TransferLog /var/log/httpd/access_log
SSLEngine on
SSLProtocol all -SSLv2
- SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
+ SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
+ SSLHonorCipherOrder on
SSLCertificateFile /etc/httpd/server.crt
SSLCertificateKeyFile /etc/httpd/server.key
- PerlRequire /usr/lib/apache/startup.pl
- PerlWarn On
-
<Directory /srv/web/ipfire/html>
Options ExecCGI
AllowOverride None
<Directory /srv/web/ipfire/cgi-bin>
AllowOverride None
Options ExecCGI
- SetHandler perl-script
- PerlSendHeader On
- PerlHandler ModPerl::Registry
AuthName "IPFire - Restricted"
AuthType Basic
AuthUserFile /var/ipfire/auth/users
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+ Alias /updatecache/ /var/updatecache/
+ <Directory /var/updatecache>
+ Options ExecCGI
+ AllowOverride None
+ Order deny,allow
+ Allow from all
+ </Directory>
+
+ Alias /repository/ /var/urlrepo/
+ <Directory /var/urlrepo>
+ Options ExecCGI
+ AllowOverride None
+ Order deny,allow
+ Allow from all
+ </Directory>
+
+ Alias /proxy-reports/ /var/log/sarg/
+ <Directory /var/log/sarg>
+ AllowOverride None
+ Options None
+ AuthName "IPFire - Restricted"
+ AuthType Basic
+ AuthUserFile /var/ipfire/auth/users
+ Require user admin
+ </Directory>
</VirtualHost>