config/httpd/vhosts.d/ipfire-interface-ssl.conf

   1 <VirtualHost *:444>
   2
   3     RewriteEngine on
   4     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
   5     RewriteRule .* - [F]
   6     DocumentRoot /srv/web/ipfire/html
   7     ServerAdmin root@localhost
   8     ErrorLog /var/log/httpd/error_log
   9     TransferLog /var/log/httpd/access_log
  10     SSLEngine on
  11     SSLProtocol all -SSLv2 -SSLv3
  12     SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA
  13     SSLHonorCipherOrder on
  14     SSLCertificateFile /etc/httpd/server.crt
  15     SSLCertificateKeyFile /etc/httpd/server.key
  16     SSLCertificateFile /etc/httpd/server-ecdsa.crt
  17     SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
  18
  19     <Directory /srv/web/ipfire/html>
  20         Options ExecCGI
  21         AllowOverride None
  22         Require all granted
  23     </Directory>
  24     <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
  25         AuthName "IPFire - Restricted"
  26         AuthType Basic
  27         AuthUserFile /var/ipfire/auth/users
  28         Require user admin
  29     </DirectoryMatch>
  30     ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
  31     <Directory /srv/web/ipfire/cgi-bin>
  32         AllowOverride None
  33         Options ExecCGI
  34         AuthName "IPFire - Restricted"
  35         AuthType Basic
  36         AuthUserFile /var/ipfire/auth/users
  37         Require user admin
  38         <Files chpasswd.cgi>
  39             Require all granted
  40         </Files>
  41         <Files webaccess.cgi>
  42             Require all granted
  43         </Files>
  44     </Directory>
  45     <Files ~ "\.(cgi|shtml?)$">
  46         SSLOptions +StdEnvVars
  47     </Files>
  48     <Directory /srv/web/ipfire/cgi-bin>
  49         SSLOptions +StdEnvVars
  50     </Directory>
  51     SetEnv HOME /home/nobody
  52     SetEnvIf User-Agent ".*MSIE.*" \
  53         nokeepalive ssl-unclean-shutdown \
  54         downgrade-1.0 force-response-1.0
  55     CustomLog /var/log/httpd/ssl_request_log \
  56         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  57
  58     Alias /updatecache/ /var/updatecache/
  59         <Directory /var/updatecache>
  60                  Options ExecCGI
  61                  AllowOverride None
  62                  Require all granted
  63         </Directory>
  64
  65     Alias /repository/ /var/urlrepo/
  66         <Directory /var/urlrepo>
  67                  Options ExecCGI
  68                  AllowOverride None
  69                  Require all granted
  70         </Directory>
  71
  72     Alias /proxy-reports/ /var/log/sarg/
  73     <Directory /var/log/sarg>
  74         AllowOverride None
  75         Options None
  76         AuthName "IPFire - Restricted"
  77         AuthType Basic
  78         AuthUserFile /var/ipfire/auth/users
  79         Require user admin
  80     </Directory>
  81 </VirtualHost>