]>
Commit | Line | Data |
---|---|---|
90c973a6 MT |
1 | <VirtualHost *:444> |
2 | ||
3 | RewriteEngine on | |
4 | RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) | |
5 | RewriteRule .* - [F] | |
0cabaf35 | 6 | |
d733119b | 7 | DocumentRoot /srv/web/ipfire/html |
90c973a6 MT |
8 | ServerAdmin root@localhost |
9 | ErrorLog /var/log/httpd/error_log | |
10 | TransferLog /var/log/httpd/access_log | |
0cabaf35 | 11 | |
90c973a6 | 12 | SSLEngine on |
a7006325 | 13 | SSLProtocol all -SSLv2 -SSLv3 |
f227ae4f | 14 | SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA |
69776cc4 | 15 | SSLHonorCipherOrder on |
a57f4a9f PM |
16 | SSLCompression off |
17 | SSLSessionTickets off | |
90c973a6 MT |
18 | SSLCertificateFile /etc/httpd/server.crt |
19 | SSLCertificateKeyFile /etc/httpd/server.key | |
73ba2286 PM |
20 | SSLCertificateFile /etc/httpd/server-ecdsa.crt |
21 | SSLCertificateKeyFile /etc/httpd/server-ecdsa.key | |
810a7ea2 | 22 | |
0cabaf35 PM |
23 | Header always set X-Content-Type-Options nosniff |
24 | ||
d733119b | 25 | <Directory /srv/web/ipfire/html> |
90c973a6 MT |
26 | Options ExecCGI |
27 | AllowOverride None | |
d41fe99f | 28 | Require all granted |
90c973a6 | 29 | </Directory> |
d733119b | 30 | <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)"> |
90c973a6 MT |
31 | AuthName "IPFire - Restricted" |
32 | AuthType Basic | |
33 | AuthUserFile /var/ipfire/auth/users | |
50846453 PM |
34 | <RequireAll> |
35 | Require user admin | |
36 | Require ssl | |
37 | </RequireAll> | |
90c973a6 | 38 | </DirectoryMatch> |
d733119b MT |
39 | ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ |
40 | <Directory /srv/web/ipfire/cgi-bin> | |
90c973a6 | 41 | AllowOverride None |
810a7ea2 | 42 | Options ExecCGI |
90c973a6 MT |
43 | AuthName "IPFire - Restricted" |
44 | AuthType Basic | |
45 | AuthUserFile /var/ipfire/auth/users | |
50846453 PM |
46 | <RequireAll> |
47 | Require user admin | |
48 | Require ssl | |
49 | </RequireAll> | |
d41fe99f WA |
50 | <Files chpasswd.cgi> |
51 | Require all granted | |
90c973a6 MT |
52 | </Files> |
53 | <Files webaccess.cgi> | |
d41fe99f | 54 | Require all granted |
90c973a6 | 55 | </Files> |
90c973a6 MT |
56 | </Directory> |
57 | <Files ~ "\.(cgi|shtml?)$"> | |
58 | SSLOptions +StdEnvVars | |
59 | </Files> | |
d733119b | 60 | <Directory /srv/web/ipfire/cgi-bin> |
90c973a6 MT |
61 | SSLOptions +StdEnvVars |
62 | </Directory> | |
63 | SetEnv HOME /home/nobody | |
64 | SetEnvIf User-Agent ".*MSIE.*" \ | |
65 | nokeepalive ssl-unclean-shutdown \ | |
66 | downgrade-1.0 force-response-1.0 | |
67 | CustomLog /var/log/httpd/ssl_request_log \ | |
68 | "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | |
0bc58278 AF |
69 | |
70 | Alias /updatecache/ /var/updatecache/ | |
71 | <Directory /var/updatecache> | |
72 | Options ExecCGI | |
73 | AllowOverride None | |
d41fe99f | 74 | Require all granted |
0bc58278 | 75 | </Directory> |
7e620487 | 76 | |
a4c76879 | 77 | Alias /repository/ /var/urlrepo/ |
7e620487 CS |
78 | <Directory /var/urlrepo> |
79 | Options ExecCGI | |
80 | AllowOverride None | |
d41fe99f | 81 | Require all granted |
7e620487 | 82 | </Directory> |
f8716194 MT |
83 | |
84 | Alias /proxy-reports/ /var/log/sarg/ | |
85 | <Directory /var/log/sarg> | |
86 | AllowOverride None | |
87 | Options None | |
88 | AuthName "IPFire - Restricted" | |
89 | AuthType Basic | |
90 | AuthUserFile /var/ipfire/auth/users | |
50846453 PM |
91 | <RequireAll> |
92 | Require user admin | |
93 | Require ssl | |
94 | </RequireAll> | |
f8716194 | 95 | </Directory> |
90c973a6 | 96 | </VirtualHost> |