Hinzugefuegt:

* Konfiguration fuer Apache2
Kernelupgrade auf 2.4.33.3
Syslinux-Upgrade
Gefixt:
  * /tmp/ROOTFILES hat nichts in der ISO zu suchen.
  * Fehler im Installer wegen Apache2.


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@283 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

config/httpd/conf.d/php5.conf

@@ -0,0 +1,14 @@
+<IfModule mod_php5.c>
+        AddType application/x-httpd-php .php3
+        AddType application/x-httpd-php .php4
+        AddType application/x-httpd-php .php5
+        AddType application/x-httpd-php .php
+        AddType application/x-httpd-php-source .php3s
+        AddType application/x-httpd-php-source .php4s
+        AddType application/x-httpd-php-source .php5s
+        AddType application/x-httpd-php-source .phps
+        DirectoryIndex index.php3
+        DirectoryIndex index.php4
+        DirectoryIndex index.php5
+        DirectoryIndex index.php
+</IfModule>

config/httpd/default-server.conf

@@ -0,0 +1,8 @@
+#
+# Global configuration that will be applicable for all virtual hosts, unless
+# deleted here, or overriden elswhere.
+#
+
+DocumentRoot /home/httpd/html
+
+#Include /etc/httpd/conf/conf.d/*.conf

config/httpd/global.conf

@@ -0,0 +1,9 @@
+Timeout 300
+ServerSignature on
+UseCanonicalName off
+ServerTokens OS
+LogLevel warn
+CustomLog /var/log/httpd/access_log combined
+Include /etc/httpd/conf/hostname.conf
+HostnameLookups off
+AddHandler cgi-script .cgi

config/httpd/httpd.conf

@@ -1,159 +1,120 @@
-##
-## httpd.conf -- Apache HTTP server configuration file
-##
-ServerType standalone
-ServerRoot /etc/httpd
-
-LockFile /var/lock/httpd.lock
-PidFile /var/run/httpd.pid
-ScoreBoardFile /var/run/httpd.scoreboard
-Timeout 900
-KeepAlive On
-MaxKeepAliveRequests 100
-KeepAliveTimeout 15
-MinSpareServers 1
-MaxSpareServers 2
-StartServers 2
-MaxClients 10
-MaxRequestsPerChild 100
-Port 81
-Listen 81
-Listen 444
-User nobody
-Group nobody
-ServerAdmin root@localhost
-ServerTokens Prod
-DocumentRoot /home/httpd/html
-# Limit track/trace requests
-RewriteEngine on
-RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
-RewriteRule .* - [F]
-
-<Directory />
-    Options None
-    AllowOverride None
-</Directory>
-<Directory /home/httpd/html>
-    Options ExecCGI
-    AllowOverride None
-    Order allow,deny
-    Allow from all
-</Directory>
-<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
-    AuthName "IPFire - Restricted"
-    AuthType Basic
-    AuthUserFile /var/ipfire/auth/users
-    Require user admin
-</DirectoryMatch>
-ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
-<Directory /home/httpd/cgi-bin>
-    AllowOverride None
-    Options None
-    AuthName "IPFire - Restricted"
-    AuthType Basic
-    AuthUserFile /var/ipfire/auth/users
-    Require user admin
-    <Files chpasswd.cgi>
-        Satisfy Any
-        Allow from All
-    </Files>
-    <Files webaccess.cgi>
-        Satisfy Any
-        Allow from All
-    </Files>
-    <Files credits.cgi>
-        Satisfy Any
-        Allow from All
-    </Files>
-    <Files dial.cgi>
-        Require user admin
-    </Files>
-</Directory>
-<Directory /home/httpd/cgi-bin/dial>
-    AllowOverride None
-    Options None
-    AuthName "IPFire - Restricted"
-    AuthType Basic
-    AuthUserFile /var/ipfire/auth/users
-    Require user dial admin
-</Directory>
-<IfModule mod_dir.c>
-    DirectoryIndex index.html index.htm index.shtml index.cgi
-</IfModule>
-AccessFileName .htaccess
-<Files ~ "^\.ht">
-    Order allow,deny
-    Deny from all
-</Files>
-<IfModule mod_mime.c>
-    TypesConfig /etc/mime.types
-</IfModule>
-DefaultType text/plain
-
-HostnameLookups Off
-ErrorLog /var/log/httpd/error_log
-LogLevel warn
-LogFormat "%h %l %u %t \"%r\" %>s %b" common
-CustomLog /var/log/httpd/access_log common
-ServerSignature Off
-AddHandler cgi-script .cgi
-<IfModule mod_setenvif.c>
-    BrowserMatch "Mozilla/2" nokeepalive
-    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
-    BrowserMatch "RealPlayer 4\.0" force-response-1.0
-    BrowserMatch "Java/1\.0" force-response-1.0
-    BrowserMatch "JDK/1\.0" force-response-1.0
-</IfModule>
-
-###
-### SSL Configuration
-###
-AddType application/x-x509-ca-cert .crt
-AddType application/x-pkcs7-crl    .crl
-
-SSLPassPhraseDialog  builtin
-SSLSessionCache         dbm:/var/log/httpd/ssl_scache
-SSLSessionCacheTimeout  900
-SSLMutex  file:/var/log/httpd/ssl_mutex
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-SSLLog      /var/log/httpd/ssl_engine_log
-SSLLogLevel info
-
-<VirtualHost _default_:444>
-    RewriteEngine on
-    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
-    RewriteRule .* - [F]
-    DocumentRoot /home/httpd/html
-    ServerAdmin root@localhost
-    ErrorLog /var/log/httpd/error_log
-    TransferLog /var/log/httpd/access_log
-    SSLEngine on
-    SSLProtocol all -SSLv2
-    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
-    SSLCertificateFile /etc/httpd/server.crt
-    SSLCertificateKeyFile /etc/httpd/server.key
-    <Files ~ "\.(cgi|shtml?)$">
-	SSLOptions +StdEnvVars
-    </Files>
-    <Directory /home/httpd/cgi-bin>
-	SSLOptions +StdEnvVars
-    </Directory>
-    SetEnv HOME /home/nobody
-    SetEnvIf User-Agent ".*MSIE.*" \
-	nokeepalive ssl-unclean-shutdown \
-	downgrade-1.0 force-response-1.0
-    CustomLog /var/log/httpd/ssl_request_log \
-	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-</VirtualHost>
-
-<Directory /home/httpd/html/backup>
-    Options None
-    AllowOverride None
-    AuthName "IPFire - Restricted"
-    AuthType Basic
-    AuthUserFile /var/ipfire/auth/users
-    require user admin
-</Directory>
-
-include /etc/httpd/conf/hostname.conf
+#
+# /etc/httpd/conf/httpd.conf 
+#
+# This is the main Apache2 server configuration file for IPFire.
+# Plese do not change this file!
+
+# Overview of include files, chronologically:
+#
+# httpd.conf
+#  | 
+#  |-- uid.conf  . . . . . . . . . . . . . .  UserID/GroupID to run under
+#  |-- server-tuning.conf  . . . . . . . . .  sizing of the server (how many processes to start, ...)
+#  |-- loadmodule.conf . . . . . . . . . . .  load these modules
+#  |-- listen.conf . . . . . . . . . . . . .  IP adresses / ports to listen on
+#  |-- mod_log_config.conf . . . . . . . . .  define logging formats
+#  |-- sysconfig.d/global.conf . . . . . . .  server-wide general settings
+#  |-- mod_status.conf . . . . . . . . . . .  restrict access to mod_status (server monitoring)
+#  |-- mod_info.conf . . . . . . . . . . . .  restrict access to mod_info
+#  |-- mod_usertrack.conf  . . . . . . . . .  defaults for cookie-based user tracking
+#  |-- mod_autoindex-defaults.conf . . . . .  defaults for displaying of server-generated directory listings
+#  |-- mod_mime-defaults.conf  . . . . . . .  defaults for mod_mime configuration
+#  |-- errors.conf . . . . . . . . . . . . .  customize error responses
+#  |-- ssl-global.conf . . . . . . . . . . .  SSL conf that applies to default server _and all_ virtual hosts
+#  |
+#  |-- default-server.conf . . . . . . . . .  set up the default server that replies to non-virtual-host requests
+#  |
+#  `-- vhosts.d/ . . . . . . . . . . . . . .  for each virtual host, place one file here
+#       `-- *.conf . . . . . . . . . . . . .     (*.conf is automatically included)
+#
+
+### Global Environment ######################################################
+#
+# The directives in this section affect the overall operation of Apache,
+# such as the number of concurrent requests.
+
+# run under this user/group id
+Include /etc/httpd/conf/uid.conf
+
+# - how many server processes to start (server pool regulation)
+# - usage of KeepAlive
+Include /etc/httpd/conf/server-tuning.conf
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+ErrorLog /var/log/httpd/error_log
+
+# Load Modules here
+Include /etc/httpd/conf/loadmodule.conf
+
+# IP addresses / ports to listen on
+Include /etc/httpd/conf/listen.conf
+
+# predefined logging formats
+Include /etc/httpd/conf/mod_log_config.conf
+
+# global settings
+Include /etc/httpd/conf/global.conf
+
+# optional mod_status, mod_info
+#Include /etc/httpd/conf/mod_status.conf
+#Include /etc/httpd/conf/mod_info.conf
+
+# associate MIME types with filename extensions
+TypesConfig /etc/mime.types
+DefaultType text/plain
+
+# global (server-wide) SSL configuration, that is not specific to 
+# any virtual host
+Include /etc/httpd/conf/ssl-global.conf
+
+<Directory />
+    Options None
+    AllowOverride None
+</Directory>
+
+# use .htaccess files for overriding,
+AccessFileName .htaccess
+# and never show them
+<Files ~ "^\.ht">
+    Order allow,deny
+    Deny from all
+</Files>
+
+# List of resources to look for when the client requests a directory
+DirectoryIndex index.html index.htm index.shtml index.cgi
+
+### 'Main' server configuration #############################################
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition.  These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+Include /etc/httpd/conf/default-server.conf
+
+
+### Virtual server configuration ############################################
+#
+# VirtualHost: If you want to maintain multiple domains/hostnames on your
+# machine you can setup VirtualHost containers for them. Most configurations
+# use only name-based virtual hosts so the server doesn't need to worry about
+# IP addresses. This is indicated by the asterisks in the directives below.
+#
+# Please see the documentation at
+# <URL:http://httpd.apache.org/docs-2.0/vhosts/>
+# for further details before you try to setup virtual hosts.
+#
+# You may use the command line option '-S' to verify your virtual host
+# configuration.
+#
+Include /etc/httpd/conf/vhosts.d/*.conf
+
+

config/httpd/listen.conf

@@ -0,0 +1,2 @@
+Listen 81
+Listen 444

config/httpd/loadmodule.conf

@@ -0,0 +1,51 @@
+LoadModule authn_file_module /usr/lib/apache/mod_authn_file.so
+LoadModule authn_dbm_module /usr/lib/apache/mod_authn_dbm.so
+LoadModule authn_anon_module /usr/lib/apache/mod_authn_anon.so
+LoadModule authn_dbd_module /usr/lib/apache/mod_authn_dbd.so
+LoadModule authn_default_module /usr/lib/apache/mod_authn_default.so
+LoadModule authz_host_module /usr/lib/apache/mod_authz_host.so
+LoadModule authz_groupfile_module /usr/lib/apache/mod_authz_groupfile.so
+LoadModule authz_user_module /usr/lib/apache/mod_authz_user.so
+LoadModule authz_dbm_module /usr/lib/apache/mod_authz_dbm.so
+LoadModule authz_owner_module /usr/lib/apache/mod_authz_owner.so
+LoadModule authz_default_module /usr/lib/apache/mod_authz_default.so
+LoadModule auth_basic_module /usr/lib/apache/mod_auth_basic.so
+LoadModule auth_digest_module /usr/lib/apache/mod_auth_digest.so
+#LoadModule dbd_module /usr/lib/apache/mod_dbd.so
+LoadModule dumpio_module /usr/lib/apache/mod_dumpio.so
+LoadModule ext_filter_module /usr/lib/apache/mod_ext_filter.so
+LoadModule include_module /usr/lib/apache/mod_include.so
+LoadModule filter_module /usr/lib/apache/mod_filter.so
+LoadModule deflate_module /usr/lib/apache/mod_deflate.so
+LoadModule log_config_module /usr/lib/apache/mod_log_config.so
+LoadModule log_forensic_module /usr/lib/apache/mod_log_forensic.so
+LoadModule logio_module /usr/lib/apache/mod_logio.so
+LoadModule env_module /usr/lib/apache/mod_env.so
+LoadModule mime_magic_module /usr/lib/apache/mod_mime_magic.so
+LoadModule cern_meta_module /usr/lib/apache/mod_cern_meta.so
+LoadModule expires_module /usr/lib/apache/mod_expires.so
+LoadModule headers_module /usr/lib/apache/mod_headers.so
+LoadModule ident_module /usr/lib/apache/mod_ident.so
+LoadModule usertrack_module /usr/lib/apache/mod_usertrack.so
+LoadModule unique_id_module /usr/lib/apache/mod_unique_id.so
+LoadModule setenvif_module /usr/lib/apache/mod_setenvif.so
+LoadModule version_module /usr/lib/apache/mod_version.so
+LoadModule mime_module /usr/lib/apache/mod_mime.so
+LoadModule dav_module /usr/lib/apache/mod_dav.so
+LoadModule status_module /usr/lib/apache/mod_status.so
+LoadModule autoindex_module /usr/lib/apache/mod_autoindex.so
+LoadModule asis_module /usr/lib/apache/mod_asis.so
+LoadModule info_module /usr/lib/apache/mod_info.so
+LoadModule cgi_module /usr/lib/apache/mod_cgi.so
+LoadModule dav_fs_module /usr/lib/apache/mod_dav_fs.so
+LoadModule vhost_alias_module /usr/lib/apache/mod_vhost_alias.so
+LoadModule negotiation_module /usr/lib/apache/mod_negotiation.so
+LoadModule dir_module /usr/lib/apache/mod_dir.so
+LoadModule imagemap_module /usr/lib/apache/mod_imagemap.so
+LoadModule actions_module /usr/lib/apache/mod_actions.so
+LoadModule speling_module /usr/lib/apache/mod_speling.so
+LoadModule userdir_module /usr/lib/apache/mod_userdir.so
+LoadModule alias_module /usr/lib/apache/mod_alias.so
+LoadModule rewrite_module /usr/lib/apache/mod_rewrite.so
+LoadModule ssl_module /usr/lib/apache/mod_ssl.so
+LoadModule php5_module        /usr/lib/apache/libphp5.so

config/httpd/mod_info.conf

@@ -0,0 +1,14 @@
+#
+# Allow remote server configuration reports, with the URL of
+#  http://servername/server-info (requires that mod_info.c be loaded).
+#
+# see http://httpd.apache.org/docs-2.0/mod/mod_info.html
+#
+<IfModule mod_info.c>
+    <Location /server-info>
+	    SetHandler server-info
+	    Order deny,allow
+	    Deny from all
+	    Allow from localhost
+    </Location>
+</IfModule>

config/httpd/mod_log_config.conf

@@ -0,0 +1,31 @@
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive.
+#
+
+#
+#         Format string:				Nickname:
+#
+LogFormat "%h %l %u %t \"%r\" %>s %b"		common
+LogFormat "%v %h %l %u %t \"%r\" %>s %b"		vhost_common
+LogFormat "%{Referer}i -> %U"			referer
+LogFormat "%{User-agent}i"				agent
+LogFormat "%h %l %u %t \"%r\" %>s %b \
+\"%{Referer}i\" \"%{User-Agent}i\""		combined
+LogFormat "%v %h %l %u %t \"%r\" %>s %b \
+\"%{Referer}i\" \"%{User-Agent}i\""		vhost_combined
+
+# To use %I and %O, you need to enable mod_logio
+<IfModule mod_logio.c>
+LogFormat "%h %l %u %t \"%r\" %>s %b \
+\"%{Referer}i\" \"%{User-Agent}i\" %I %O"		combinedio
+</IfModule>
+
+# Use one of these when you want a compact non-error SSL logfile on a virtual
+# host basis:
+<IfModule mod_ssl.c>
+Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
+\"%r\" %b"						ssl_common
+Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
+\"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\""	ssl_combined
+</IfModule>

config/httpd/mod_status.conf

@@ -0,0 +1,14 @@
+#
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+#
+# see http://httpd.apache.org/docs-2.0/mod/mod_status.html
+#
+<IfModule mod_status.c>
+    <Location /server-status>
+	SetHandler server-status
+	Order deny,allow
+	Deny from all
+	Allow from localhost
+    </Location>
+</IfModule>

config/httpd/server-tuning.conf

@@ -0,0 +1,34 @@
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 15
+
+MinSpareServers 1
+MaxSpareServers 2
+StartServers 2
+MaxClients 10
+MaxRequestsPerChild 100
+
+#
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0

config/httpd/ssl-global.conf

@@ -0,0 +1,69 @@
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+# These are the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailing information about these
+# directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.
+
+# This global SSL configuration is ignored if 
+# "SSL" is not defined, or if "NOSSL" is defined.
+<IfDefine SSL>
+<IfDefine !NOSSL>
+<IfModule mod_ssl.c>
+
+	#
+	#   Some MIME-types for downloading Certificates and CRLs
+	#
+	AddType application/x-x509-ca-cert .crt
+	AddType application/x-pkcs7-crl    .crl
+
+	#   Pass Phrase Dialog:
+	#   Configure the pass phrase gathering process.
+	#   The filtering dialog program (`builtin' is a internal
+	#   terminal dialog) has to provide the pass phrase on stdout.
+	SSLPassPhraseDialog  builtin
+
+	#   Inter-Process Session Cache:
+	#   Configure the SSL Session Cache: First the mechanism 
+	#   to use and second the expiring timeout (in seconds).
+	#   shm means the same as shmht. 
+	#   Note that on most platforms shared memory segments are not allowed to be on 
+	#   network-mounted drives, so in that case you need to use the dbm method.
+	#SSLSessionCache        none
+	#SSLSessionCache         dbm:/var/log/httpd/ssl_scache
+	#SSLSessionCache        shmht:/var/log/httpd/ssl_scache(512000)
+	SSLSessionCache         shmcb:/var/log/httpd/ssl_scache(512000)
+	SSLSessionCacheTimeout  900
+
+	#   Semaphore:
+	#   Configure the path to the mutual exclusion semaphore the
+	#   SSL engine uses internally for inter-process synchronization. 
+	SSLMutex  file:/var/log/httpd/ssl_mutex
+
+	#   Pseudo Random Number Generator (PRNG):
+	#   Configure one or more sources to seed the PRNG of the 
+	#   SSL library. The seed data should be of good random quality.
+	#   WARNING! On some platforms /dev/random blocks if not enough entropy
+	#   is available. This means you then cannot use the /dev/random device
+	#   because it would lead to very long connection times (as long as
+	#   it requires to make more entropy available). But usually those
+	#   platforms additionally provide a /dev/urandom device which doesn't
+	#   block. So, if available, use this one instead. Read the mod_ssl User
+	#   Manual for more details.
+	SSLRandomSeed startup builtin
+	SSLRandomSeed connect builtin
+
+	SSLLog      /var/log/httpd/ssl_engine_log
+	SSLLogLevel info
+
+</IfModule>
+</IfDefine>
+</IfDefine>

config/httpd/uid.conf

@@ -0,0 +1,2 @@
+User nobody
+Group nobody

config/httpd/vhosts.d/ipfire-interface-ssl.conf

@@ -0,0 +1,71 @@
+<VirtualHost *:444>
+
+    RewriteEngine on
+    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
+    RewriteRule .* - [F]
+    DocumentRoot /home/httpd/html
+    ServerAdmin root@localhost
+    ErrorLog /var/log/httpd/error_log
+    TransferLog /var/log/httpd/access_log
+    SSLEngine on
+    SSLProtocol all -SSLv2
+    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
+    SSLCertificateFile /etc/httpd/server.crt
+    SSLCertificateKeyFile /etc/httpd/server.key
+    <Directory /home/httpd/html>
+        Options ExecCGI
+        AllowOverride None
+        Order allow,deny
+        Allow from all
+    </Directory>
+    <DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
+        AuthName "IPFire - Restricted"
+        AuthType Basic
+        AuthUserFile /var/ipfire/auth/users
+        Require user admin
+    </DirectoryMatch>
+    ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
+    <Directory /home/httpd/cgi-bin>
+        AllowOverride None
+        Options None
+        AuthName "IPFire - Restricted"
+        AuthType Basic
+        AuthUserFile /var/ipfire/auth/users
+        Require user admin
+         <Files chpasswd.cgi>
+            Satisfy Any
+            Allow from All
+        </Files>
+        <Files webaccess.cgi>
+            Satisfy Any
+            Allow from All
+        </Files>
+        <Files credits.cgi>
+            Satisfy Any
+            Allow from All
+        </Files>
+        <Files dial.cgi>
+            Require user admin
+        </Files>
+    </Directory>
+    <Directory /home/httpd/cgi-bin/dial>
+        AllowOverride None
+        Options None
+        AuthName "IPFire - Restricted"
+        AuthType Basic
+        AuthUserFile /var/ipfire/auth/users
+        Require user dial admin
+    </Directory>
+    <Files ~ "\.(cgi|shtml?)$">
+	SSLOptions +StdEnvVars
+    </Files>
+    <Directory /home/httpd/cgi-bin>
+	SSLOptions +StdEnvVars
+    </Directory>
+    SetEnv HOME /home/nobody
+    SetEnvIf User-Agent ".*MSIE.*" \
+	nokeepalive ssl-unclean-shutdown \
+	downgrade-1.0 force-response-1.0
+    CustomLog /var/log/httpd/ssl_request_log \
+	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+</VirtualHost>

config/httpd/vhosts.d/ipfire-interface.conf

@@ -0,0 +1,54 @@
+<VirtualHost *:81>
+
+    DocumentRoot /home/httpd/html
+
+    RewriteEngine on
+    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
+    RewriteRule .* - [F]
+
+    <Directory /home/httpd/html>
+        Options ExecCGI
+        AllowOverride None
+        Order allow,deny
+        Allow from all
+    </Directory>
+    <DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
+        AuthName "IPFire - Restricted"
+        AuthType Basic
+        AuthUserFile /var/ipfire/auth/users
+        Require user admin
+    </DirectoryMatch>
+    ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
+    <Directory /home/httpd/cgi-bin>
+        AllowOverride None
+        Options None
+        AuthName "IPFire - Restricted"
+        AuthType Basic
+        AuthUserFile /var/ipfire/auth/users
+        Require user admin
+         <Files chpasswd.cgi>
+            Satisfy Any
+            Allow from All
+        </Files>
+        <Files webaccess.cgi>
+            Satisfy Any
+            Allow from All
+        </Files>
+        <Files credits.cgi>
+            Satisfy Any
+            Allow from All
+        </Files>
+        <Files dial.cgi>
+            Require user admin
+        </Files>
+    </Directory>
+    <Directory /home/httpd/cgi-bin/dial>
+        AllowOverride None
+        Options None
+        AuthName "IPFire - Restricted"
+        AuthType Basic
+        AuthUserFile /var/ipfire/auth/users
+        Require user dial admin
+    </Directory>
+
+</VirtualHost>