Port 445 -> 444 gewechselt und XTAccess-Regeln ausgeschaltet.

Nach der Installation sind alle Ports geschlossen!

git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@41 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

config/cfgroot/proxy-acl

@@ -1,49 +1,49 @@
-# Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes
-# you make will be overwritten whenever you resave proxy settings using the
-# web interface! Instead, modify the file '/var/ipcop/proxy/acl' and then
-# restart squid using the web interface. Changes made to the 'acl' file
-# will propagate to the 'squid.conf' file at that time.
-# [Scott Tregear, 22 Feb 2005]
-
-# Uncomment the following line to enable logging of User-Agent header:
-#useragent_log      /var/log/squid/user_agent.log
-
-# Uncomment the following line to enable logging of Referer header:
-#referer_log        /var/log/squid/referer.log
-
-acl all src 0.0.0.0/0.0.0.0
-acl localhost src 127.0.0.1/255.255.255.255
-acl SSL_ports port 443 563 
-acl Safe_ports port 80 # http 
-acl Safe_ports port 21 # ftp 
-acl Safe_ports port 443 563 # https, snews 
-acl Safe_ports port 70 # gopher 
-acl Safe_ports port 210 # wais 
-acl Safe_ports port 1025-65535 # unregistered ports 
-acl Safe_ports port 280 # http-mgmt 
-acl Safe_ports port 488 # gss-http 
-acl Safe_ports port 591 # filemaker 
-acl Safe_ports port 777 # multiling http 
-acl Safe_ports port __PROXY_PORT__ # Squid port (for icons) 
-
-acl IPCop_http  port 81
-acl IPCop_https port 445
-acl IPCop_ips  dst __GREEN_IP__ __BLUE_IP__
-acl IPCop_networks src __GREEN_NET__ __BLUE_NET__
-acl CONNECT method CONNECT 
-
-##Access to squid:
-#local machine, no restriction
-http_access allow         localhost
-
-#GUI admin if local machine connects
-http_access allow         IPCop_ips IPCop_networks IPCop_http
-http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
-
-#Deny not web services
-http_access deny          !Safe_ports
-http_access deny  CONNECT !SSL_ports
-
-#Finally allow IPCop_networks clients
-http_access allow         IPCop_networks
-http_access deny          all
+# Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes
+# you make will be overwritten whenever you resave proxy settings using the
+# web interface! Instead, modify the file '/var/ipcop/proxy/acl' and then
+# restart squid using the web interface. Changes made to the 'acl' file
+# will propagate to the 'squid.conf' file at that time.
+# [Scott Tregear, 22 Feb 2005]
+
+# Uncomment the following line to enable logging of User-Agent header:
+#useragent_log      /var/log/squid/user_agent.log
+
+# Uncomment the following line to enable logging of Referer header:
+#referer_log        /var/log/squid/referer.log
+
+acl all src 0.0.0.0/0.0.0.0
+acl localhost src 127.0.0.1/255.255.255.255
+acl SSL_ports port 443 563 
+acl Safe_ports port 80 # http 
+acl Safe_ports port 21 # ftp 
+acl Safe_ports port 443 563 # https, snews 
+acl Safe_ports port 70 # gopher 
+acl Safe_ports port 210 # wais 
+acl Safe_ports port 1025-65535 # unregistered ports 
+acl Safe_ports port 280 # http-mgmt 
+acl Safe_ports port 488 # gss-http 
+acl Safe_ports port 591 # filemaker 
+acl Safe_ports port 777 # multiling http 
+acl Safe_ports port __PROXY_PORT__ # Squid port (for icons) 
+
+acl IPCop_http  port 81
+acl IPCop_https port 444
+acl IPCop_ips  dst __GREEN_IP__ __BLUE_IP__
+acl IPCop_networks src __GREEN_NET__ __BLUE_NET__
+acl CONNECT method CONNECT 
+
+##Access to squid:
+#local machine, no restriction
+http_access allow         localhost
+
+#GUI admin if local machine connects
+http_access allow         IPCop_ips IPCop_networks IPCop_http
+http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
+
+#Deny not web services
+http_access deny          !Safe_ports
+http_access deny  CONNECT !SSL_ports
+
+#Finally allow IPCop_networks clients
+http_access allow         IPCop_networks
+http_access deny          all

config/cfgroot/xtaccess-config

@@ -1 +1 @@
-tcp,0.0.0.0/0,113,on,0.0.0.0
+tcp,0.0.0.0/0,113,off,0.0.0.0

config/httpd/httpd.conf

@@ -1,149 +1,149 @@
-##
-## httpd.conf -- Apache HTTP server configuration file
-##
-## $Id: httpd.conf,v 1.15.2.7 2005/04/16 11:40:15 rkerr Exp $
-##
-ServerType standalone
-ServerRoot /etc/httpd
-
-LockFile /var/lock/httpd.lock
-PidFile /var/run/httpd.pid
-ScoreBoardFile /var/run/httpd.scoreboard
-Timeout 900
-KeepAlive On
-MaxKeepAliveRequests 100
-KeepAliveTimeout 15
-MinSpareServers 1
-MaxSpareServers 2
-StartServers 2
-MaxClients 10
-MaxRequestsPerChild 100
-Port 81
-Listen 81
-Listen 445
-User nobody
-Group nobody
-ServerAdmin root@localhost
-ServerTokens Prod
-DocumentRoot /home/httpd/html
-# Limit track/trace requests
-RewriteEngine on
-RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
-RewriteRule .* - [F]
-
-<Directory />
-    Options None
-    AllowOverride None
-</Directory>
-<Directory /home/httpd/html>
-    Options ExecCGI
-    AllowOverride None
-    Order allow,deny
-    Allow from all
-</Directory>
-<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
-    AuthName "Restricted"
-    AuthType Basic
-    AuthUserFile CONFIG_ROOT/auth/users
-    require user admin
-</DirectoryMatch>
-ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
-<Directory /home/httpd/cgi-bin>
-    AllowOverride None
-    Options None
-    AuthName "Restricted"
-    AuthType Basic
-    AuthUserFile CONFIG_ROOT/auth/users
-    Require user admin
-    <Files index.cgi>
-        Satisfy Any
-        Allow from All
-    </Files>
-    <Files credits.cgi>
-        Satisfy Any
-        Allow from All
-    </Files>
-    <Files dial.cgi>
-        Require user admin dial
-    </Files>
-</Directory>
-<IfModule mod_dir.c>
-    DirectoryIndex index.html index.htm index.shtml index.cgi
-</IfModule>
-AccessFileName .htaccess
-<Files ~ "^\.ht">
-    Order allow,deny
-    Deny from all
-</Files>
-<IfModule mod_mime.c>
-    TypesConfig /etc/mime.types
-</IfModule>
-DefaultType text/plain
-
-HostnameLookups Off
-ErrorLog /var/log/httpd/error_log
-LogLevel warn
-LogFormat "%h %l %u %t \"%r\" %>s %b" common
-CustomLog /var/log/httpd/access_log common
-ServerSignature Off
-AddHandler cgi-script .cgi
-<IfModule mod_setenvif.c>
-    BrowserMatch "Mozilla/2" nokeepalive
-    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
-    BrowserMatch "RealPlayer 4\.0" force-response-1.0
-    BrowserMatch "Java/1\.0" force-response-1.0
-    BrowserMatch "JDK/1\.0" force-response-1.0
-</IfModule>
-
-###
-### SSL Configuration
-###
-AddType application/x-x509-ca-cert .crt
-AddType application/x-pkcs7-crl    .crl
-
-SSLPassPhraseDialog  builtin
-SSLSessionCache         dbm:/var/log/httpd/ssl_scache
-SSLSessionCacheTimeout  900
-SSLMutex  file:/var/log/httpd/ssl_mutex
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-SSLLog      /var/log/httpd/ssl_engine_log
-SSLLogLevel info
-
-<VirtualHost _default_:445>
-    RewriteEngine on
-    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
-    RewriteRule .* - [F]
-    DocumentRoot /home/httpd/html
-    ServerAdmin root@localhost
-    ErrorLog /var/log/httpd/error_log
-    TransferLog /var/log/httpd/access_log
-    SSLEngine on
-    SSLProtocol all -SSLv2
-    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
-    SSLCertificateFile /etc/httpd/server.crt
-    SSLCertificateKeyFile /etc/httpd/server.key
-    <Files ~ "\.(cgi|shtml?)$">
-	SSLOptions +StdEnvVars
-    </Files>
-    <Directory /home/httpd/cgi-bin>
-	SSLOptions +StdEnvVars
-    </Directory>
-    SetEnv HOME /home/nobody
-    SetEnvIf User-Agent ".*MSIE.*" \
-	nokeepalive ssl-unclean-shutdown \
-	downgrade-1.0 force-response-1.0
-    CustomLog /var/log/httpd/ssl_request_log \
-	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-</VirtualHost>
-
-<Directory /home/httpd/html/backup>
-    Options None
-    AllowOverride None
-    AuthName "Restricted"
-    AuthType Basic
-    AuthUserFile /var/ipcop/auth/users
-    require user admin
-</Directory>
-
-include /etc/httpd/conf/hostname.conf
+##
+## httpd.conf -- Apache HTTP server configuration file
+##
+## $Id: httpd.conf,v 1.15.2.7 2005/04/16 11:40:15 rkerr Exp $
+##
+ServerType standalone
+ServerRoot /etc/httpd
+
+LockFile /var/lock/httpd.lock
+PidFile /var/run/httpd.pid
+ScoreBoardFile /var/run/httpd.scoreboard
+Timeout 900
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 15
+MinSpareServers 1
+MaxSpareServers 2
+StartServers 2
+MaxClients 10
+MaxRequestsPerChild 100
+Port 81
+Listen 81
+Listen 444
+User nobody
+Group nobody
+ServerAdmin root@localhost
+ServerTokens Prod
+DocumentRoot /home/httpd/html
+# Limit track/trace requests
+RewriteEngine on
+RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
+RewriteRule .* - [F]
+
+<Directory />
+    Options None
+    AllowOverride None
+</Directory>
+<Directory /home/httpd/html>
+    Options ExecCGI
+    AllowOverride None
+    Order allow,deny
+    Allow from all
+</Directory>
+<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
+    AuthName "Restricted"
+    AuthType Basic
+    AuthUserFile CONFIG_ROOT/auth/users
+    require user admin
+</DirectoryMatch>
+ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
+<Directory /home/httpd/cgi-bin>
+    AllowOverride None
+    Options None
+    AuthName "Restricted"
+    AuthType Basic
+    AuthUserFile CONFIG_ROOT/auth/users
+    Require user admin
+    <Files index.cgi>
+        Satisfy Any
+        Allow from All
+    </Files>
+    <Files credits.cgi>
+        Satisfy Any
+        Allow from All
+    </Files>
+    <Files dial.cgi>
+        Require user admin dial
+    </Files>
+</Directory>
+<IfModule mod_dir.c>
+    DirectoryIndex index.html index.htm index.shtml index.cgi
+</IfModule>
+AccessFileName .htaccess
+<Files ~ "^\.ht">
+    Order allow,deny
+    Deny from all
+</Files>
+<IfModule mod_mime.c>
+    TypesConfig /etc/mime.types
+</IfModule>
+DefaultType text/plain
+
+HostnameLookups Off
+ErrorLog /var/log/httpd/error_log
+LogLevel warn
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+CustomLog /var/log/httpd/access_log common
+ServerSignature Off
+AddHandler cgi-script .cgi
+<IfModule mod_setenvif.c>
+    BrowserMatch "Mozilla/2" nokeepalive
+    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+    BrowserMatch "RealPlayer 4\.0" force-response-1.0
+    BrowserMatch "Java/1\.0" force-response-1.0
+    BrowserMatch "JDK/1\.0" force-response-1.0
+</IfModule>
+
+###
+### SSL Configuration
+###
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl    .crl
+
+SSLPassPhraseDialog  builtin
+SSLSessionCache         dbm:/var/log/httpd/ssl_scache
+SSLSessionCacheTimeout  900
+SSLMutex  file:/var/log/httpd/ssl_mutex
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+SSLLog      /var/log/httpd/ssl_engine_log
+SSLLogLevel info
+
+<VirtualHost _default_:444>
+    RewriteEngine on
+    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
+    RewriteRule .* - [F]
+    DocumentRoot /home/httpd/html
+    ServerAdmin root@localhost
+    ErrorLog /var/log/httpd/error_log
+    TransferLog /var/log/httpd/access_log
+    SSLEngine on
+    SSLProtocol all -SSLv2
+    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
+    SSLCertificateFile /etc/httpd/server.crt
+    SSLCertificateKeyFile /etc/httpd/server.key
+    <Files ~ "\.(cgi|shtml?)$">
+	SSLOptions +StdEnvVars
+    </Files>
+    <Directory /home/httpd/cgi-bin>
+	SSLOptions +StdEnvVars
+    </Directory>
+    SetEnv HOME /home/nobody
+    SetEnvIf User-Agent ".*MSIE.*" \
+	nokeepalive ssl-unclean-shutdown \
+	downgrade-1.0 force-response-1.0
+    CustomLog /var/log/httpd/ssl_request_log \
+	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+</VirtualHost>
+
+<Directory /home/httpd/html/backup>
+    Options None
+    AllowOverride None
+    AuthName "Restricted"
+    AuthType Basic
+    AuthUserFile /var/ipcop/auth/users
+    require user admin
+</Directory>
+
+include /etc/httpd/conf/hostname.conf