config/httpd/vhosts.d/ipfire-interface-ssl.conf

   1 <VirtualHost *:444>
   2
   3     RewriteEngine on
   4     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
   5     RewriteRule .* - [F]
   6     DocumentRoot /srv/web/ipfire/html
   7     ServerAdmin root@localhost
   8     ErrorLog /var/log/httpd/error_log
   9     TransferLog /var/log/httpd/access_log
  10     SSLEngine on
  11     SSLProtocol all -SSLv2
  12     SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
  13     SSLCertificateFile /etc/httpd/server.crt
  14     SSLCertificateKeyFile /etc/httpd/server.key
  15
  16     PerlRequire /usr/lib/apache/startup.pl
  17     PerlWarn On
  18
  19     <Directory /srv/web/ipfire/html>
  20         Options ExecCGI
  21         AllowOverride None
  22         Order allow,deny
  23         Allow from all
  24     </Directory>
  25     <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
  26         AuthName "IPFire - Restricted"
  27         AuthType Basic
  28         AuthUserFile /var/ipfire/auth/users
  29         Require user admin
  30     </DirectoryMatch>
  31     ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
  32     <Directory /srv/web/ipfire/cgi-bin>
  33         AllowOverride None
  34         Options ExecCGI
  35         SetHandler perl-script
  36         PerlSendHeader On
  37         PerlHandler ModPerl::Registry
  38         AuthName "IPFire - Restricted"
  39         AuthType Basic
  40         AuthUserFile /var/ipfire/auth/users
  41         Require user admin
  42          <Files chpasswd.cgi>
  43             Satisfy Any
  44             Allow from All
  45         </Files>
  46         <Files webaccess.cgi>
  47             Satisfy Any
  48             Allow from All
  49         </Files>
  50         <Files credits.cgi>
  51             Satisfy Any
  52             Allow from All
  53         </Files>
  54         <Files dial.cgi>
  55             Require user admin
  56         </Files>
  57     </Directory>
  58     <Directory /srv/web/ipfire/cgi-bin/dial>
  59         AllowOverride None
  60         Options None
  61         AuthName "IPFire - Restricted"
  62         AuthType Basic
  63         AuthUserFile /var/ipfire/auth/users
  64         Require user dial admin
  65     </Directory>
  66     <Files ~ "\.(cgi|shtml?)$">
  67         SSLOptions +StdEnvVars
  68     </Files>
  69     <Directory /srv/web/ipfire/cgi-bin>
  70         SSLOptions +StdEnvVars
  71     </Directory>
  72     SetEnv HOME /home/nobody
  73     SetEnvIf User-Agent ".*MSIE.*" \
  74         nokeepalive ssl-unclean-shutdown \
  75         downgrade-1.0 force-response-1.0
  76     CustomLog /var/log/httpd/ssl_request_log \
  77         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  78 </VirtualHost>