<VirtualHost *:81>
- DocumentRoot /home/httpd/html
+ DocumentRoot /srv/web/ipfire/html
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]
- <Directory /home/httpd/html>
+ Header always set X-Content-Type-Options nosniff
+ Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+ Header always set Referrer-Policy strict-origin
+ Header always set X-Frame-Options sameorigin
+
+ <Directory /srv/web/ipfire/html>
Options ExecCGI
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all granted
</Directory>
- <DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
- AuthName "IPFire - Restricted"
- AuthType Basic
- AuthUserFile /var/ipfire/auth/users
- Require user admin
+ <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
+ Options SymLinksIfOwnerMatch
+ RewriteEngine on
+ RewriteCond %{HTTPS} off
+ RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
</DirectoryMatch>
- ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
- <Directory /home/httpd/cgi-bin>
- AllowOverride None
- Options None
- AuthName "IPFire - Restricted"
- AuthType Basic
- AuthUserFile /var/ipfire/auth/users
- Require user admin
- <Files chpasswd.cgi>
- Satisfy Any
- Allow from All
- </Files>
- <Files webaccess.cgi>
- Satisfy Any
- Allow from All
- </Files>
- <Files credits.cgi>
- Satisfy Any
- Allow from All
- </Files>
- <Files dial.cgi>
- Require user admin
- </Files>
+ ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
+ <Directory /srv/web/ipfire/cgi-bin>
+ Options SymLinksIfOwnerMatch
+ RewriteEngine on
+ RewriteCond %{HTTPS} off
+ RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
</Directory>
- <Directory /home/httpd/cgi-bin/dial>
- AllowOverride None
- Options None
- AuthName "IPFire - Restricted"
- AuthType Basic
- AuthUserFile /var/ipfire/auth/users
- Require user dial admin
- </Directory>
-
-</VirtualHost>
\ No newline at end of file
+ Alias /updatecache/ /var/updatecache/
+ <Directory /var/updatecache>
+ Options ExecCGI
+ AllowOverride None
+ Require all granted
+ </Directory>
+ Alias /repository/ /var/urlrepo/
+ <Directory /var/urlrepo>
+ Options ExecCGI
+ AllowOverride None
+ Require all granted
+ </Directory>
+ Alias /wpad.dat /srv/web/ipfire/html/proxy.pac
+</VirtualHost>