Update to apache 2.4.27

[people/mlorenz/ipfire-2.x.git] / config / httpd / vhosts.d / ipfire-interface-ssl.conf

diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
index 08ba2b375bcbacf7434fc55da2596c00eb528894..6f353962ec7ea3ef3e1018275c54935d42a6d67b 100644 (file)
--- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
+++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
@@ -8,16 +8,16 @@
     ErrorLog /var/log/httpd/error_log
     TransferLog /var/log/httpd/access_log
     SSLEngine on
-    SSLProtocol all -SSLv2
-    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
+    SSLProtocol all -SSLv2 -SSLv3
+    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
+    SSLHonorCipherOrder on
     SSLCertificateFile /etc/httpd/server.crt
     SSLCertificateKeyFile /etc/httpd/server.key
 
     <Directory /srv/web/ipfire/html>
         Options ExecCGI
         AllowOverride None
-        Order allow,deny
-        Allow from all
+        Require all granted
     </Directory>
     <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
         AuthName "IPFire - Restricted"
@@ -33,17 +33,11 @@
         AuthType Basic
         AuthUserFile /var/ipfire/auth/users
         Require user admin
-         <Files chpasswd.cgi>
-            Satisfy Any
-            Allow from All
+        <Files chpasswd.cgi>
+            Require all granted
         </Files>
         <Files webaccess.cgi>
-            Satisfy Any
-            Allow from All
-        </Files>
-        <Files credits.cgi>
-            Satisfy Any
-            Allow from All
+            Require all granted
         </Files>
         <Files dial.cgi>
             Require user admin
@@ -74,7 +68,23 @@
        <Directory /var/updatecache>
                 Options ExecCGI
                 AllowOverride None
-                Order deny,allow
-                Allow from all
+                Require all granted
        </Directory>
+
+    Alias /repository/ /var/urlrepo/
+       <Directory /var/urlrepo>
+                Options ExecCGI
+                AllowOverride None
+                Require all granted
+       </Directory>
+
+    Alias /proxy-reports/ /var/log/sarg/
+    <Directory /var/log/sarg>
+        AllowOverride None
+        Options None
+        AuthName "IPFire - Restricted"
+        AuthType Basic
+        AuthUserFile /var/ipfire/auth/users
+        Require user admin
+    </Directory>
 </VirtualHost>