0d0fa98e0e4cbc8e86a75822fc76aa2a0ba19d6b
[people/pmueller/ipfire-2.x.git] / config / httpd / vhosts.d / ipfire-interface-ssl.conf
1 <VirtualHost *:444>
2
3 RewriteEngine on
4 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
5 RewriteRule .* - [F]
6 DocumentRoot /srv/web/ipfire/html
7 ServerAdmin root@localhost
8 ErrorLog /var/log/httpd/error_log
9 TransferLog /var/log/httpd/access_log
10 SSLEngine on
11 SSLProtocol all -SSLv2
12 SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
13 SSLCertificateFile /etc/httpd/server.crt
14 SSLCertificateKeyFile /etc/httpd/server.key
15
16 <Directory /srv/web/ipfire/html>
17 Options ExecCGI
18 AllowOverride None
19 Order allow,deny
20 Allow from all
21 </Directory>
22 <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
23 AuthName "IPFire - Restricted"
24 AuthType Basic
25 AuthUserFile /var/ipfire/auth/users
26 Require user admin
27 </DirectoryMatch>
28 ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
29 <Directory /srv/web/ipfire/cgi-bin>
30 AllowOverride None
31 Options ExecCGI
32 AuthName "IPFire - Restricted"
33 AuthType Basic
34 AuthUserFile /var/ipfire/auth/users
35 Require user admin
36 <Files chpasswd.cgi>
37 Satisfy Any
38 Allow from All
39 </Files>
40 <Files webaccess.cgi>
41 Satisfy Any
42 Allow from All
43 </Files>
44 <Files credits.cgi>
45 Satisfy Any
46 Allow from All
47 </Files>
48 <Files dial.cgi>
49 Require user admin
50 </Files>
51 </Directory>
52 <Directory /srv/web/ipfire/cgi-bin/dial>
53 AllowOverride None
54 Options None
55 AuthName "IPFire - Restricted"
56 AuthType Basic
57 AuthUserFile /var/ipfire/auth/users
58 Require user dial admin
59 </Directory>
60 <Files ~ "\.(cgi|shtml?)$">
61 SSLOptions +StdEnvVars
62 </Files>
63 <Directory /srv/web/ipfire/cgi-bin>
64 SSLOptions +StdEnvVars
65 </Directory>
66 SetEnv HOME /home/nobody
67 SetEnvIf User-Agent ".*MSIE.*" \
68 nokeepalive ssl-unclean-shutdown \
69 downgrade-1.0 force-response-1.0
70 CustomLog /var/log/httpd/ssl_request_log \
71 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
72 </VirtualHost>