cc3cb1d90707f0c834b370b2303f6ac672857591
[people/teissler/ipfire-2.x.git] / config / httpd / vhosts.d / ipfire-interface-ssl.conf
1 <VirtualHost *:444>
2
3 RewriteEngine on
4 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
5 RewriteRule .* - [F]
6 DocumentRoot /srv/web/ipfire/html
7 ServerAdmin root@localhost
8 ErrorLog /var/log/httpd/error_log
9 TransferLog /var/log/httpd/access_log
10 SSLEngine on
11 SSLProtocol all -SSLv2
12 SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
13 SSLCertificateFile /etc/httpd/server.crt
14 SSLCertificateKeyFile /etc/httpd/server.key
15
16 <Directory /srv/web/ipfire/html>
17 Options ExecCGI
18 AllowOverride None
19 Order allow,deny
20 Allow from all
21 </Directory>
22 <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
23 AuthName "IPFire - Restricted"
24 AuthType Basic
25 AuthUserFile /var/ipfire/auth/users
26 Require user admin
27 </DirectoryMatch>
28 ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
29 <Directory /srv/web/ipfire/cgi-bin>
30 AllowOverride None
31 Options ExecCGI
32 AuthName "IPFire - Restricted"
33 AuthType Basic
34 AuthUserFile /var/ipfire/auth/users
35 Require user admin
36 <Files chpasswd.cgi>
37 Satisfy Any
38 Allow from All
39 </Files>
40 <Files webaccess.cgi>
41 Satisfy Any
42 Allow from All
43 </Files>
44 <Files credits.cgi>
45 Satisfy Any
46 Allow from All
47 </Files>
48 <Files dial.cgi>
49 Require user admin
50 </Files>
51 </Directory>
52 <Directory /srv/web/ipfire/cgi-bin/dial>
53 AllowOverride None
54 Options None
55 AuthName "IPFire - Restricted"
56 AuthType Basic
57 AuthUserFile /var/ipfire/auth/users
58 Require user dial admin
59 </Directory>
60 <Files ~ "\.(cgi|shtml?)$">
61 SSLOptions +StdEnvVars
62 </Files>
63 <Directory /srv/web/ipfire/cgi-bin>
64 SSLOptions +StdEnvVars
65 </Directory>
66 SetEnv HOME /home/nobody
67 SetEnvIf User-Agent ".*MSIE.*" \
68 nokeepalive ssl-unclean-shutdown \
69 downgrade-1.0 force-response-1.0
70 CustomLog /var/log/httpd/ssl_request_log \
71 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
72
73 Alias /updatecache/ /var/updatecache/
74 <Directory /var/updatecache>
75 Options ExecCGI
76 AllowOverride None
77 Order deny,allow
78 Allow from all
79 </Directory>
80
81 Alias /repository/ /var/urlrepo/
82 <Directory /var/urlrepo>
83 Options ExecCGI
84 AllowOverride None
85 Order deny,allow
86 Allow from all
87 </Directory>
88
89 Alias /proxy-reports/ /var/log/sarg/
90 <Directory /var/log/sarg>
91 AllowOverride None
92 Options None
93 AuthName "IPFire - Restricted"
94 AuthType Basic
95 AuthUserFile /var/ipfire/auth/users
96 Require user admin
97 </Directory>
98 </VirtualHost>