apache: Update cipher suite that is used for the web user interface.
[people/teissler/ipfire-2.x.git] / config / httpd / vhosts.d / ipfire-interface-ssl.conf
CommitLineData
90c973a6
MT
1<VirtualHost *:444>
2
3 RewriteEngine on
4 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
5 RewriteRule .* - [F]
d733119b 6 DocumentRoot /srv/web/ipfire/html
90c973a6
MT
7 ServerAdmin root@localhost
8 ErrorLog /var/log/httpd/error_log
9 TransferLog /var/log/httpd/access_log
10 SSLEngine on
11 SSLProtocol all -SSLv2
69776cc4
MT
12 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
13 SSLHonorCipherOrder on
90c973a6
MT
14 SSLCertificateFile /etc/httpd/server.crt
15 SSLCertificateKeyFile /etc/httpd/server.key
810a7ea2 16
d733119b 17 <Directory /srv/web/ipfire/html>
90c973a6
MT
18 Options ExecCGI
19 AllowOverride None
20 Order allow,deny
21 Allow from all
22 </Directory>
d733119b 23 <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
90c973a6
MT
24 AuthName "IPFire - Restricted"
25 AuthType Basic
26 AuthUserFile /var/ipfire/auth/users
27 Require user admin
28 </DirectoryMatch>
d733119b
MT
29 ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
30 <Directory /srv/web/ipfire/cgi-bin>
90c973a6 31 AllowOverride None
810a7ea2 32 Options ExecCGI
90c973a6
MT
33 AuthName "IPFire - Restricted"
34 AuthType Basic
35 AuthUserFile /var/ipfire/auth/users
36 Require user admin
37 <Files chpasswd.cgi>
38 Satisfy Any
39 Allow from All
40 </Files>
41 <Files webaccess.cgi>
42 Satisfy Any
43 Allow from All
44 </Files>
45 <Files credits.cgi>
46 Satisfy Any
47 Allow from All
48 </Files>
49 <Files dial.cgi>
50 Require user admin
51 </Files>
52 </Directory>
d733119b 53 <Directory /srv/web/ipfire/cgi-bin/dial>
90c973a6
MT
54 AllowOverride None
55 Options None
56 AuthName "IPFire - Restricted"
57 AuthType Basic
58 AuthUserFile /var/ipfire/auth/users
59 Require user dial admin
60 </Directory>
61 <Files ~ "\.(cgi|shtml?)$">
62 SSLOptions +StdEnvVars
63 </Files>
d733119b 64 <Directory /srv/web/ipfire/cgi-bin>
90c973a6
MT
65 SSLOptions +StdEnvVars
66 </Directory>
67 SetEnv HOME /home/nobody
68 SetEnvIf User-Agent ".*MSIE.*" \
69 nokeepalive ssl-unclean-shutdown \
70 downgrade-1.0 force-response-1.0
71 CustomLog /var/log/httpd/ssl_request_log \
72 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
0bc58278
AF
73
74 Alias /updatecache/ /var/updatecache/
75 <Directory /var/updatecache>
76 Options ExecCGI
77 AllowOverride None
78 Order deny,allow
79 Allow from all
80 </Directory>
7e620487 81
a4c76879 82 Alias /repository/ /var/urlrepo/
7e620487
CS
83 <Directory /var/urlrepo>
84 Options ExecCGI
85 AllowOverride None
86 Order deny,allow
87 Allow from all
88 </Directory>
f8716194
MT
89
90 Alias /proxy-reports/ /var/log/sarg/
91 <Directory /var/log/sarg>
92 AllowOverride None
93 Options None
94 AuthName "IPFire - Restricted"
95 AuthType Basic
96 AuthUserFile /var/ipfire/auth/users
97 Require user admin
98 </Directory>
90c973a6 99</VirtualHost>