[ipfire-2.x.git] / config / httpd / httpd.conf

##
## httpd.conf -- Apache HTTP server configuration file
##
## $Id: httpd.conf,v 1.15.2.7 2005/04/16 11:40:15 rkerr Exp $
##
ServerType standalone
ServerRoot /etc/httpd

LockFile /var/lock/httpd.lock
PidFile /var/run/httpd.pid
ScoreBoardFile /var/run/httpd.scoreboard
Timeout 900
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 1
MaxSpareServers 2
StartServers 2
MaxClients 10
MaxRequestsPerChild 100
Port 81
Listen 81
Listen 444
User nobody
Group nobody
ServerAdmin root@localhost
ServerTokens Prod
DocumentRoot /home/httpd/html
# Limit track/trace requests
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]

<Directory />
    Options None
    AllowOverride None
</Directory>
<Directory /home/httpd/html>
    Options ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
    AuthName "Restricted"
    AuthType Basic
    AuthUserFile CONFIG_ROOT/auth/users
    require user admin
</DirectoryMatch>
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
<Directory /home/httpd/cgi-bin>
    AllowOverride None
    Options None
    AuthName "Restricted"
    AuthType Basic
    AuthUserFile CONFIG_ROOT/auth/users
    Require user admin
    <Files index.cgi>
        Satisfy Any
        Allow from All
    </Files>
    <Files credits.cgi>
        Satisfy Any
        Allow from All
    </Files>
    <Files dial.cgi>
        Require user admin dial
    </Files>
</Directory>
<IfModule mod_dir.c>
    DirectoryIndex index.html index.htm index.shtml index.cgi
</IfModule>
AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>
<IfModule mod_mime.c>
    TypesConfig /etc/mime.types
</IfModule>
DefaultType text/plain

HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /var/log/httpd/access_log common
ServerSignature Off
AddHandler cgi-script .cgi
<IfModule mod_setenvif.c>
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>

###
### SSL Configuration
###
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/var/log/httpd/ssl_scache
SSLSessionCacheTimeout  900
SSLMutex  file:/var/log/httpd/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog      /var/log/httpd/ssl_engine_log
SSLLogLevel info

<VirtualHost _default_:444>
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
    RewriteRule .* - [F]
    DocumentRoot /home/httpd/html
    ServerAdmin root@localhost
    ErrorLog /var/log/httpd/error_log
    TransferLog /var/log/httpd/access_log
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
    SSLCertificateFile /etc/httpd/server.crt
    SSLCertificateKeyFile /etc/httpd/server.key
    <Files ~ "\.(cgi|shtml?)$">
        SSLOptions +StdEnvVars
    </Files>
    <Directory /home/httpd/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>
    SetEnv HOME /home/nobody
    SetEnvIf User-Agent ".*MSIE.*" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    CustomLog /var/log/httpd/ssl_request_log \
        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

<Directory /home/httpd/html/backup>
    Options None
    AllowOverride None
    AuthName "Restricted"
    AuthType Basic
    AuthUserFile /var/ipcop/auth/users
    require user admin
</Directory>

include /etc/httpd/conf/hostname.conf