webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 03:07:43 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
0cabaf35c2435a653928e46ddcfba5da3fc3e215
bpfire/config/httpd/vhosts.d/ipfire-interface-ssl.conf
Peter Müller 0cabaf35c2 prevent IE from interpreting HTML MIME type 
Add X-Content-Type-Options header to prevent Internet Explorer
from interpreting the MIME type of a server answer on its own,
which could lead to security risks.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2017-12-16 12:16:12 +00:00

97 lines
3.0 KiB
Plaintext
Raw Blame History

<VirtualHost *:444>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]
DocumentRoot /srv/web/ipfire/html
ServerAdmin root@localhost
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLCertificateFile /etc/httpd/server.crt
SSLCertificateKeyFile /etc/httpd/server.key
SSLCertificateFile /etc/httpd/server-ecdsa.crt
SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
Header always set X-Content-Type-Options nosniff
<Directory /srv/web/ipfire/html>
Options ExecCGI
AllowOverride None
Require all granted
</Directory>
<DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
AuthName "IPFire - Restricted"
AuthType Basic
AuthUserFile /var/ipfire/auth/users
<RequireAll>
Require user admin
Require ssl
</RequireAll>
</DirectoryMatch>
ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
<Directory /srv/web/ipfire/cgi-bin>
AllowOverride None
Options ExecCGI
AuthName "IPFire - Restricted"
AuthType Basic
AuthUserFile /var/ipfire/auth/users
<RequireAll>
Require user admin
Require ssl
</RequireAll>
<Files chpasswd.cgi>
Require all granted
</Files>
<Files webaccess.cgi>
Require all granted
</Files>
</Directory>
<Files ~ "\.(cgi|shtml?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /srv/web/ipfire/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
SetEnv HOME /home/nobody
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Alias /updatecache/ /var/updatecache/
<Directory /var/updatecache>
Options ExecCGI
AllowOverride None
Require all granted
</Directory>
Alias /repository/ /var/urlrepo/
<Directory /var/urlrepo>
Options ExecCGI
AllowOverride None
Require all granted
</Directory>
Alias /proxy-reports/ /var/log/sarg/
<Directory /var/log/sarg>
AllowOverride None
Options None
AuthName "IPFire - Restricted"
AuthType Basic
AuthUserFile /var/ipfire/auth/users
<RequireAll>
Require user admin
Require ssl
</RequireAll>
</Directory>
</VirtualHost>
Reference in New Issue View Git Blame Copy Permalink