]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blobdiff - config/httpd/vhosts.d/ipfire-interface-ssl.conf
projects / people / teissler / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
apache: Update cipher suite that is used for the web user interface.
[people/teissler/ipfire-2.x.git] / config / httpd / vhosts.d / ipfire-interface-ssl.conf
diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
index 0d0fa98e0e4cbc8e86a75822fc76aa2a0ba19d6b..dc6bb21ed5db166b6b00c076bb80fab40964c97d 100644 (file)
--- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
+++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
@@ -9,7 +9,8 @@
     TransferLog /var/log/httpd/access_log
     SSLEngine on
     SSLProtocol all -SSLv2
-    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
+    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
+    SSLHonorCipherOrder on
     SSLCertificateFile /etc/httpd/server.crt
     SSLCertificateKeyFile /etc/httpd/server.key
 
@@ -69,4 +70,30 @@
        downgrade-1.0 force-response-1.0
     CustomLog /var/log/httpd/ssl_request_log \
        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+    Alias /updatecache/ /var/updatecache/
+       <Directory /var/updatecache>
+                Options ExecCGI
+                AllowOverride None
+                Order deny,allow
+                Allow from all
+       </Directory>
+
+    Alias /repository/ /var/urlrepo/
+       <Directory /var/urlrepo>
+                Options ExecCGI
+                AllowOverride None
+                Order deny,allow
+                Allow from all
+       </Directory>
+
+    Alias /proxy-reports/ /var/log/sarg/
+    <Directory /var/log/sarg>
+        AllowOverride None
+        Options None
+        AuthName "IPFire - Restricted"
+        AuthType Basic
+        AuthUserFile /var/ipfire/auth/users
+        Require user admin
+    </Directory>
 </VirtualHost>
Timo's tree of IPFire 2.x