RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) RewriteRule .* - [F] DocumentRoot /srv/web/ipfire/html ServerAdmin root@localhost ErrorLog /var/log/httpd/error_log TransferLog /var/log/httpd/access_log SSLEngine on SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off SSLCertificateFile /etc/httpd/server.crt SSLCertificateKeyFile /etc/httpd/server.key SSLCertificateFile /etc/httpd/server-ecdsa.crt SSLCertificateKeyFile /etc/httpd/server-ecdsa.key Header always set X-Content-Type-Options nosniff Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'" Options ExecCGI AllowOverride None Require all granted AuthName "IPFire - Restricted" AuthType Basic AuthUserFile /var/ipfire/auth/users Require user admin Require ssl ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ AllowOverride None Options ExecCGI AuthName "IPFire - Restricted" AuthType Basic AuthUserFile /var/ipfire/auth/users Require user admin Require ssl Require all granted Require all granted SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnv HOME /home/nobody SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/httpd/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" Alias /updatecache/ /var/updatecache/ Options ExecCGI AllowOverride None Require all granted Alias /repository/ /var/urlrepo/ Options ExecCGI AllowOverride None Require all granted Alias /proxy-reports/ /var/log/sarg/ AllowOverride None Options None AuthName "IPFire - Restricted" AuthType Basic AuthUserFile /var/ipfire/auth/users Require user admin Require ssl