.0
	100	</IfModule>
	101
	102	###
	103	### SSL Configuration
	104	###
	105	AddType application/x-x509-ca-cert .crt
	106	AddType application/x-pkcs7-crl .crl
	107
	108	SSLPassPhraseDialog builtin
	109	SSLSessionCache dbm:/var/log/httpd/ssl_scache
	110	SSLSessionCacheTimeout 900
	111	SSLMutex file:/var/log/httpd/ssl_mutex
	112	SSLRandomSeed startup builtin
	113	SSLRandomSeed connect builtin
	114	SSLLog /var/log/httpd/ssl_engine_log
	115	SSLLogLevel info
	116
	117	<VirtualHost _default_:444>
	118	RewriteEngine on
	119	RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK\|OPTIONS)
	120	RewriteRule .* - [F]
	121	DocumentRoot /home/httpd/html
	122	ServerAdmin root@localhost
	123	ErrorLog /var/log/httpd/error_log
	124	TransferLog /var/log/httpd/access_log
	125	SSLEngine on
	126	SSLProtocol all -SSLv2
	127	SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
	128	SSLCertificateFile /etc/httpd/server.crt
	129	SSLCertificateKeyFile /etc/httpd/server.key
130	<Files ~ "\.(cgi\|shtml?)$">
131	SSLOptions +StdEnvVars
132	</Files>
133	<Directory /home/httpd/cgi-bin>
134	SSLOptions +StdEnvVars
135	</Directory>
136	SetEnv HOME /home/nobody
137	SetEnvIf User-Agent ".MSIE." \
138	nokeepalive ssl-unclean-shutdown \
139	downgrade-1.0 force-response-1.0
140	CustomLog /var/log/httpd/ssl_request_log \
141	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
142	</VirtualHost>
143
144	<Directory /home/httpd/html/backup>
145	Options None
146	AllowOverride None
147	AuthName "Restricted"
148	AuthType Basic
149	AuthUserFile /var/ipfire/auth/users
150	require user admin
151	</Directory>
152
153	include /etc/httpd/conf/hostname.conf