[people/pmueller/ipfire-2.x.git] / config / httpd / vhosts.d / ipfire-interface-ssl.conf

<VirtualHost *:444>

    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
    RewriteRule .* - [F]
    DocumentRoot /srv/web/ipfire/html
    ServerAdmin root@localhost
    ErrorLog /var/log/httpd/error_log
    TransferLog /var/log/httpd/access_log
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
    SSLCertificateFile /etc/httpd/server.crt
    SSLCertificateKeyFile /etc/httpd/server.key

    PerlRequire /usr/lib/apache/startup.pl
    PerlWarn On

    <Directory /srv/web/ipfire/html>
        Options ExecCGI
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>
    <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
        AuthName "IPFire - Restricted"
        AuthType Basic
        AuthUserFile /var/ipfire/auth/users
        Require user admin
    </DirectoryMatch>
    ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
    <Directory /srv/web/ipfire/cgi-bin>
        AllowOverride None
        Options ExecCGI
	SetHandler perl-script
	PerlSendHeader On
	PerlHandler ModPerl::Registry
        AuthName "IPFire - Restricted"
        AuthType Basic
        AuthUserFile /var/ipfire/auth/users
        Require user admin
         <Files chpasswd.cgi>
            Satisfy Any
            Allow from All
        </Files>
        <Files webaccess.cgi>
            Satisfy Any
            Allow from All
        </Files>
        <Files credits.cgi>
            Satisfy Any
            Allow from All
        </Files>
        <Files dial.cgi>
            Require user admin
        </Files>
    </Directory>
    <Directory /srv/web/ipfire/cgi-bin/dial>
        AllowOverride None
        Options None
        AuthName "IPFire - Restricted"
        AuthType Basic
        AuthUserFile /var/ipfire/auth/users
        Require user dial admin
    </Directory>
    <Files ~ "\.(cgi|shtml?)$">
	SSLOptions +StdEnvVars
    </Files>
    <Directory /srv/web/ipfire/cgi-bin>
	SSLOptions +StdEnvVars
    </Directory>
    SetEnv HOME /home/nobody
    SetEnvIf User-Agent ".*MSIE.*" \
	nokeepalive ssl-unclean-shutdown \
	downgrade-1.0 force-response-1.0
    CustomLog /var/log/httpd/ssl_request_log \
	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Commit	Line	Data
90c973a6 MT	1	<VirtualHost *:444>
	2
	3	RewriteEngine on
	4	RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK\|OPTIONS)
	5	RewriteRule .* - [F]
d733119b	6	DocumentRoot /srv/web/ipfire/html
90c973a6 MT	7	ServerAdmin root@localhost
	8	ErrorLog /var/log/httpd/error_log
	9	TransferLog /var/log/httpd/access_log
	10	SSLEngine on
	11	SSLProtocol all -SSLv2
	12	SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
	13	SSLCertificateFile /etc/httpd/server.crt
	14	SSLCertificateKeyFile /etc/httpd/server.key
810a7ea2 MT	15
	16	PerlRequire /usr/lib/apache/startup.pl
	17	PerlWarn On
	18
d733119b	19	<Directory /srv/web/ipfire/html>
90c973a6 MT	20	Options ExecCGI
	21	AllowOverride None
	22	Order allow,deny
	23	Allow from all
	24	</Directory>
d733119b	25	<DirectoryMatch "/srv/web/ipfire/html/(graphs\|sgraph)">
90c973a6 MT	26	AuthName "IPFire - Restricted"
	27	AuthType Basic
	28	AuthUserFile /var/ipfire/auth/users
	29	Require user admin
	30	</DirectoryMatch>
d733119b MT	31	ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
d733119b MT	32	<Directory /srv/web/ipfire/cgi-bin>
90c973a6	33	AllowOverride None
810a7ea2 MT	34	Options ExecCGI
	35	SetHandler perl-script
	36	PerlSendHeader On
	37	PerlHandler ModPerl::Registry
90c973a6 MT	38	AuthName "IPFire - Restricted"
	39	AuthType Basic
	40	AuthUserFile /var/ipfire/auth/users
	41	Require user admin
	42	<Files chpasswd.cgi>
	43	Satisfy Any
	44	Allow from All
	45	</Files>
	46	<Files webaccess.cgi>
	47	Satisfy Any
	48	Allow from All
	49	</Files>
	50	<Files credits.cgi>
	51	Satisfy Any
	52	Allow from All
	53	</Files>
	54	<Files dial.cgi>
	55	Require user admin
	56	</Files>
	57	</Directory>
d733119b	58	<Directory /srv/web/ipfire/cgi-bin/dial>
90c973a6 MT	59	AllowOverride None
	60	Options None
	61	AuthName "IPFire - Restricted"
	62	AuthType Basic
	63	AuthUserFile /var/ipfire/auth/users
	64	Require user dial admin
	65	</Directory>
	66	<Files ~ "\.(cgi\|shtml?)$">
	67	SSLOptions +StdEnvVars
	68	</Files>
d733119b	69	<Directory /srv/web/ipfire/cgi-bin>
90c973a6 MT	70	SSLOptions +StdEnvVars
	71	</Directory>
	72	SetEnv HOME /home/nobody
	73	SetEnvIf User-Agent ".MSIE." \
	74	nokeepalive ssl-unclean-shutdown \
	75	downgrade-1.0 force-response-1.0
	76	CustomLog /var/log/httpd/ssl_request_log \
	77	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
	78	</VirtualHost>