4 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
7 DocumentRoot /srv/web/ipfire/html
8 ServerAdmin root@localhost
9 ErrorLog /var/log/httpd/error_log
10 TransferLog /var/log/httpd/access_log
13 SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
14 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
15 SSLHonorCipherOrder on
18 SSLCertificateFile /etc/httpd/server.crt
19 SSLCertificateKeyFile /etc/httpd/server.key
20 SSLCertificateFile /etc/httpd/server-ecdsa.crt
21 SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
23 Header always set X-Content-Type-Options nosniff
24 Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
26 <Directory /srv/web/ipfire/html>
31 <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
32 AuthName "IPFire - Restricted"
34 AuthUserFile /var/ipfire/auth/users
40 ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
41 <Directory /srv/web/ipfire/cgi-bin>
44 AuthName "IPFire - Restricted"
46 AuthUserFile /var/ipfire/auth/users
58 <Files ~ "\.(cgi|shtml?)$">
59 SSLOptions +StdEnvVars
61 <Directory /srv/web/ipfire/cgi-bin>
62 SSLOptions +StdEnvVars
64 SetEnv HOME /home/nobody
65 SetEnvIf User-Agent ".*MSIE.*" \
66 nokeepalive ssl-unclean-shutdown \
67 downgrade-1.0 force-response-1.0
68 CustomLog /var/log/httpd/ssl_request_log \
69 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
71 Alias /updatecache/ /var/updatecache/
72 <Directory /var/updatecache>
78 Alias /repository/ /var/urlrepo/
79 <Directory /var/urlrepo>
85 Alias /proxy-reports/ /var/log/sarg/
86 <Directory /var/log/sarg>
89 AuthName "IPFire - Restricted"
91 AuthUserFile /var/ipfire/auth/users