4 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
7 DocumentRoot /srv/web/ipfire/html
8 ServerAdmin root@localhost
9 ErrorLog /var/log/httpd/error_log
10 TransferLog /var/log/httpd/access_log
13 SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
14 SSLCipherSuite AESGCM+EECDH:CHACHA20+EECDH:@STRENGTH:+aRSA
15 SSLHonorCipherOrder on
18 SSLCertificateFile /etc/httpd/server.crt
19 SSLCertificateKeyFile /etc/httpd/server.key
20 SSLCertificateFile /etc/httpd/server-ecdsa.crt
21 SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
23 Header always set X-Content-Type-Options nosniff
24 Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:"
25 Header always set Referrer-Policy strict-origin
26 Header always set X-Frame-Options sameorigin
28 <Directory /srv/web/ipfire/html>
33 <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
34 AuthName "IPFire - Restricted"
36 AuthUserFile /var/ipfire/auth/users
42 ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
43 <Directory /srv/web/ipfire/cgi-bin>
46 AuthName "IPFire - Restricted"
48 AuthUserFile /var/ipfire/auth/users
60 <Files ~ "\.(cgi|shtml?)$">
61 SSLOptions +StdEnvVars
63 <Directory /srv/web/ipfire/cgi-bin>
64 SSLOptions +StdEnvVars
66 SetEnv HOME /home/nobody
67 CustomLog /var/log/httpd/ssl_request_log \
68 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
70 Alias /updatecache/ /var/updatecache/
71 <Directory /var/updatecache>
77 Alias /repository/ /var/urlrepo/
78 <Directory /var/urlrepo>
84 Alias /proxy-reports/ /var/log/sarg/
85 <Directory /var/log/sarg>
88 AuthName "IPFire - Restricted"
90 AuthUserFile /var/ipfire/auth/users