config/httpd/vhosts.d/ipfire-interface-ssl.conf

   1 <VirtualHost *:444>
   2
   3     RewriteEngine on
   4     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
   5     RewriteRule .* - [F]
   6     DocumentRoot /srv/web/ipfire/html
   7     ServerAdmin root@localhost
   8     ErrorLog /var/log/httpd/error_log
   9     TransferLog /var/log/httpd/access_log
  10     SSLEngine on
  11     SSLProtocol all -SSLv2 -SSLv3
  12     SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA
  13     SSLHonorCipherOrder on
  14     SSLCertificateFile /etc/httpd/server.crt
  15     SSLCertificateKeyFile /etc/httpd/server.key
  16     SSLCertificateFile /etc/httpd/server-ecdsa.crt
  17     SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
  18
  19     <Directory /srv/web/ipfire/html>
  20         Options ExecCGI
  21         AllowOverride None
  22         Require all granted
  23     </Directory>
  24     <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
  25         AuthName "IPFire - Restricted"
  26         AuthType Basic
  27         AuthUserFile /var/ipfire/auth/users
  28         <RequireAll>
  29             Require user admin
  30             Require ssl
  31         </RequireAll>
  32     </DirectoryMatch>
  33     ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
  34     <Directory /srv/web/ipfire/cgi-bin>
  35         AllowOverride None
  36         Options ExecCGI
  37         AuthName "IPFire - Restricted"
  38         AuthType Basic
  39         AuthUserFile /var/ipfire/auth/users
  40         <RequireAll>
  41             Require user admin
  42             Require ssl
  43         </RequireAll>
  44         <Files chpasswd.cgi>
  45             Require all granted
  46         </Files>
  47         <Files webaccess.cgi>
  48             Require all granted
  49         </Files>
  50     </Directory>
  51     <Files ~ "\.(cgi|shtml?)$">
  52         SSLOptions +StdEnvVars
  53     </Files>
  54     <Directory /srv/web/ipfire/cgi-bin>
  55         SSLOptions +StdEnvVars
  56     </Directory>
  57     SetEnv HOME /home/nobody
  58     SetEnvIf User-Agent ".*MSIE.*" \
  59         nokeepalive ssl-unclean-shutdown \
  60         downgrade-1.0 force-response-1.0
  61     CustomLog /var/log/httpd/ssl_request_log \
  62         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  63
  64     Alias /updatecache/ /var/updatecache/
  65         <Directory /var/updatecache>
  66                  Options ExecCGI
  67                  AllowOverride None
  68                  Require all granted
  69         </Directory>
  70
  71     Alias /repository/ /var/urlrepo/
  72         <Directory /var/urlrepo>
  73                  Options ExecCGI
  74                  AllowOverride None
  75                  Require all granted
  76         </Directory>
  77
  78     Alias /proxy-reports/ /var/log/sarg/
  79     <Directory /var/log/sarg>
  80         AllowOverride None
  81         Options None
  82         AuthName "IPFire - Restricted"
  83         AuthType Basic
  84         AuthUserFile /var/ipfire/auth/users
  85         <RequireAll>
  86             Require user admin
  87             Require ssl
  88         </RequireAll>
  89     </Directory>
  90 </VirtualHost>