config/httpd/vhosts.d/ipfire-interface-ssl.conf

   1 <VirtualHost *:444>
   2
   3     RewriteEngine on
   4     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
   5     RewriteRule .* - [F]
   6     DocumentRoot /srv/web/ipfire/html
   7     ServerAdmin root@localhost
   8     ErrorLog /var/log/httpd/error_log
   9     TransferLog /var/log/httpd/access_log
  10     SSLEngine on
  11     SSLProtocol all -SSLv2 -SSLv3
  12     SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA
  13     SSLHonorCipherOrder on
  14     SSLCompression off
  15     SSLSessionTickets off
  16     SSLCertificateFile /etc/httpd/server.crt
  17     SSLCertificateKeyFile /etc/httpd/server.key
  18     SSLCertificateFile /etc/httpd/server-ecdsa.crt
  19     SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
  20
  21     <Directory /srv/web/ipfire/html>
  22         Options ExecCGI
  23         AllowOverride None
  24         Require all granted
  25     </Directory>
  26     <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
  27         AuthName "IPFire - Restricted"
  28         AuthType Basic
  29         AuthUserFile /var/ipfire/auth/users
  30         <RequireAll>
  31             Require user admin
  32             Require ssl
  33         </RequireAll>
  34     </DirectoryMatch>
  35     ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
  36     <Directory /srv/web/ipfire/cgi-bin>
  37         AllowOverride None
  38         Options ExecCGI
  39         AuthName "IPFire - Restricted"
  40         AuthType Basic
  41         AuthUserFile /var/ipfire/auth/users
  42         <RequireAll>
  43             Require user admin
  44             Require ssl
  45         </RequireAll>
  46         <Files chpasswd.cgi>
  47             Require all granted
  48         </Files>
  49         <Files webaccess.cgi>
  50             Require all granted
  51         </Files>
  52     </Directory>
  53     <Files ~ "\.(cgi|shtml?)$">
  54         SSLOptions +StdEnvVars
  55     </Files>
  56     <Directory /srv/web/ipfire/cgi-bin>
  57         SSLOptions +StdEnvVars
  58     </Directory>
  59     SetEnv HOME /home/nobody
  60     SetEnvIf User-Agent ".*MSIE.*" \
  61         nokeepalive ssl-unclean-shutdown \
  62         downgrade-1.0 force-response-1.0
  63     CustomLog /var/log/httpd/ssl_request_log \
  64         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  65
  66     Alias /updatecache/ /var/updatecache/
  67         <Directory /var/updatecache>
  68                  Options ExecCGI
  69                  AllowOverride None
  70                  Require all granted
  71         </Directory>
  72
  73     Alias /repository/ /var/urlrepo/
  74         <Directory /var/urlrepo>
  75                  Options ExecCGI
  76                  AllowOverride None
  77                  Require all granted
  78         </Directory>
  79
  80     Alias /proxy-reports/ /var/log/sarg/
  81     <Directory /var/log/sarg>
  82         AllowOverride None
  83         Options None
  84         AuthName "IPFire - Restricted"
  85         AuthType Basic
  86         AuthUserFile /var/ipfire/auth/users
  87         <RequireAll>
  88             Require user admin
  89             Require ssl
  90         </RequireAll>
  91     </Directory>
  92 </VirtualHost>