config/httpd/vhosts.d/ipfire-interface-ssl.conf

   1 <VirtualHost *:444>
   2
   3     RewriteEngine on
   4     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
   5     RewriteRule .* - [F]
   6     DocumentRoot /srv/web/ipfire/html
   7     ServerAdmin root@localhost
   8     ErrorLog /var/log/httpd/error_log
   9     TransferLog /var/log/httpd/access_log
  10     SSLEngine on
  11     SSLProtocol all -SSLv2 -SSLv3
  12     SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
  13     SSLHonorCipherOrder on
  14     SSLCertificateFile /etc/httpd/server.crt
  15     SSLCertificateKeyFile /etc/httpd/server.key
  16
  17     <Directory /srv/web/ipfire/html>
  18         Options ExecCGI
  19         AllowOverride None
  20         Order allow,deny
  21         Allow from all
  22     </Directory>
  23     <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
  24         AuthName "IPFire - Restricted"
  25         AuthType Basic
  26         AuthUserFile /var/ipfire/auth/users
  27         Require user admin
  28     </DirectoryMatch>
  29     ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
  30     <Directory /srv/web/ipfire/cgi-bin>
  31         AllowOverride None
  32         Options ExecCGI
  33         AuthName "IPFire - Restricted"
  34         AuthType Basic
  35         AuthUserFile /var/ipfire/auth/users
  36         Require user admin
  37          <Files chpasswd.cgi>
  38             Satisfy Any
  39             Allow from All
  40         </Files>
  41         <Files webaccess.cgi>
  42             Satisfy Any
  43             Allow from All
  44         </Files>
  45         <Files dial.cgi>
  46             Require user admin
  47         </Files>
  48     </Directory>
  49     <Directory /srv/web/ipfire/cgi-bin/dial>
  50         AllowOverride None
  51         Options None
  52         AuthName "IPFire - Restricted"
  53         AuthType Basic
  54         AuthUserFile /var/ipfire/auth/users
  55         Require user dial admin
  56     </Directory>
  57     <Files ~ "\.(cgi|shtml?)$">
  58         SSLOptions +StdEnvVars
  59     </Files>
  60     <Directory /srv/web/ipfire/cgi-bin>
  61         SSLOptions +StdEnvVars
  62     </Directory>
  63     SetEnv HOME /home/nobody
  64     SetEnvIf User-Agent ".*MSIE.*" \
  65         nokeepalive ssl-unclean-shutdown \
  66         downgrade-1.0 force-response-1.0
  67     CustomLog /var/log/httpd/ssl_request_log \
  68         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  69
  70     Alias /updatecache/ /var/updatecache/
  71         <Directory /var/updatecache>
  72                  Options ExecCGI
  73                  AllowOverride None
  74                  Order deny,allow
  75                  Allow from all
  76         </Directory>
  77
  78     Alias /repository/ /var/urlrepo/
  79         <Directory /var/urlrepo>
  80                  Options ExecCGI
  81                  AllowOverride None
  82                  Order deny,allow
  83                  Allow from all
  84         </Directory>
  85
  86     Alias /proxy-reports/ /var/log/sarg/
  87     <Directory /var/log/sarg>
  88         AllowOverride None
  89         Options None
  90         AuthName "IPFire - Restricted"
  91         AuthType Basic
  92         AuthUserFile /var/ipfire/auth/users
  93         Require user admin
  94     </Directory>
  95 </VirtualHost>