--- /dev/null
+<IfModule mod_php5.c>
+ AddType application/x-httpd-php .php3
+ AddType application/x-httpd-php .php4
+ AddType application/x-httpd-php .php5
+ AddType application/x-httpd-php .php
+ AddType application/x-httpd-php-source .php3s
+ AddType application/x-httpd-php-source .php4s
+ AddType application/x-httpd-php-source .php5s
+ AddType application/x-httpd-php-source .phps
+ DirectoryIndex index.php3
+ DirectoryIndex index.php4
+ DirectoryIndex index.php5
+ DirectoryIndex index.php
+</IfModule>
--- /dev/null
+#
+# Global configuration that will be applicable for all virtual hosts, unless
+# deleted here, or overriden elswhere.
+#
+
+DocumentRoot /home/httpd/html
+
+#Include /etc/httpd/conf/conf.d/*.conf
--- /dev/null
+Timeout 300
+ServerSignature on
+UseCanonicalName off
+ServerTokens OS
+LogLevel warn
+CustomLog /var/log/httpd/access_log combined
+Include /etc/httpd/conf/hostname.conf
+HostnameLookups off
+AddHandler cgi-script .cgi
-##\r
-## httpd.conf -- Apache HTTP server configuration file\r
-##\r
-ServerType standalone\r
-ServerRoot /etc/httpd\r
-\r
-LockFile /var/lock/httpd.lock\r
-PidFile /var/run/httpd.pid\r
-ScoreBoardFile /var/run/httpd.scoreboard\r
-Timeout 900\r
-KeepAlive On\r
-MaxKeepAliveRequests 100\r
-KeepAliveTimeout 15\r
-MinSpareServers 1\r
-MaxSpareServers 2\r
-StartServers 2\r
-MaxClients 10\r
-MaxRequestsPerChild 100\r
-Port 81\r
-Listen 81\r
-Listen 444\r
-User nobody\r
-Group nobody\r
-ServerAdmin root@localhost\r
-ServerTokens Prod\r
-DocumentRoot /home/httpd/html\r
-# Limit track/trace requests\r
-RewriteEngine on\r
-RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)\r
-RewriteRule .* - [F]\r
-\r
-<Directory />\r
- Options None\r
- AllowOverride None\r
-</Directory>\r
-<Directory /home/httpd/html>\r
- Options ExecCGI\r
- AllowOverride None\r
- Order allow,deny\r
- Allow from all\r
-</Directory>\r
-<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">\r
- AuthName "IPFire - Restricted"\r
- AuthType Basic\r
- AuthUserFile /var/ipfire/auth/users\r
- Require user admin\r
-</DirectoryMatch>\r
-ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/\r
-<Directory /home/httpd/cgi-bin>\r
- AllowOverride None\r
- Options None\r
- AuthName "IPFire - Restricted"\r
- AuthType Basic\r
- AuthUserFile /var/ipfire/auth/users\r
- Require user admin\r
- <Files chpasswd.cgi>\r
- Satisfy Any\r
- Allow from All\r
- </Files>\r
- <Files webaccess.cgi>\r
- Satisfy Any\r
- Allow from All\r
- </Files>\r
- <Files credits.cgi>\r
- Satisfy Any\r
- Allow from All\r
- </Files>\r
- <Files dial.cgi>\r
- Require user admin\r
- </Files>\r
-</Directory>\r
-<Directory /home/httpd/cgi-bin/dial>\r
- AllowOverride None\r
- Options None\r
- AuthName "IPFire - Restricted"\r
- AuthType Basic\r
- AuthUserFile /var/ipfire/auth/users\r
- Require user dial admin\r
-</Directory>\r
-<IfModule mod_dir.c>\r
- DirectoryIndex index.html index.htm index.shtml index.cgi\r
-</IfModule>\r
-AccessFileName .htaccess\r
-<Files ~ "^\.ht">\r
- Order allow,deny\r
- Deny from all\r
-</Files>\r
-<IfModule mod_mime.c>\r
- TypesConfig /etc/mime.types\r
-</IfModule>\r
-DefaultType text/plain\r
-\r
-HostnameLookups Off\r
-ErrorLog /var/log/httpd/error_log\r
-LogLevel warn\r
-LogFormat "%h %l %u %t \"%r\" %>s %b" common\r
-CustomLog /var/log/httpd/access_log common\r
-ServerSignature Off\r
-AddHandler cgi-script .cgi\r
-<IfModule mod_setenvif.c>\r
- BrowserMatch "Mozilla/2" nokeepalive\r
- BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0\r
- BrowserMatch "RealPlayer 4\.0" force-response-1.0\r
- BrowserMatch "Java/1\.0" force-response-1.0\r
- BrowserMatch "JDK/1\.0" force-response-1.0\r
-</IfModule>\r
-\r
-###\r
-### SSL Configuration\r
-###\r
-AddType application/x-x509-ca-cert .crt\r
-AddType application/x-pkcs7-crl .crl\r
-\r
-SSLPassPhraseDialog builtin\r
-SSLSessionCache dbm:/var/log/httpd/ssl_scache\r
-SSLSessionCacheTimeout 900\r
-SSLMutex file:/var/log/httpd/ssl_mutex\r
-SSLRandomSeed startup builtin\r
-SSLRandomSeed connect builtin\r
-SSLLog /var/log/httpd/ssl_engine_log\r
-SSLLogLevel info\r
-\r
-<VirtualHost _default_:444>\r
- RewriteEngine on\r
- RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)\r
- RewriteRule .* - [F]\r
- DocumentRoot /home/httpd/html\r
- ServerAdmin root@localhost\r
- ErrorLog /var/log/httpd/error_log\r
- TransferLog /var/log/httpd/access_log\r
- SSLEngine on\r
- SSLProtocol all -SSLv2\r
- SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP\r
- SSLCertificateFile /etc/httpd/server.crt\r
- SSLCertificateKeyFile /etc/httpd/server.key\r
- <Files ~ "\.(cgi|shtml?)$">\r
- SSLOptions +StdEnvVars\r
- </Files>\r
- <Directory /home/httpd/cgi-bin>\r
- SSLOptions +StdEnvVars\r
- </Directory>\r
- SetEnv HOME /home/nobody\r
- SetEnvIf User-Agent ".*MSIE.*" \\r
- nokeepalive ssl-unclean-shutdown \\r
- downgrade-1.0 force-response-1.0\r
- CustomLog /var/log/httpd/ssl_request_log \\r
- "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"\r
-</VirtualHost>\r
-\r
-<Directory /home/httpd/html/backup>\r
- Options None\r
- AllowOverride None\r
- AuthName "IPFire - Restricted"\r
- AuthType Basic\r
- AuthUserFile /var/ipfire/auth/users\r
- require user admin\r
-</Directory>\r
-\r
-include /etc/httpd/conf/hostname.conf\r
+#
+# /etc/httpd/conf/httpd.conf
+#
+# This is the main Apache2 server configuration file for IPFire.
+# Plese do not change this file!
+
+# Overview of include files, chronologically:
+#
+# httpd.conf
+# |
+# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under
+# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...)
+# |-- loadmodule.conf . . . . . . . . . . . load these modules
+# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on
+# |-- mod_log_config.conf . . . . . . . . . define logging formats
+# |-- sysconfig.d/global.conf . . . . . . . server-wide general settings
+# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring)
+# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info
+# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking
+# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings
+# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration
+# |-- errors.conf . . . . . . . . . . . . . customize error responses
+# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts
+# |
+# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests
+# |
+# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here
+# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included)
+#
+
+### Global Environment ######################################################
+#
+# The directives in this section affect the overall operation of Apache,
+# such as the number of concurrent requests.
+
+# run under this user/group id
+Include /etc/httpd/conf/uid.conf
+
+# - how many server processes to start (server pool regulation)
+# - usage of KeepAlive
+Include /etc/httpd/conf/server-tuning.conf
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here. If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+ErrorLog /var/log/httpd/error_log
+
+# Load Modules here
+Include /etc/httpd/conf/loadmodule.conf
+
+# IP addresses / ports to listen on
+Include /etc/httpd/conf/listen.conf
+
+# predefined logging formats
+Include /etc/httpd/conf/mod_log_config.conf
+
+# global settings
+Include /etc/httpd/conf/global.conf
+
+# optional mod_status, mod_info
+#Include /etc/httpd/conf/mod_status.conf
+#Include /etc/httpd/conf/mod_info.conf
+
+# associate MIME types with filename extensions
+TypesConfig /etc/mime.types
+DefaultType text/plain
+
+# global (server-wide) SSL configuration, that is not specific to
+# any virtual host
+Include /etc/httpd/conf/ssl-global.conf
+
+<Directory />
+ Options None
+ AllowOverride None
+</Directory>
+
+# use .htaccess files for overriding,
+AccessFileName .htaccess
+# and never show them
+<Files ~ "^\.ht">
+ Order allow,deny
+ Deny from all
+</Files>
+
+# List of resources to look for when the client requests a directory
+DirectoryIndex index.html index.htm index.shtml index.cgi
+
+### 'Main' server configuration #############################################
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition. These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+Include /etc/httpd/conf/default-server.conf
+
+
+### Virtual server configuration ############################################
+#
+# VirtualHost: If you want to maintain multiple domains/hostnames on your
+# machine you can setup VirtualHost containers for them. Most configurations
+# use only name-based virtual hosts so the server doesn't need to worry about
+# IP addresses. This is indicated by the asterisks in the directives below.
+#
+# Please see the documentation at
+# <URL:http://httpd.apache.org/docs-2.0/vhosts/>
+# for further details before you try to setup virtual hosts.
+#
+# You may use the command line option '-S' to verify your virtual host
+# configuration.
+#
+Include /etc/httpd/conf/vhosts.d/*.conf
+
+
--- /dev/null
+Listen 81
+Listen 444
--- /dev/null
+LoadModule authn_file_module /usr/lib/apache/mod_authn_file.so
+LoadModule authn_dbm_module /usr/lib/apache/mod_authn_dbm.so
+LoadModule authn_anon_module /usr/lib/apache/mod_authn_anon.so
+LoadModule authn_dbd_module /usr/lib/apache/mod_authn_dbd.so
+LoadModule authn_default_module /usr/lib/apache/mod_authn_default.so
+LoadModule authz_host_module /usr/lib/apache/mod_authz_host.so
+LoadModule authz_groupfile_module /usr/lib/apache/mod_authz_groupfile.so
+LoadModule authz_user_module /usr/lib/apache/mod_authz_user.so
+LoadModule authz_dbm_module /usr/lib/apache/mod_authz_dbm.so
+LoadModule authz_owner_module /usr/lib/apache/mod_authz_owner.so
+LoadModule authz_default_module /usr/lib/apache/mod_authz_default.so
+LoadModule auth_basic_module /usr/lib/apache/mod_auth_basic.so
+LoadModule auth_digest_module /usr/lib/apache/mod_auth_digest.so
+#LoadModule dbd_module /usr/lib/apache/mod_dbd.so
+LoadModule dumpio_module /usr/lib/apache/mod_dumpio.so
+LoadModule ext_filter_module /usr/lib/apache/mod_ext_filter.so
+LoadModule include_module /usr/lib/apache/mod_include.so
+LoadModule filter_module /usr/lib/apache/mod_filter.so
+LoadModule deflate_module /usr/lib/apache/mod_deflate.so
+LoadModule log_config_module /usr/lib/apache/mod_log_config.so
+LoadModule log_forensic_module /usr/lib/apache/mod_log_forensic.so
+LoadModule logio_module /usr/lib/apache/mod_logio.so
+LoadModule env_module /usr/lib/apache/mod_env.so
+LoadModule mime_magic_module /usr/lib/apache/mod_mime_magic.so
+LoadModule cern_meta_module /usr/lib/apache/mod_cern_meta.so
+LoadModule expires_module /usr/lib/apache/mod_expires.so
+LoadModule headers_module /usr/lib/apache/mod_headers.so
+LoadModule ident_module /usr/lib/apache/mod_ident.so
+LoadModule usertrack_module /usr/lib/apache/mod_usertrack.so
+LoadModule unique_id_module /usr/lib/apache/mod_unique_id.so
+LoadModule setenvif_module /usr/lib/apache/mod_setenvif.so
+LoadModule version_module /usr/lib/apache/mod_version.so
+LoadModule mime_module /usr/lib/apache/mod_mime.so
+LoadModule dav_module /usr/lib/apache/mod_dav.so
+LoadModule status_module /usr/lib/apache/mod_status.so
+LoadModule autoindex_module /usr/lib/apache/mod_autoindex.so
+LoadModule asis_module /usr/lib/apache/mod_asis.so
+LoadModule info_module /usr/lib/apache/mod_info.so
+LoadModule cgi_module /usr/lib/apache/mod_cgi.so
+LoadModule dav_fs_module /usr/lib/apache/mod_dav_fs.so
+LoadModule vhost_alias_module /usr/lib/apache/mod_vhost_alias.so
+LoadModule negotiation_module /usr/lib/apache/mod_negotiation.so
+LoadModule dir_module /usr/lib/apache/mod_dir.so
+LoadModule imagemap_module /usr/lib/apache/mod_imagemap.so
+LoadModule actions_module /usr/lib/apache/mod_actions.so
+LoadModule speling_module /usr/lib/apache/mod_speling.so
+LoadModule userdir_module /usr/lib/apache/mod_userdir.so
+LoadModule alias_module /usr/lib/apache/mod_alias.so
+LoadModule rewrite_module /usr/lib/apache/mod_rewrite.so
+LoadModule ssl_module /usr/lib/apache/mod_ssl.so
+LoadModule php5_module /usr/lib/apache/libphp5.so
--- /dev/null
+#
+# Allow remote server configuration reports, with the URL of
+# http://servername/server-info (requires that mod_info.c be loaded).
+#
+# see http://httpd.apache.org/docs-2.0/mod/mod_info.html
+#
+<IfModule mod_info.c>
+ <Location /server-info>
+ SetHandler server-info
+ Order deny,allow
+ Deny from all
+ Allow from localhost
+ </Location>
+</IfModule>
--- /dev/null
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive.
+#
+
+#
+# Format string: Nickname:
+#
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+LogFormat "%h %l %u %t \"%r\" %>s %b \
+\"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%v %h %l %u %t \"%r\" %>s %b \
+\"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+
+# To use %I and %O, you need to enable mod_logio
+<IfModule mod_logio.c>
+LogFormat "%h %l %u %t \"%r\" %>s %b \
+\"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+</IfModule>
+
+# Use one of these when you want a compact non-error SSL logfile on a virtual
+# host basis:
+<IfModule mod_ssl.c>
+Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
+\"%r\" %b" ssl_common
+Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
+\"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\"" ssl_combined
+</IfModule>
--- /dev/null
+#
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+#
+# see http://httpd.apache.org/docs-2.0/mod/mod_status.html
+#
+<IfModule mod_status.c>
+ <Location /server-status>
+ SetHandler server-status
+ Order deny,allow
+ Deny from all
+ Allow from localhost
+ </Location>
+</IfModule>
--- /dev/null
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 15
+
+MinSpareServers 1
+MaxSpareServers 2
+StartServers 2
+MaxClients 10
+MaxRequestsPerChild 100
+
+#
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
--- /dev/null
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+# These are the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailing information about these
+# directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do. They're here only as hints or reminders. If you are unsure
+# consult the online docs. You have been warned.
+
+# This global SSL configuration is ignored if
+# "SSL" is not defined, or if "NOSSL" is defined.
+<IfDefine SSL>
+<IfDefine !NOSSL>
+<IfModule mod_ssl.c>
+
+ #
+ # Some MIME-types for downloading Certificates and CRLs
+ #
+ AddType application/x-x509-ca-cert .crt
+ AddType application/x-pkcs7-crl .crl
+
+ # Pass Phrase Dialog:
+ # Configure the pass phrase gathering process.
+ # The filtering dialog program (`builtin' is a internal
+ # terminal dialog) has to provide the pass phrase on stdout.
+ SSLPassPhraseDialog builtin
+
+ # Inter-Process Session Cache:
+ # Configure the SSL Session Cache: First the mechanism
+ # to use and second the expiring timeout (in seconds).
+ # shm means the same as shmht.
+ # Note that on most platforms shared memory segments are not allowed to be on
+ # network-mounted drives, so in that case you need to use the dbm method.
+ #SSLSessionCache none
+ #SSLSessionCache dbm:/var/log/httpd/ssl_scache
+ #SSLSessionCache shmht:/var/log/httpd/ssl_scache(512000)
+ SSLSessionCache shmcb:/var/log/httpd/ssl_scache(512000)
+ SSLSessionCacheTimeout 900
+
+ # Semaphore:
+ # Configure the path to the mutual exclusion semaphore the
+ # SSL engine uses internally for inter-process synchronization.
+ SSLMutex file:/var/log/httpd/ssl_mutex
+
+ # Pseudo Random Number Generator (PRNG):
+ # Configure one or more sources to seed the PRNG of the
+ # SSL library. The seed data should be of good random quality.
+ # WARNING! On some platforms /dev/random blocks if not enough entropy
+ # is available. This means you then cannot use the /dev/random device
+ # because it would lead to very long connection times (as long as
+ # it requires to make more entropy available). But usually those
+ # platforms additionally provide a /dev/urandom device which doesn't
+ # block. So, if available, use this one instead. Read the mod_ssl User
+ # Manual for more details.
+ SSLRandomSeed startup builtin
+ SSLRandomSeed connect builtin
+
+ SSLLog /var/log/httpd/ssl_engine_log
+ SSLLogLevel info
+
+</IfModule>
+</IfDefine>
+</IfDefine>
--- /dev/null
+User nobody
+Group nobody
--- /dev/null
+<VirtualHost *:444>
+
+ RewriteEngine on
+ RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
+ RewriteRule .* - [F]
+ DocumentRoot /home/httpd/html
+ ServerAdmin root@localhost
+ ErrorLog /var/log/httpd/error_log
+ TransferLog /var/log/httpd/access_log
+ SSLEngine on
+ SSLProtocol all -SSLv2
+ SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
+ SSLCertificateFile /etc/httpd/server.crt
+ SSLCertificateKeyFile /etc/httpd/server.key
+ <Directory /home/httpd/html>
+ Options ExecCGI
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+ </Directory>
+ <DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
+ AuthName "IPFire - Restricted"
+ AuthType Basic
+ AuthUserFile /var/ipfire/auth/users
+ Require user admin
+ </DirectoryMatch>
+ ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
+ <Directory /home/httpd/cgi-bin>
+ AllowOverride None
+ Options None
+ AuthName "IPFire - Restricted"
+ AuthType Basic
+ AuthUserFile /var/ipfire/auth/users
+ Require user admin
+ <Files chpasswd.cgi>
+ Satisfy Any
+ Allow from All
+ </Files>
+ <Files webaccess.cgi>
+ Satisfy Any
+ Allow from All
+ </Files>
+ <Files credits.cgi>
+ Satisfy Any
+ Allow from All
+ </Files>
+ <Files dial.cgi>
+ Require user admin
+ </Files>
+ </Directory>
+ <Directory /home/httpd/cgi-bin/dial>
+ AllowOverride None
+ Options None
+ AuthName "IPFire - Restricted"
+ AuthType Basic
+ AuthUserFile /var/ipfire/auth/users
+ Require user dial admin
+ </Directory>
+ <Files ~ "\.(cgi|shtml?)$">
+ SSLOptions +StdEnvVars
+ </Files>
+ <Directory /home/httpd/cgi-bin>
+ SSLOptions +StdEnvVars
+ </Directory>
+ SetEnv HOME /home/nobody
+ SetEnvIf User-Agent ".*MSIE.*" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ CustomLog /var/log/httpd/ssl_request_log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+</VirtualHost>
--- /dev/null
+<VirtualHost *:81>
+
+ DocumentRoot /home/httpd/html
+
+ RewriteEngine on
+ RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
+ RewriteRule .* - [F]
+
+ <Directory /home/httpd/html>
+ Options ExecCGI
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+ </Directory>
+ <DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
+ AuthName "IPFire - Restricted"
+ AuthType Basic
+ AuthUserFile /var/ipfire/auth/users
+ Require user admin
+ </DirectoryMatch>
+ ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
+ <Directory /home/httpd/cgi-bin>
+ AllowOverride None
+ Options None
+ AuthName "IPFire - Restricted"
+ AuthType Basic
+ AuthUserFile /var/ipfire/auth/users
+ Require user admin
+ <Files chpasswd.cgi>
+ Satisfy Any
+ Allow from All
+ </Files>
+ <Files webaccess.cgi>
+ Satisfy Any
+ Allow from All
+ </Files>
+ <Files credits.cgi>
+ Satisfy Any
+ Allow from All
+ </Files>
+ <Files dial.cgi>
+ Require user admin
+ </Files>
+ </Directory>
+ <Directory /home/httpd/cgi-bin/dial>
+ AllowOverride None
+ Options None
+ AuthName "IPFire - Restricted"
+ AuthType Basic
+ AuthUserFile /var/ipfire/auth/users
+ Require user dial admin
+ </Directory>
+
+</VirtualHost>
\ No newline at end of file
/usr/share/man/man8/{ab,apachectl,apxs,htcacheclean,httpd}.8 \
/usr/share/man/man8/{logresolve,rotatelogs,suexec}.8
- sed 's+CONFIG_ROOT+$(CONFIG_ROOT)+g' $(DIR_SRC)/config/httpd/httpd.conf > /etc/httpd/conf/httpd.conf
+ cp -rf $(DIR_CONF)/httpd/* /etc/httpd/conf
ln -sf $(CONFIG_ROOT)/main/hostname.conf /etc/httpd/conf/
# Copy all html/cgi-bin files
mkdir -p /install/cdrom/{doc,dosutils,images}
sed -e "s/KVER/$(KVER)/g" $(DIR_SRC)/src/ROOTFILES.$(MACHINE) > /tmp/ROOTFILES
tar -c -C / --files-from=/tmp/ROOTFILES \
- -f /$(SNAME).tar --exclude='#*' --exclude='dev/pts/*' \
- --exclude='proc/*'
+ -f /$(SNAME).tar --exclude='#*' --exclude='dev/pts/*' \
+ --exclude='proc/*' --exclude='tmp/ROOTFILES'
rm -f /tmp/ROOTFILES
tar -x -C /tmp -f /$(SNAME).tar
rm -f /$(SNAME).tar
include Config
VER = 2.4.33
+PATCHLEVEL = 2.4.33.3
THISAPP = linux-$(VER)
DL_FILE = $(THISAPP).tar.gz
ifeq "$(ROOT)" ""
ifeq "$(LFS_PASS)" "ipfire"
ifeq "$(SMP)" ""
- TARGET = $(DIR_INFO)/$(THISAPP)-ipfire
+ TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire
endif
ifeq "$(SMP)" "1"
- TARGET = $(DIR_INFO)/$(THISAPP)-ipfire-smp
+ TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-smp
endif
ifeq "$(SMP)" "installer"
- TARGET = $(DIR_INFO)/$(THISAPP)-ipfire-installer
+ TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-installer
endif
else
- TARGET = $(DIR_INFO)/$(THISAPP)
+ TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)
endif
else
- TARGET = $(DIR_INFO)/$(THISAPP)-tools
+ TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-tools
endif
###############################################################################
patch-o-matic-ng-20060206.tar.bz2 \
kbc_option_2420.patch \
net4801.kernel.patch_2.4.31 \
- netfilter-layer7-v2.1.tar.gz
+ netfilter-layer7-v2.1.tar.gz \
+ patch-$(PATCHLEVEL).bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+patch-$(PATCHLEVEL).bz2 = $(DL_FROM)/patch-$(PATCHLEVEL).bz2
openswan-1.0.10rc2.tar.gz = $(URL_IPFIRE)/openswan-1.0.10rc2.tar.gz
patch-o-matic-ng-20060206.tar.bz2 = $(URL_IPFIRE)/patch-o-matic-ng-20060206.tar.bz2
iptables-1.3.5.tar.bz2 = $(URL_IPFIRE)/iptables-1.3.5.tar.bz2
kbc_option_2420.patch = $(URL_IPFIRE)/kbc_option_2420.patch
net4801.kernel.patch_2.4.31 = $(URL_IPFIRE)/net4801.kernel.patch_2.4.31
netfilter-layer7-v2.1.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.1.tar.gz
-#bootsplash-3.0.7-2.4.31-vanilla.diff = $(URL_IPFIRE)/bootsplash-3.0.7-2.4.31-vanilla.diff
$(DL_FILE)_MD5 = 4d258d4267de64f0a22e23f6ab026990
+patch-$(PATCHLEVEL).bz2_MD5 = 3597da59e82a495d97e1f0ecd8fc5d4d
openswan-1.0.10rc2.tar.gz_MD5 = 20d51ff963da78f826f4e0f0ebc4bcef
patch-o-matic-ng-20060206.tar.bz2_MD5 = eca9893afb753e331caddfe63142b566
iptables-1.3.5.tar.bz2_MD5 = 00fb916fa8040ca992a5ace56d905ea5
kbc_option_2420.patch_MD5 = 6d37870344f7fcf97ace1fbf43323c60
net4801.kernel.patch_2.4.31_MD5 = c7d64e3caedb2f2b10e1c11db7f73a04
netfilter-layer7-v2.1.tar.gz_MD5 = 551626a158c2a2cbfd937d27ecc7fac1
-#bootsplash-3.0.7-2.4.31-vanilla.diff = 767c263d1d28827d51abc83945e4b893
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) $(DIR_SRC)/linux && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && bzcat $(DIR_DL)/patch-$(PATCHLEVEL).bz2 | patch -p1
+ # Remove patch level in EXTRAVERSION.
+ # We want to avoid the need to supply a full kernel
+ # (installed in a different place) if only one part could be updated
+ cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =/' Makefile
cd $(DIR_SRC) && ln -sf linux-$(VER) linux
cd $(DIR_APP) && sed -i -e 's/-Werror//' drivers/scsi/aic7xxx/Makefile
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ @rm -rf /etc/ssl
cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-m486/-mcpu=i386/' Configure
cd $(DIR_APP) && chmod 755 Configure
cd $(DIR_APP) && ./config --openssldir=/etc/ssl --prefix=/usr 386 \
no-idea no-threads no-mdc2 no-rc5 no-ec zlib-dynamic shared
- cd $(DIR_APP) && sed -i 's%SHLIBDIRS= fips crypto ssl%SHLIBDIRS= crypto ssl%g' Makefile
+ cd $(DIR_APP) && sed -i 's/^PROCESSOR= 386/PROCESSOR=386/g' Makefile
cd $(DIR_APP) && make depend
cd $(DIR_APP) && make MANDIR=/usr/share/man
cd $(DIR_APP) && make MANDIR=/usr/share/man install
# ??-12-2003 Mark Wormgoor < mark@wormgoor.com> #
# - Modified Makefile for IPCop build #
# #
-# $Id: syslinux,v 1.6.2.9 2005/02/05 15:38:16 gespinasse Exp $
+# $Id: syslinux,v 1.6.2.11 2006/09/18 06:23:26 gespinasse Exp $
# #
###############################################################################
include Config
-VER = 2.11
+VER = 3.20
THISAPP = syslinux-$(VER)
DL_FILE = $(THISAPP).tar.gz
-DL_FROM = $(URL_KERNEL)/linux/utils/boot/syslinux/Old
+DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a73c4b32629c925676660c468ef3cf1a
+$(DL_FILE)_MD5 = dbb7c5acfa58220a158cd67854ef4625
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP)/sample && sed -i 's%^CFLAGS.*$$%CFLAGS = $(CFLAGS) -fno-stack-protector -fomit-frame-pointer -I../com32/include%' Makefile
- cd $(DIR_APP) && sed -i 's%^CFLAGS.*$$%CFLAGS = $(CFLAGS) -fno-stack-protector -fomit-frame-pointer -D_FILE_OFFSET_BITS=64%' Makefile
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/syslinux-3.11-nossp.patch
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)
#etc/httpd/conf/extra/httpd-userdir.conf
#etc/httpd/conf/extra/httpd-vhosts.conf
etc/httpd/conf/httpd.conf
+etc/httpd/conf/conf.d
+etc/httpd/conf/default-server.conf
+etc/httpd/conf/global.conf
+etc/httpd/conf/hostname.conf
+etc/httpd/conf/httpd.conf
+etc/httpd/conf/listen.conf
+etc/httpd/conf/loadmodule.conf
+etc/httpd/conf/mod_info.conf
+etc/httpd/conf/mod_log_config.conf
+etc/httpd/conf/mod_status.conf
+etc/httpd/conf/server-tuning.conf
+etc/httpd/conf/ssl-global.conf
+etc/httpd/conf/uid.conf
+#etc/httpd/conf/vhosts.d
+etc/httpd/conf/vhosts.d/ipfire-interface.conf
+etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
#etc/httpd/conf/magic
#etc/httpd/conf/mime.types
#etc/httpd/conf/original
-/* SmoothWall setup program.\r
- *\r
- * This program is distributed under the terms of the GNU General Public\r
- * Licence. See the file COPYING for details.\r
- *\r
- * (c) Lawrence Manning, 2001\r
- * Password stuff.\r
- * \r
- * $Id: passwords.c,v 1.5.2.1 2004/04/14 22:05:41 gespinasse Exp $\r
- * \r
- */\r
-\r
-#include "setup.h"\r
-\r
-extern FILE *flog;\r
-extern char *mylog;\r
-\r
-extern char **ctr;\r
-\r
-extern int automode;\r
-\r
-int getpassword(char *password, char *text);\r
-\r
-/* Root password. */\r
-int handlerootpassword(void)\r
-{\r
- char password[STRING_SIZE];\r
- char commandstring[STRING_SIZE];\r
- \r
- /* Root password. */\r
- if (getpassword(password, ctr[TR_ENTER_ROOT_PASSWORD]) == 2)\r
- return 0;\r
- \r
- snprintf(commandstring, STRING_SIZE,\r
- "/bin/echo 'root:%s' | /usr/sbin/chpasswd", password);\r
- if (runhiddencommandwithstatus(commandstring, ctr[TR_SETTING_ROOT_PASSWORD]))\r
- {\r
- errorbox(ctr[TR_PROBLEM_SETTING_ROOT_PASSWORD]);\r
- return 0;\r
- }\r
- \r
- return 1;\r
-}\r
-\r
-int handleadminpassword(void)\r
-{\r
- char password[STRING_SIZE];\r
- char commandstring[STRING_SIZE];\r
- char message[1000];\r
- \r
- /* web interface admin password. */\r
- sprintf(message, ctr[TR_ENTER_ADMIN_PASSWORD], NAME, NAME);\r
- if (getpassword(password, message) == 2)\r
- return 0;\r
- \r
- snprintf(commandstring, STRING_SIZE,\r
- "/usr/bin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password);\r
- sprintf(message, ctr[TR_SETTING_ADMIN_PASSWORD], NAME);\r
- if (runhiddencommandwithstatus(commandstring, message))\r
- {\r
- sprintf(message, ctr[TR_PROBLEM_SETTING_ADMIN_PASSWORD], NAME);\r
- errorbox(message);\r
- return 0;\r
- }\r
-\r
- return 1;\r
-}\r
-\r
-/* Taken from the cdrom one. */\r
-int getpassword(char *password, char *text)\r
-{\r
- char *values[] = { NULL, NULL, NULL }; /* pointers for the values. */\r
- struct newtWinEntry entries[] =\r
- { \r
- { ctr[TR_PASSWORD_PROMPT], &values[0], 2 },\r
- { ctr[TR_AGAIN_PROMPT], &values[1], 2 },\r
- { NULL, NULL, 0 }\r
- };\r
- char title[STRING_SIZE];\r
- int rc;\r
- int done;\r
- \r
- do\r
- {\r
- done = 1;\r
- sprintf (title, "%s v%s - %s", NAME, VERSION, SLOGAN);\r
- rc = newtWinEntries(title, text,\r
- 50, 5, 5, 20, entries, ctr[TR_OK], ctr[TR_CANCEL], NULL);\r
-\r
- if (rc != 2)\r
- {\r
- if (strlen(values[0]) == 0 || strlen(values[1]) == 0)\r
- {\r
- errorbox(ctr[TR_PASSWORD_CANNOT_BE_BLANK]);\r
- done = 0;\r
- strcpy(values[0], "");\r
- strcpy(values[1], "");\r
- }\r
- else if (strcmp(values[0], values[1]) != 0)\r
- {\r
- errorbox(ctr[TR_PASSWORDS_DO_NOT_MATCH]);\r
- done = 0;\r
- strcpy(values[0], "");\r
- strcpy(values[1], "");\r
- }\r
- else if (strchr(values[0], ' '))\r
- {\r
- errorbox(ctr[TR_PASSWORD_CANNOT_CONTAIN_SPACES]);\r
- done = 0;\r
- strcpy(values[0], "");\r
- strcpy(values[1], "");\r
- }\r
- }\r
- }\r
- while (!done);\r
-\r
- strncpy(password, values[0], STRING_SIZE);\r
-\r
- if (values[0]) free(values[0]);\r
- if (values[1]) free(values[1]);\r
-\r
- return rc;\r
-}\r
+/* SmoothWall setup program.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence. See the file COPYING for details.
+ *
+ * (c) Lawrence Manning, 2001
+ * Password stuff.
+ *
+ * $Id: passwords.c,v 1.5.2.1 2004/04/14 22:05:41 gespinasse Exp $
+ *
+ */
+
+#include "setup.h"
+
+extern FILE *flog;
+extern char *mylog;
+
+extern char **ctr;
+
+extern int automode;
+
+int getpassword(char *password, char *text);
+
+/* Root password. */
+int handlerootpassword(void)
+{
+ char password[STRING_SIZE];
+ char commandstring[STRING_SIZE];
+
+ /* Root password. */
+ if (getpassword(password, ctr[TR_ENTER_ROOT_PASSWORD]) == 2)
+ return 0;
+
+ snprintf(commandstring, STRING_SIZE,
+ "/bin/echo 'root:%s' | /usr/sbin/chpasswd", password);
+ if (runhiddencommandwithstatus(commandstring, ctr[TR_SETTING_ROOT_PASSWORD]))
+ {
+ errorbox(ctr[TR_PROBLEM_SETTING_ROOT_PASSWORD]);
+ return 0;
+ }
+
+ return 1;
+}
+
+int handleadminpassword(void)
+{
+ char password[STRING_SIZE];
+ char commandstring[STRING_SIZE];
+ char message[1000];
+
+ /* web interface admin password. */
+ sprintf(message, ctr[TR_ENTER_ADMIN_PASSWORD], NAME, NAME);
+ if (getpassword(password, message) == 2)
+ return 0;
+
+ snprintf(commandstring, STRING_SIZE,
+ "/usr/sbin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password);
+ sprintf(message, ctr[TR_SETTING_ADMIN_PASSWORD], NAME);
+ if (runhiddencommandwithstatus(commandstring, message))
+ {
+ sprintf(message, ctr[TR_PROBLEM_SETTING_ADMIN_PASSWORD], NAME);
+ errorbox(message);
+ return 0;
+ }
+
+ return 1;
+}
+
+/* Taken from the cdrom one. */
+int getpassword(char *password, char *text)
+{
+ char *values[] = { NULL, NULL, NULL }; /* pointers for the values. */
+ struct newtWinEntry entries[] =
+ {
+ { ctr[TR_PASSWORD_PROMPT], &values[0], 2 },
+ { ctr[TR_AGAIN_PROMPT], &values[1], 2 },
+ { NULL, NULL, 0 }
+ };
+ char title[STRING_SIZE];
+ int rc;
+ int done;
+
+ do
+ {
+ done = 1;
+ sprintf (title, "%s v%s - %s", NAME, VERSION, SLOGAN);
+ rc = newtWinEntries(title, text,
+ 50, 5, 5, 20, entries, ctr[TR_OK], ctr[TR_CANCEL], NULL);
+
+ if (rc != 2)
+ {
+ if (strlen(values[0]) == 0 || strlen(values[1]) == 0)
+ {
+ errorbox(ctr[TR_PASSWORD_CANNOT_BE_BLANK]);
+ done = 0;
+ strcpy(values[0], "");
+ strcpy(values[1], "");
+ }
+ else if (strcmp(values[0], values[1]) != 0)
+ {
+ errorbox(ctr[TR_PASSWORDS_DO_NOT_MATCH]);
+ done = 0;
+ strcpy(values[0], "");
+ strcpy(values[1], "");
+ }
+ else if (strchr(values[0], ' '))
+ {
+ errorbox(ctr[TR_PASSWORD_CANNOT_CONTAIN_SPACES]);
+ done = 0;
+ strcpy(values[0], "");
+ strcpy(values[1], "");
+ }
+ }
+ }
+ while (!done);
+
+ strncpy(password, values[0], STRING_SIZE);
+
+ if (values[0]) free(values[0]);
+ if (values[1]) free(values[1]);
+
+ return rc;
+}