apache: Update cipher suite that is used for the web user interface.
[people/teissler/ipfire-2.x.git] / config / httpd / vhosts.d / ipfire-interface-ssl.conf
1 <VirtualHost *:444>
2
3 RewriteEngine on
4 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
5 RewriteRule .* - [F]
6 DocumentRoot /srv/web/ipfire/html
7 ServerAdmin root@localhost
8 ErrorLog /var/log/httpd/error_log
9 TransferLog /var/log/httpd/access_log
10 SSLEngine on
11 SSLProtocol all -SSLv2
12 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
13 SSLHonorCipherOrder on
14 SSLCertificateFile /etc/httpd/server.crt
15 SSLCertificateKeyFile /etc/httpd/server.key
16
17 <Directory /srv/web/ipfire/html>
18 Options ExecCGI
19 AllowOverride None
20 Order allow,deny
21 Allow from all
22 </Directory>
23 <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
24 AuthName "IPFire - Restricted"
25 AuthType Basic
26 AuthUserFile /var/ipfire/auth/users
27 Require user admin
28 </DirectoryMatch>
29 ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
30 <Directory /srv/web/ipfire/cgi-bin>
31 AllowOverride None
32 Options ExecCGI
33 AuthName "IPFire - Restricted"
34 AuthType Basic
35 AuthUserFile /var/ipfire/auth/users
36 Require user admin
37 <Files chpasswd.cgi>
38 Satisfy Any
39 Allow from All
40 </Files>
41 <Files webaccess.cgi>
42 Satisfy Any
43 Allow from All
44 </Files>
45 <Files credits.cgi>
46 Satisfy Any
47 Allow from All
48 </Files>
49 <Files dial.cgi>
50 Require user admin
51 </Files>
52 </Directory>
53 <Directory /srv/web/ipfire/cgi-bin/dial>
54 AllowOverride None
55 Options None
56 AuthName "IPFire - Restricted"
57 AuthType Basic
58 AuthUserFile /var/ipfire/auth/users
59 Require user dial admin
60 </Directory>
61 <Files ~ "\.(cgi|shtml?)$">
62 SSLOptions +StdEnvVars
63 </Files>
64 <Directory /srv/web/ipfire/cgi-bin>
65 SSLOptions +StdEnvVars
66 </Directory>
67 SetEnv HOME /home/nobody
68 SetEnvIf User-Agent ".*MSIE.*" \
69 nokeepalive ssl-unclean-shutdown \
70 downgrade-1.0 force-response-1.0
71 CustomLog /var/log/httpd/ssl_request_log \
72 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
73
74 Alias /updatecache/ /var/updatecache/
75 <Directory /var/updatecache>
76 Options ExecCGI
77 AllowOverride None
78 Order deny,allow
79 Allow from all
80 </Directory>
81
82 Alias /repository/ /var/urlrepo/
83 <Directory /var/urlrepo>
84 Options ExecCGI
85 AllowOverride None
86 Order deny,allow
87 Allow from all
88 </Directory>
89
90 Alias /proxy-reports/ /var/log/sarg/
91 <Directory /var/log/sarg>
92 AllowOverride None
93 Options None
94 AuthName "IPFire - Restricted"
95 AuthType Basic
96 AuthUserFile /var/ipfire/auth/users
97 Require user admin
98 </Directory>
99 </VirtualHost>