]> git.ipfire.org Git - ipfire-2.x.git/blame - config/httpd/vhosts.d/ipfire-interface-ssl.conf
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
suricata: Change midstream policy to "pass-flow"
[ipfire-2.x.git] / config / httpd / vhosts.d / ipfire-interface-ssl.conf
CommitLineData
90c973a6
MT		 1<VirtualHost *:444>
2
3 RewriteEngine on
4 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
5 RewriteRule .* - [F]
0cabaf35 6
d733119b 7 DocumentRoot /srv/web/ipfire/html
90c973a6
MT		 8 ServerAdmin root@localhost
9 ErrorLog /var/log/httpd/error_log
10 TransferLog /var/log/httpd/access_log
0cabaf35 11
90c973a6 12 SSLEngine on
63b515dc 13 SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
4636ed66 14 SSLCipherSuite AESGCM+EECDH:CHACHA20+EECDH:@STRENGTH:+aRSA
69776cc4 15 SSLHonorCipherOrder on
a57f4a9f
PM		 16 SSLCompression off
17 SSLSessionTickets off
90c973a6
MT		 18 SSLCertificateFile /etc/httpd/server.crt
19 SSLCertificateKeyFile /etc/httpd/server.key
73ba2286
PM		 20 SSLCertificateFile /etc/httpd/server-ecdsa.crt
21 SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
810a7ea2 22
0cabaf35 23 Header always set X-Content-Type-Options nosniff
e1e10515 24 Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:"
583687a8 25 Header always set Referrer-Policy strict-origin
be8afd15 26 Header always set X-Frame-Options sameorigin
0cabaf35 27
d733119b 28 <Directory /srv/web/ipfire/html>
90c973a6
MT		 29 Options ExecCGI
30 AllowOverride None
d41fe99f 31 Require all granted
90c973a6 32 </Directory>
d733119b 33 <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
90c973a6
MT		 34 AuthName "IPFire - Restricted"
35 AuthType Basic
36 AuthUserFile /var/ipfire/auth/users
50846453
PM		 37 <RequireAll>
38 Require user admin
39 Require ssl
40 </RequireAll>
90c973a6 41 </DirectoryMatch>
d733119b
MT		 42 ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
43 <Directory /srv/web/ipfire/cgi-bin>
90c973a6 44 AllowOverride None
810a7ea2 45 Options ExecCGI
90c973a6
MT		 46 AuthName "IPFire - Restricted"
47 AuthType Basic
48 AuthUserFile /var/ipfire/auth/users
50846453
PM		 49 <RequireAll>
50 Require user admin
51 Require ssl
52 </RequireAll>
d41fe99f
WA		 53 <Files chpasswd.cgi>
54 Require all granted
90c973a6
MT		 55 </Files>
56 <Files webaccess.cgi>
d41fe99f 57 Require all granted
90c973a6 58 </Files>
90c973a6
MT		 59 </Directory>
60 <Files ~ "\.(cgi|shtml?)$">
61 SSLOptions +StdEnvVars
62 </Files>
d733119b 63 <Directory /srv/web/ipfire/cgi-bin>
90c973a6
MT		 64 SSLOptions +StdEnvVars
65 </Directory>
66 SetEnv HOME /home/nobody
90c973a6
MT		 67 CustomLog /var/log/httpd/ssl_request_log \
68 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
0bc58278
AF		 69
70 Alias /updatecache/ /var/updatecache/
71 <Directory /var/updatecache>
72 Options ExecCGI
73 AllowOverride None
d41fe99f 74 Require all granted
0bc58278 75 </Directory>
7e620487 76
a4c76879 77 Alias /repository/ /var/urlrepo/
7e620487
CS		 78 <Directory /var/urlrepo>
79 Options ExecCGI
80 AllowOverride None
d41fe99f 81 Require all granted
7e620487 82 </Directory>
f8716194
MT		 83
84 Alias /proxy-reports/ /var/log/sarg/
85 <Directory /var/log/sarg>
86 AllowOverride None
87 Options None
88 AuthName "IPFire - Restricted"
89 AuthType Basic
90 AuthUserFile /var/ipfire/auth/users
50846453
PM		 91 <RequireAll>
92 Require user admin
93 Require ssl
94 </RequireAll>
f8716194 95 </Directory>
90c973a6 96</VirtualHost>
IPFire 2.x development tree