]>
Commit | Line | Data |
---|---|---|
1 | <VirtualHost *:444> | |
2 | ||
3 | RewriteEngine on | |
4 | RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) | |
5 | RewriteRule .* - [F] | |
6 | DocumentRoot /srv/web/ipfire/html | |
7 | ServerAdmin root@localhost | |
8 | ErrorLog /var/log/httpd/error_log | |
9 | TransferLog /var/log/httpd/access_log | |
10 | SSLEngine on | |
11 | SSLProtocol all -SSLv2 -SSLv3 | |
12 | SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA | |
13 | SSLHonorCipherOrder on | |
14 | SSLCertificateFile /etc/httpd/server.crt | |
15 | SSLCertificateKeyFile /etc/httpd/server.key | |
16 | SSLCertificateFile /etc/httpd/server-ecdsa.crt | |
17 | SSLCertificateKeyFile /etc/httpd/server-ecdsa.key | |
18 | ||
19 | <Directory /srv/web/ipfire/html> | |
20 | Options ExecCGI | |
21 | AllowOverride None | |
22 | Require all granted | |
23 | </Directory> | |
24 | <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)"> | |
25 | AuthName "IPFire - Restricted" | |
26 | AuthType Basic | |
27 | AuthUserFile /var/ipfire/auth/users | |
28 | <RequireAll> | |
29 | Require user admin | |
30 | Require ssl | |
31 | </RequireAll> | |
32 | </DirectoryMatch> | |
33 | ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ | |
34 | <Directory /srv/web/ipfire/cgi-bin> | |
35 | AllowOverride None | |
36 | Options ExecCGI | |
37 | AuthName "IPFire - Restricted" | |
38 | AuthType Basic | |
39 | AuthUserFile /var/ipfire/auth/users | |
40 | <RequireAll> | |
41 | Require user admin | |
42 | Require ssl | |
43 | </RequireAll> | |
44 | <Files chpasswd.cgi> | |
45 | Require all granted | |
46 | </Files> | |
47 | <Files webaccess.cgi> | |
48 | Require all granted | |
49 | </Files> | |
50 | </Directory> | |
51 | <Files ~ "\.(cgi|shtml?)$"> | |
52 | SSLOptions +StdEnvVars | |
53 | </Files> | |
54 | <Directory /srv/web/ipfire/cgi-bin> | |
55 | SSLOptions +StdEnvVars | |
56 | </Directory> | |
57 | SetEnv HOME /home/nobody | |
58 | SetEnvIf User-Agent ".*MSIE.*" \ | |
59 | nokeepalive ssl-unclean-shutdown \ | |
60 | downgrade-1.0 force-response-1.0 | |
61 | CustomLog /var/log/httpd/ssl_request_log \ | |
62 | "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | |
63 | ||
64 | Alias /updatecache/ /var/updatecache/ | |
65 | <Directory /var/updatecache> | |
66 | Options ExecCGI | |
67 | AllowOverride None | |
68 | Require all granted | |
69 | </Directory> | |
70 | ||
71 | Alias /repository/ /var/urlrepo/ | |
72 | <Directory /var/urlrepo> | |
73 | Options ExecCGI | |
74 | AllowOverride None | |
75 | Require all granted | |
76 | </Directory> | |
77 | ||
78 | Alias /proxy-reports/ /var/log/sarg/ | |
79 | <Directory /var/log/sarg> | |
80 | AllowOverride None | |
81 | Options None | |
82 | AuthName "IPFire - Restricted" | |
83 | AuthType Basic | |
84 | AuthUserFile /var/ipfire/auth/users | |
85 | <RequireAll> | |
86 | Require user admin | |
87 | Require ssl | |
88 | </RequireAll> | |
89 | </Directory> | |
90 | </VirtualHost> |