config/httpd/vhosts.d/ipfire-interface-ssl.conf

   1 <VirtualHost *:444>
   2
   3     RewriteEngine on
   4     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
   5     RewriteRule .* - [F]
   6
   7     DocumentRoot /srv/web/ipfire/html
   8     ServerAdmin root@localhost
   9     ErrorLog /var/log/httpd/error_log
  10     TransferLog /var/log/httpd/access_log
  11
  12     SSLEngine on
  13     SSLProtocol all -SSLv2 -SSLv3
  14     SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA
  15     SSLHonorCipherOrder on
  16     SSLCompression off
  17     SSLSessionTickets off
  18     SSLCertificateFile /etc/httpd/server.crt
  19     SSLCertificateKeyFile /etc/httpd/server.key
  20     SSLCertificateFile /etc/httpd/server-ecdsa.crt
  21     SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
  22
  23     Header always set X-Content-Type-Options nosniff
  24
  25     <Directory /srv/web/ipfire/html>
  26         Options ExecCGI
  27         AllowOverride None
  28         Require all granted
  29     </Directory>
  30     <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
  31         AuthName "IPFire - Restricted"
  32         AuthType Basic
  33         AuthUserFile /var/ipfire/auth/users
  34         <RequireAll>
  35             Require user admin
  36             Require ssl
  37         </RequireAll>
  38     </DirectoryMatch>
  39     ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
  40     <Directory /srv/web/ipfire/cgi-bin>
  41         AllowOverride None
  42         Options ExecCGI
  43         AuthName "IPFire - Restricted"
  44         AuthType Basic
  45         AuthUserFile /var/ipfire/auth/users
  46         <RequireAll>
  47             Require user admin
  48             Require ssl
  49         </RequireAll>
  50         <Files chpasswd.cgi>
  51             Require all granted
  52         </Files>
  53         <Files webaccess.cgi>
  54             Require all granted
  55         </Files>
  56     </Directory>
  57     <Files ~ "\.(cgi|shtml?)$">
  58         SSLOptions +StdEnvVars
  59     </Files>
  60     <Directory /srv/web/ipfire/cgi-bin>
  61         SSLOptions +StdEnvVars
  62     </Directory>
  63     SetEnv HOME /home/nobody
  64     SetEnvIf User-Agent ".*MSIE.*" \
  65         nokeepalive ssl-unclean-shutdown \
  66         downgrade-1.0 force-response-1.0
  67     CustomLog /var/log/httpd/ssl_request_log \
  68         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  69
  70     Alias /updatecache/ /var/updatecache/
  71         <Directory /var/updatecache>
  72                  Options ExecCGI
  73                  AllowOverride None
  74                  Require all granted
  75         </Directory>
  76
  77     Alias /repository/ /var/urlrepo/
  78         <Directory /var/urlrepo>
  79                  Options ExecCGI
  80                  AllowOverride None
  81                  Require all granted
  82         </Directory>
  83
  84     Alias /proxy-reports/ /var/log/sarg/
  85     <Directory /var/log/sarg>
  86         AllowOverride None
  87         Options None
  88         AuthName "IPFire - Restricted"
  89         AuthType Basic
  90         AuthUserFile /var/ipfire/auth/users
  91         <RequireAll>
  92             Require user admin
  93             Require ssl
  94         </RequireAll>
  95     </Directory>
  96 </VirtualHost>