projects / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| 90c973a6 MT |
1 | <VirtualHost *:444> |
| 2 | ||
| 3 | RewriteEngine on | |
| 4 | RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) | |
| 5 | RewriteRule .* - [F] | |
| d733119b | 6 | DocumentRoot /srv/web/ipfire/html |
| 90c973a6 MT |
7 | ServerAdmin root@localhost |
| 8 | ErrorLog /var/log/httpd/error_log | |
| 9 | TransferLog /var/log/httpd/access_log | |
| 10 | SSLEngine on | |
| a7006325 | 11 | SSLProtocol all -SSLv2 -SSLv3 |
| 69776cc4 MT |
12 | SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK |
| 13 | SSLHonorCipherOrder on | |
| 90c973a6 MT |
14 | SSLCertificateFile /etc/httpd/server.crt |
| 15 | SSLCertificateKeyFile /etc/httpd/server.key | |
| 810a7ea2 | 16 | |
| d733119b | 17 | <Directory /srv/web/ipfire/html> |
| 90c973a6 MT |
18 | Options ExecCGI |
| 19 | AllowOverride None | |
| d41fe99f | 20 | Require all granted |
| 90c973a6 | 21 | </Directory> |
| d733119b | 22 | <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)"> |
| 90c973a6 MT |
23 | AuthName "IPFire - Restricted" |
| 24 | AuthType Basic | |
| 25 | AuthUserFile /var/ipfire/auth/users | |
| 26 | Require user admin | |
| 27 | </DirectoryMatch> | |
| d733119b MT |
28 | ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ |
| 29 | <Directory /srv/web/ipfire/cgi-bin> | |
| 90c973a6 | 30 | AllowOverride None |
| 810a7ea2 | 31 | Options ExecCGI |
| 90c973a6 MT |
32 | AuthName "IPFire - Restricted" |
| 33 | AuthType Basic | |
| 34 | AuthUserFile /var/ipfire/auth/users | |
| 35 | Require user admin | |
| d41fe99f WA |
36 | <Files chpasswd.cgi> |
| 37 | Require all granted | |
| 90c973a6 MT |
38 | </Files> |
| 39 | <Files webaccess.cgi> | |
| d41fe99f | 40 | Require all granted |
| 90c973a6 | 41 | </Files> |
| 90c973a6 MT |
42 | <Files dial.cgi> |
| 43 | Require user admin | |
| 44 | </Files> | |
| 45 | </Directory> | |
| d733119b | 46 | <Directory /srv/web/ipfire/cgi-bin/dial> |
| 90c973a6 MT |
47 | AllowOverride None |
| 48 | Options None | |
| 49 | AuthName "IPFire - Restricted" | |
| 50 | AuthType Basic | |
| 51 | AuthUserFile /var/ipfire/auth/users | |
| 52 | Require user dial admin | |
| 53 | </Directory> | |
| 54 | <Files ~ "\.(cgi|shtml?)$"> | |
| 55 | SSLOptions +StdEnvVars | |
| 56 | </Files> | |
| d733119b | 57 | <Directory /srv/web/ipfire/cgi-bin> |
| 90c973a6 MT |
58 | SSLOptions +StdEnvVars |
| 59 | </Directory> | |
| 60 | SetEnv HOME /home/nobody | |
| 61 | SetEnvIf User-Agent ".*MSIE.*" \ | |
| 62 | nokeepalive ssl-unclean-shutdown \ | |
| 63 | downgrade-1.0 force-response-1.0 | |
| 64 | CustomLog /var/log/httpd/ssl_request_log \ | |
| 65 | "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | |
| 0bc58278 AF |
66 | |
| 67 | Alias /updatecache/ /var/updatecache/ | |
| 68 | <Directory /var/updatecache> | |
| 69 | Options ExecCGI | |
| 70 | AllowOverride None | |
| d41fe99f | 71 | Require all granted |
| 0bc58278 | 72 | </Directory> |
| 7e620487 | 73 | |
| a4c76879 | 74 | Alias /repository/ /var/urlrepo/ |
| 7e620487 CS |
75 | <Directory /var/urlrepo> |
| 76 | Options ExecCGI | |
| 77 | AllowOverride None | |
| d41fe99f | 78 | Require all granted |
| 7e620487 | 79 | </Directory> |
| f8716194 MT |
80 | |
| 81 | Alias /proxy-reports/ /var/log/sarg/ | |
| 82 | <Directory /var/log/sarg> | |
| 83 | AllowOverride None | |
| 84 | Options None | |
| 85 | AuthName "IPFire - Restricted" | |
| 86 | AuthType Basic | |
| 87 | AuthUserFile /var/ipfire/auth/users | |
| 88 | Require user admin | |
| 89 | </Directory> | |
| 90c973a6 | 90 | </VirtualHost> |