mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-27 19:23:24 +02:00
Hinzugefuegt:
* Interface fuer den Benutzer dial. Geandert: * Standardland fuer OpenSSL-Zertifikate ist statt GB jetzt DE. * makegraphs gefixt. git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@214 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
This commit is contained in:
delaco
@@ -1,151 +1,159 @@
|
||||
##
|
||||
## httpd.conf -- Apache HTTP server configuration file
|
||||
##
|
||||
ServerType standalone
|
||||
ServerRoot /etc/httpd
|
||||
|
||||
LockFile /var/lock/httpd.lock
|
||||
PidFile /var/run/httpd.pid
|
||||
ScoreBoardFile /var/run/httpd.scoreboard
|
||||
Timeout 900
|
||||
KeepAlive On
|
||||
MaxKeepAliveRequests 100
|
||||
KeepAliveTimeout 15
|
||||
MinSpareServers 1
|
||||
MaxSpareServers 2
|
||||
StartServers 2
|
||||
MaxClients 10
|
||||
MaxRequestsPerChild 100
|
||||
Port 81
|
||||
Listen 81
|
||||
Listen 444
|
||||
User nobody
|
||||
Group nobody
|
||||
ServerAdmin root@localhost
|
||||
ServerTokens Prod
|
||||
DocumentRoot /home/httpd/html
|
||||
# Limit track/trace requests
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
|
||||
RewriteRule .* - [F]
|
||||
|
||||
<Directory />
|
||||
Options None
|
||||
AllowOverride None
|
||||
</Directory>
|
||||
<Directory /home/httpd/html>
|
||||
Options ExecCGI
|
||||
AllowOverride None
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</Directory>
|
||||
<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
|
||||
AuthName "IPFire - Restricted"
|
||||
AuthType Basic
|
||||
AuthUserFile /var/ipfire/auth/users
|
||||
Require user admin
|
||||
</DirectoryMatch>
|
||||
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
|
||||
<Directory /home/httpd/cgi-bin>
|
||||
AllowOverride None
|
||||
Options None
|
||||
AuthName "IPFire - Restricted"
|
||||
AuthType Basic
|
||||
AuthUserFile /var/ipfire/auth/users
|
||||
Require user admin
|
||||
<Files chpasswd.cgi>
|
||||
Satisfy Any
|
||||
Allow from All
|
||||
</Files>
|
||||
<Files webaccess.cgi>
|
||||
Satisfy Any
|
||||
Allow from All
|
||||
</Files>
|
||||
<Files credits.cgi>
|
||||
Satisfy Any
|
||||
Allow from All
|
||||
</Files>
|
||||
<Files dial.cgi>
|
||||
Require user admin dial
|
||||
</Files>
|
||||
</Directory>
|
||||
<IfModule mod_dir.c>
|
||||
DirectoryIndex index.html index.htm index.shtml index.cgi
|
||||
</IfModule>
|
||||
AccessFileName .htaccess
|
||||
<Files ~ "^\.ht">
|
||||
Order allow,deny
|
||||
Deny from all
|
||||
</Files>
|
||||
<IfModule mod_mime.c>
|
||||
TypesConfig /etc/mime.types
|
||||
</IfModule>
|
||||
DefaultType text/plain
|
||||
|
||||
HostnameLookups Off
|
||||
ErrorLog /var/log/httpd/error_log
|
||||
LogLevel warn
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
||||
CustomLog /var/log/httpd/access_log common
|
||||
ServerSignature Off
|
||||
AddHandler cgi-script .cgi
|
||||
<IfModule mod_setenvif.c>
|
||||
BrowserMatch "Mozilla/2" nokeepalive
|
||||
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
|
||||
BrowserMatch "RealPlayer 4\.0" force-response-1.0
|
||||
BrowserMatch "Java/1\.0" force-response-1.0
|
||||
BrowserMatch "JDK/1\.0" force-response-1.0
|
||||
</IfModule>
|
||||
|
||||
###
|
||||
### SSL Configuration
|
||||
###
|
||||
AddType application/x-x509-ca-cert .crt
|
||||
AddType application/x-pkcs7-crl .crl
|
||||
|
||||
SSLPassPhraseDialog builtin
|
||||
SSLSessionCache dbm:/var/log/httpd/ssl_scache
|
||||
SSLSessionCacheTimeout 900
|
||||
SSLMutex file:/var/log/httpd/ssl_mutex
|
||||
SSLRandomSeed startup builtin
|
||||
SSLRandomSeed connect builtin
|
||||
SSLLog /var/log/httpd/ssl_engine_log
|
||||
SSLLogLevel info
|
||||
|
||||
<VirtualHost _default_:444>
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
|
||||
RewriteRule .* - [F]
|
||||
DocumentRoot /home/httpd/html
|
||||
ServerAdmin root@localhost
|
||||
ErrorLog /var/log/httpd/error_log
|
||||
TransferLog /var/log/httpd/access_log
|
||||
SSLEngine on
|
||||
SSLProtocol all -SSLv2
|
||||
SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
|
||||
SSLCertificateFile /etc/httpd/server.crt
|
||||
SSLCertificateKeyFile /etc/httpd/server.key
|
||||
<Files ~ "\.(cgi|shtml?)$">
|
||||
SSLOptions +StdEnvVars
|
||||
</Files>
|
||||
<Directory /home/httpd/cgi-bin>
|
||||
SSLOptions +StdEnvVars
|
||||
</Directory>
|
||||
SetEnv HOME /home/nobody
|
||||
SetEnvIf User-Agent ".*MSIE.*" \
|
||||
nokeepalive ssl-unclean-shutdown \
|
||||
downgrade-1.0 force-response-1.0
|
||||
CustomLog /var/log/httpd/ssl_request_log \
|
||||
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
||||
</VirtualHost>
|
||||
|
||||
<Directory /home/httpd/html/backup>
|
||||
Options None
|
||||
AllowOverride None
|
||||
AuthName "IPFire - Restricted"
|
||||
AuthType Basic
|
||||
AuthUserFile /var/ipfire/auth/users
|
||||
require user admin
|
||||
</Directory>
|
||||
|
||||
include /etc/httpd/conf/hostname.conf
|
||||
##
|
||||
## httpd.conf -- Apache HTTP server configuration file
|
||||
##
|
||||
ServerType standalone
|
||||
ServerRoot /etc/httpd
|
||||
|
||||
LockFile /var/lock/httpd.lock
|
||||
PidFile /var/run/httpd.pid
|
||||
ScoreBoardFile /var/run/httpd.scoreboard
|
||||
Timeout 900
|
||||
KeepAlive On
|
||||
MaxKeepAliveRequests 100
|
||||
KeepAliveTimeout 15
|
||||
MinSpareServers 1
|
||||
MaxSpareServers 2
|
||||
StartServers 2
|
||||
MaxClients 10
|
||||
MaxRequestsPerChild 100
|
||||
Port 81
|
||||
Listen 81
|
||||
Listen 444
|
||||
User nobody
|
||||
Group nobody
|
||||
ServerAdmin root@localhost
|
||||
ServerTokens Prod
|
||||
DocumentRoot /home/httpd/html
|
||||
# Limit track/trace requests
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
|
||||
RewriteRule .* - [F]
|
||||
|
||||
<Directory />
|
||||
Options None
|
||||
AllowOverride None
|
||||
</Directory>
|
||||
<Directory /home/httpd/html>
|
||||
Options ExecCGI
|
||||
AllowOverride None
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</Directory>
|
||||
<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
|
||||
AuthName "IPFire - Restricted"
|
||||
AuthType Basic
|
||||
AuthUserFile /var/ipfire/auth/users
|
||||
Require user admin
|
||||
</DirectoryMatch>
|
||||
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
|
||||
<Directory /home/httpd/cgi-bin>
|
||||
AllowOverride None
|
||||
Options None
|
||||
AuthName "IPFire - Restricted"
|
||||
AuthType Basic
|
||||
AuthUserFile /var/ipfire/auth/users
|
||||
Require user admin
|
||||
<Files chpasswd.cgi>
|
||||
Satisfy Any
|
||||
Allow from All
|
||||
</Files>
|
||||
<Files webaccess.cgi>
|
||||
Satisfy Any
|
||||
Allow from All
|
||||
</Files>
|
||||
<Files credits.cgi>
|
||||
Satisfy Any
|
||||
Allow from All
|
||||
</Files>
|
||||
<Files dial.cgi>
|
||||
Require user admin
|
||||
</Files>
|
||||
</Directory>
|
||||
<Directory /home/httpd/cgi-bin/dial>
|
||||
AllowOverride None
|
||||
Options None
|
||||
AuthName "IPFire - Restricted"
|
||||
AuthType Basic
|
||||
AuthUserFile /var/ipfire/auth/users
|
||||
Require user dial admin
|
||||
</Directory>
|
||||
<IfModule mod_dir.c>
|
||||
DirectoryIndex index.html index.htm index.shtml index.cgi
|
||||
</IfModule>
|
||||
AccessFileName .htaccess
|
||||
<Files ~ "^\.ht">
|
||||
Order allow,deny
|
||||
Deny from all
|
||||
</Files>
|
||||
<IfModule mod_mime.c>
|
||||
TypesConfig /etc/mime.types
|
||||
</IfModule>
|
||||
DefaultType text/plain
|
||||
|
||||
HostnameLookups Off
|
||||
ErrorLog /var/log/httpd/error_log
|
||||
LogLevel warn
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
||||
CustomLog /var/log/httpd/access_log common
|
||||
ServerSignature Off
|
||||
AddHandler cgi-script .cgi
|
||||
<IfModule mod_setenvif.c>
|
||||
BrowserMatch "Mozilla/2" nokeepalive
|
||||
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
|
||||
BrowserMatch "RealPlayer 4\.0" force-response-1.0
|
||||
BrowserMatch "Java/1\.0" force-response-1.0
|
||||
BrowserMatch "JDK/1\.0" force-response-1.0
|
||||
</IfModule>
|
||||
|
||||
###
|
||||
### SSL Configuration
|
||||
###
|
||||
AddType application/x-x509-ca-cert .crt
|
||||
AddType application/x-pkcs7-crl .crl
|
||||
|
||||
SSLPassPhraseDialog builtin
|
||||
SSLSessionCache dbm:/var/log/httpd/ssl_scache
|
||||
SSLSessionCacheTimeout 900
|
||||
SSLMutex file:/var/log/httpd/ssl_mutex
|
||||
SSLRandomSeed startup builtin
|
||||
SSLRandomSeed connect builtin
|
||||
SSLLog /var/log/httpd/ssl_engine_log
|
||||
SSLLogLevel info
|
||||
|
||||
<VirtualHost _default_:444>
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
|
||||
RewriteRule .* - [F]
|
||||
DocumentRoot /home/httpd/html
|
||||
ServerAdmin root@localhost
|
||||
ErrorLog /var/log/httpd/error_log
|
||||
TransferLog /var/log/httpd/access_log
|
||||
SSLEngine on
|
||||
SSLProtocol all -SSLv2
|
||||
SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
|
||||
SSLCertificateFile /etc/httpd/server.crt
|
||||
SSLCertificateKeyFile /etc/httpd/server.key
|
||||
<Files ~ "\.(cgi|shtml?)$">
|
||||
SSLOptions +StdEnvVars
|
||||
</Files>
|
||||
<Directory /home/httpd/cgi-bin>
|
||||
SSLOptions +StdEnvVars
|
||||
</Directory>
|
||||
SetEnv HOME /home/nobody
|
||||
SetEnvIf User-Agent ".*MSIE.*" \
|
||||
nokeepalive ssl-unclean-shutdown \
|
||||
downgrade-1.0 force-response-1.0
|
||||
CustomLog /var/log/httpd/ssl_request_log \
|
||||
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
||||
</VirtualHost>
|
||||
|
||||
<Directory /home/httpd/html/backup>
|
||||
Options None
|
||||
AllowOverride None
|
||||
AuthName "IPFire - Restricted"
|
||||
AuthType Basic
|
||||
AuthUserFile /var/ipfire/auth/users
|
||||
require user admin
|
||||
</Directory>
|
||||
|
||||
include /etc/httpd/conf/hostname.conf
|
||||
|
||||
Reference in New Issue
Block a user