# features.
#
<Directory />
- Options FollowSymLinks
- AllowOverride None
+ Options FollowSymLinks
+ AllowOverride None
<IfModule mod_authz_host.c>
Order deny,allow
Deny from all
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/home/services/httpd/html">
- #
- # Possible values for the Options directive are "None", "All",
- # or any combination of:
- # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
- #
- # Note that "MultiViews" must be named *explicitly* --- "Options All"
- # doesn't give it to you.
- #
- # The Options directive is both complicated and important. Please see
- # http://httpd.apache.org/docs/2.2/mod/core.html#options
- # for more information.
- #
- Options Indexes FollowSymLinks
+ #
+ # Possible values for the Options directive are "None", "All",
+ # or any combination of:
+ # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+ #
+ # Note that "MultiViews" must be named *explicitly* --- "Options All"
+ # doesn't give it to you.
+ #
+ # The Options directive is both complicated and important. Please see
+ # http://httpd.apache.org/docs/2.2/mod/core.html#options
+ # for more information.
+ #
+ Options Indexes FollowSymLinks
- #
- # AllowOverride controls what directives may be placed in .htaccess files.
- # It can be "All", "None", or any combination of the keywords:
- # Options FileInfo AuthConfig Limit
- #
- AllowOverride None
+ #
+ # AllowOverride controls what directives may be placed in .htaccess files.
+ # It can be "All", "None", or any combination of the keywords:
+ # Options FileInfo AuthConfig Limit
+ #
+ AllowOverride None
- #
- # Controls who can get stuff from this server.
- #
+ #
+ # Controls who can get stuff from this server.
+ #
<IfModule mod_authz_host.c>
Order allow,deny
Allow from all
# CGI directory exists, if you have that configured.
#
<Directory "/home/services/httpd/cgi-bin">
- AllowOverride None
- Options None
+ AllowOverride None
+ Options None
<IfModule mod_authz_host.c>
Order allow,deny
Allow from all
AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru))?(/.*)?$ "/home/services/httpd/manual$1"
<Directory "/home/services/httpd/manual">
- Options Indexes
- AllowOverride None
- Order allow,deny
- Allow from all
+ Options Indexes
+ AllowOverride None
+ Order allow,deny
+ Allow from all
- <Files *.html>
- SetHandler type-map
- </Files>
+ <Files *.html>
+ SetHandler type-map
+ </Files>
- SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br|ru)/ prefer-language=$1
- RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br|ru)){2,}(/.*)?$ /manual/$1$2
+ SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br|ru)/ prefer-language=$1
+ RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br|ru)){2,}(/.*)?$ /manual/$1$2
- LanguagePriority en de es fr ja ko pt-br ru
- ForceLanguagePriority Prefer Fallback
+ LanguagePriority en de es fr ja ko pt-br ru
+ ForceLanguagePriority Prefer Fallback
</Directory>
LoadModule alias_module modules/mod_alias.so
<IfModule alias_module>
- #
- # Redirect: Allows you to tell clients about documents that used to
- # exist in your server's namespace, but do not anymore. The client
- # will make a new request for the document at its new location.
- # Example:
- # Redirect permanent /foo http://www.example.com/bar
+ #
+ # Redirect: Allows you to tell clients about documents that used to
+ # exist in your server's namespace, but do not anymore. The client
+ # will make a new request for the document at its new location.
+ # Example:
+ # Redirect permanent /foo http://www.example.com/bar
- #
- # Alias: Maps web paths into filesystem paths and is used to
- # access content that does not live under the DocumentRoot.
- # Example:
- # Alias /webpath /full/filesystem/path
- #
- # If you include a trailing / on /webpath then the server will
- # require it to be present in the URL. You will also likely
- # need to provide a <Directory> section to allow access to
- # the filesystem path.
+ #
+ # Alias: Maps web paths into filesystem paths and is used to
+ # access content that does not live under the DocumentRoot.
+ # Example:
+ # Alias /webpath /full/filesystem/path
+ #
+ # If you include a trailing / on /webpath then the server will
+ # require it to be present in the URL. You will also likely
+ # need to provide a <Directory> section to allow access to
+ # the filesystem path.
- #
- # ScriptAlias: This controls which directories contain server scripts.
- # ScriptAliases are essentially the same as Aliases, except that
- # documents in the target directory are treated as applications and
- # run by the server when requested rather than as documents sent to the
- # client. The same rules about trailing "/" apply to ScriptAlias
- # directives as to Alias.
- #
- ScriptAlias /cgi-bin/ "/home/services/httpd/cgi-bin/"
+ #
+ # ScriptAlias: This controls which directories contain server scripts.
+ # ScriptAliases are essentially the same as Aliases, except that
+ # documents in the target directory are treated as applications and
+ # run by the server when requested rather than as documents sent to the
+ # client. The same rules about trailing "/" apply to ScriptAlias
+ # directives as to Alias.
+ #
+ ScriptAlias /cgi-bin/ "/home/services/httpd/cgi-bin/"
</IfModule>
# $Id$
-LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule autoindex_module modules/mod_autoindex.so
#
# Directives controlling the display of server-generated directory listings.
Alias /icons/ "/home/services/httpd/icons/"
<Directory "/home/services/httpd/icons">
- Options Indexes MultiViews
- AllowOverride None
+ Options Indexes MultiViews
+ AllowOverride None
<IfModule mod_authz_host.c>
- Order allow,deny
- Allow from all
- </IfModule>
+ Order allow,deny
+ Allow from all
+ </IfModule>
</Directory>
#
LoadModule cgid_module modules/mod_cgid.so
<IfModule cgid_module>
- #
- # ScriptSock: On threaded servers, designate the path to the UNIX
- # socket used to communicate with the CGI daemon of mod_cgid.
- #
- #Scriptsock /var/run/cgisock
+ #
+ # ScriptSock: On threaded servers, designate the path to the UNIX
+ # socket used to communicate with the CGI daemon of mod_cgid.
+ #
+ #Scriptsock /var/run/cgisock
</IfModule>
# $Id$
-LoadModule dav_module modules/mod_dav.so
-LoadModule dav_fs_module modules/mod_dav_fs.so
-LoadModule dav_lock_module modules/mod_dav_lock.so
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
+LoadModule dav_lock_module modules/mod_dav_lock.so
#
# Distributed authoring and versioning (WebDAV)
#
# Required modules: mod_dav, mod_dav_fs, mod_setenvif, mod_alias
-# mod_auth_digest, mod_authn_file
+# mod_auth_digest, mod_authn_file
#
<IfModule mod_dav.c>
Alias /uploads "/etc/httpd/httpd/uploads"
<Directory "/etc/httpd/httpd/uploads">
- Dav On
-
- AuthType Digest
- AuthName DAV-upload
- # You can use the htdigest program to create the password database:
- # htdigest -c "/etc/httpd/httpd/user.passwd" DAV-upload admin
- AuthUserFile "/etc/httpd/httpd/user.passwd"
-
- # Allow universal read-access, but writes are restricted
- # to the admin user.
- <LimitExcept GET OPTIONS>
- require user admin
- </LimitExcept>
+ Dav On
+
+ AuthType Digest
+ AuthName DAV-upload
+ # You can use the htdigest program to create the password database:
+ # htdigest -c "/etc/httpd/httpd/user.passwd" DAV-upload admin
+ AuthUserFile "/etc/httpd/httpd/user.passwd"
+
+ # Allow universal read-access, but writes are restricted
+ # to the admin user.
+ <LimitExcept GET OPTIONS>
+ require user admin
+ </LimitExcept>
</Directory>
#
# $Id$
-LoadModule deflate_module modules/mod_deflate.so
+LoadModule deflate_module modules/mod_deflate.so
SetOutputFilter DEFLATE
<IfModule mod_setenvif.c>
- # Netscape 4.x has some problems...
- BrowserMatch ^Mozilla/4 gzip-only-text/html
+ # Netscape 4.x has some problems...
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
- # Netscape 4.06-4.08 have some more problems
- BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ # Netscape 4.06-4.08 have some more problems
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
- # MSIE masquerades as Netscape, but it is fine
- BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+ # MSIE masquerades as Netscape, but it is fine
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
- SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
- SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
- SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar|iso)$ no-gzip dont-vary
+ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+ SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
+ SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar|iso)$ no-gzip dont-vary
</IfModule>
<IfModule mod_headers.c>
- # Make sure proxies don't deliver the wrong content
- Header append Vary User-Agent env=!dont-vary
+ # Make sure proxies don't deliver the wrong content
+ Header append Vary User-Agent env=!dont-vary
</IfModule>
# $Id$
-LoadModule dir_module modules/mod_dir.so
+LoadModule dir_module modules/mod_dir.so
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
# $Id$
-LoadModule info_module modules/mod_info.so
+LoadModule info_module modules/mod_info.so
# Get information about the requests being processed by the server
# and the configuration of the server.
# Change the ".example.com" to match your domain to enable.
#
<Location /server-info>
- SetHandler server-info
- Order deny,allow
- Deny from all
- Allow from 127.0.0.1
+ SetHandler server-info
+ Order deny,allow
+ Deny from all
+ Allow from 127.0.0.1
</Location>
</IfModule>
LoadModule mime_module modules/mod_mime.so
<IfModule mime_module>
- #
- # TypesConfig points to the file containing the list of mappings from
- # filename extension to MIME-type.
- #
+ #
+ # TypesConfig points to the file containing the list of mappings from
+ # filename extension to MIME-type.
+ #
TypesConfig /etc/mime.types
- #
- # AddType allows you to add to or override the MIME configuration
- # file specified in TypesConfig for specific file types.
- #
- #AddType application/x-gzip .tgz
- #
- # AddEncoding allows you to have certain browsers uncompress
- # information on the fly. Note: Not all browsers support this.
- #
- #AddEncoding x-compress .Z
- #AddEncoding x-gzip .gz .tgz
- #
- # If the AddEncoding directives above are commented-out, then you
- # probably should define those extensions to indicate media types:
- #
- AddType application/x-compress .Z
- AddType application/x-gzip .gz .tgz
+ #
+ # AddType allows you to add to or override the MIME configuration
+ # file specified in TypesConfig for specific file types.
+ #
+ #AddType application/x-gzip .tgz
+ #
+ # AddEncoding allows you to have certain browsers uncompress
+ # information on the fly. Note: Not all browsers support this.
+ #
+ #AddEncoding x-compress .Z
+ #AddEncoding x-gzip .gz .tgz
+ #
+ # If the AddEncoding directives above are commented-out, then you
+ # probably should define those extensions to indicate media types:
+ #
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
- #
- # AddHandler allows you to map certain file extensions to "handlers":
- # actions unrelated to filetype. These can be either built into the server
- # or added with the Action directive (see below)
- #
- # To use CGI scripts outside of ScriptAliased directories:
- # (You will also need to add "ExecCGI" to the "Options" directive.)
- #
- #AddHandler cgi-script .cgi
+ #
+ # AddHandler allows you to map certain file extensions to "handlers":
+ # actions unrelated to filetype. These can be either built into the server
+ # or added with the Action directive (see below)
+ #
+ # To use CGI scripts outside of ScriptAliased directories:
+ # (You will also need to add "ExecCGI" to the "Options" directive.)
+ #
+ #AddHandler cgi-script .cgi
- # For files that include their own HTTP headers:
- #AddHandler send-as-is asis
+ # For files that include their own HTTP headers:
+ #AddHandler send-as-is asis
- # For server-parsed imagemap files:
- #AddHandler imap-file map
+ # For server-parsed imagemap files:
+ #AddHandler imap-file map
- # For type maps (negotiated resources):
- #AddHandler type-map var
+ # For type maps (negotiated resources):
+ #AddHandler type-map var
- #
- # Filters allow you to process content before it is sent to the client.
- #
- # To parse .shtml files for server-side includes (SSI):
- # (You will also need to add "Includes" to the "Options" directive.)
- #
- #AddType text/html .shtml
- #AddOutputFilter INCLUDES .shtml
+ #
+ # Filters allow you to process content before it is sent to the client.
+ #
+ # To parse .shtml files for server-side includes (SSI):
+ # (You will also need to add "Includes" to the "Options" directive.)
+ #
+ #AddType text/html .shtml
+ #AddOutputFilter INCLUDES .shtml
</IfModule>
# $Id$
-LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_module modules/mod_proxy.so
# FIXME: enable or disable these by default?
# I'd enable if the config is secure. but i'm not sure
-#LoadModule proxy_connect_module modules/mod_proxy_connect.so
-#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
-#LoadModule proxy_http_module modules/mod_proxy_http.so
-#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
-#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+#LoadModule proxy_connect_module modules/mod_proxy_connect.so
+#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
+#LoadModule proxy_http_module modules/mod_proxy_http.so
+#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
+#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
# http://victim:25/ and sending raw data.
#
<Proxy *>
- Order deny,allow
- Deny from all
-# Allow from .your-domain.com
+ Order deny,allow
+ Deny from all
+# Allow from .your-domain.com
</Proxy>
#
# $Id$
-LoadModule ssl_module modules/mod_ssl.so
+LoadModule ssl_module modules/mod_ssl.so
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# standard HTTP port (see above) and to the HTTPS port
#
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
-# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
+# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
#
Listen 443
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
-AddType application/x-pkcs7-crl .crl
+AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
-#SSLSessionCache dbm:/var/run/ssl_scache
-SSLSessionCache shmcb:/var/run/ssl_scache(512000)
+#SSLSessionCache dbm:/var/run/ssl_scache
+SSLSessionCache shmcb:/var/run/ssl_scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
-# to point to the certificate files. Use the provided
-# Makefile to update the hash symlinks after changes.
+# to point to the certificate files. Use the provided
+# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/httpd/ssl
#SSLCACertificateFile /etc/httpd/ssl/ca-bundle.crt
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
-# to point to the certificate files. Use the provided
-# Makefile to update the hash symlinks after changes.
+# to point to the certificate files. Use the provided
+# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/httpd/ssl
#SSLCARevocationFile /etc/httpd/ssl/ca-bundle.crl
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
-#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
-# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
-# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
-# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
-# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
-# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
-# Translate the client X.509 into a Basic Authorisation. This means that
-# the standard Auth/DBMAuth methods can be used for access control. The
-# user name is the `one line' version of the client's X.509 certificate.
-# Note that no password is obtained from the user. Every entry in the user
-# file needs this password: `xxj31ZMTZzkVA'.
+# Translate the client X.509 into a Basic Authorisation. This means that
+# the standard Auth/DBMAuth methods can be used for access control. The
+# user name is the `one line' version of the client's X.509 certificate.
+# Note that no password is obtained from the user. Every entry in the user
+# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
-# This exports two additional environment variables: SSL_CLIENT_CERT and
-# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
-# server (always existing) and the client (only existing when client
-# authentication is used). This can be used to import the certificates
-# into CGI scripts.
+# This exports two additional environment variables: SSL_CLIENT_CERT and
+# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+# server (always existing) and the client (only existing when client
+# authentication is used). This can be used to import the certificates
+# into CGI scripts.
# o StdEnvVars:
-# This exports the standard SSL/TLS related `SSL_*' environment variables.
-# Per default this exportation is switched off for performance reasons,
-# because the extraction step is an expensive operation and is usually
-# useless for serving static content. So one usually enables the
-# exportation for CGI and SSI requests only.
+# This exports the standard SSL/TLS related `SSL_*' environment variables.
+# Per default this exportation is switched off for performance reasons,
+# because the extraction step is an expensive operation and is usually
+# useless for serving static content. So one usually enables the
+# exportation for CGI and SSI requests only.
# o StrictRequire:
-# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
-# under a "Satisfy any" situation, i.e. when it applies access is denied
-# and no other module can change it.
+# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+# under a "Satisfy any" situation, i.e. when it applies access is denied
+# and no other module can change it.
# o OptRenegotiate:
-# This enables optimized SSL connection renegotiation handling when SSL
-# directives are used in per-directory context.
+# This enables optimized SSL connection renegotiation handling when SSL
+# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
- SSLOptions +StdEnvVars
+ SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/home/services/httpd/cgi-bin">
- SSLOptions +StdEnvVars
+ SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
-# This forces an unclean shutdown when the connection is closed, i.e. no
-# SSL close notify alert is send or allowed to received. This violates
-# the SSL/TLS standard but is needed for some brain-dead browsers. Use
-# this when you receive I/O errors because of the standard approach where
-# mod_ssl sends the close notify alert.
+# This forces an unclean shutdown when the connection is closed, i.e. no
+# SSL close notify alert is send or allowed to received. This violates
+# the SSL/TLS standard but is needed for some brain-dead browsers. Use
+# this when you receive I/O errors because of the standard approach where
+# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
-# This forces an accurate shutdown when the connection is closed, i.e. a
-# SSL close notify alert is send and mod_ssl waits for the close notify
-# alert of the client. This is 100% SSL/TLS standard compliant, but in
-# practice often causes hanging connections with brain-dead browsers. Use
-# this only for browsers where you know that their SSL implementation
-# works correctly.
+# This forces an accurate shutdown when the connection is closed, i.e. a
+# SSL close notify alert is send and mod_ssl waits for the close notify
+# alert of the client. This is 100% SSL/TLS standard compliant, but in
+# practice often causes hanging connections with brain-dead browsers. Use
+# this only for browsers where you know that their SSL implementation
+# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch ".*MSIE.*" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
-CustomLog logs/ssl_request_log \
- "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
# $Id$
-LoadModule ssl_module modules/mod_ssl.so
+LoadModule ssl_module modules/mod_ssl.so
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# standard HTTP port (see above) and to the HTTPS port
#
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
-# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
+# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
#
Listen 443
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
-AddType application/x-pkcs7-crl .crl
+AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
-#SSLSessionCache dbm:/var/run/ssl_scache
-SSLSessionCache shmcb:/var/run/ssl_scache(512000)
+#SSLSessionCache dbm:/var/run/ssl_scache
+SSLSessionCache shmcb:/var/run/ssl_scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
-# to point to the certificate files. Use the provided
-# Makefile to update the hash symlinks after changes.
+# to point to the certificate files. Use the provided
+# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/httpd/ssl
#SSLCACertificateFile /etc/httpd/ssl/ca-bundle.crt
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
-# to point to the certificate files. Use the provided
-# Makefile to update the hash symlinks after changes.
+# to point to the certificate files. Use the provided
+# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/httpd/ssl
#SSLCARevocationFile /etc/httpd/ssl/ca-bundle.crl
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
-#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
-# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
-# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
-# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
-# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
-# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
-# Translate the client X.509 into a Basic Authorisation. This means that
-# the standard Auth/DBMAuth methods can be used for access control. The
-# user name is the `one line' version of the client's X.509 certificate.
-# Note that no password is obtained from the user. Every entry in the user
-# file needs this password: `xxj31ZMTZzkVA'.
+# Translate the client X.509 into a Basic Authorisation. This means that
+# the standard Auth/DBMAuth methods can be used for access control. The
+# user name is the `one line' version of the client's X.509 certificate.
+# Note that no password is obtained from the user. Every entry in the user
+# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
-# This exports two additional environment variables: SSL_CLIENT_CERT and
-# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
-# server (always existing) and the client (only existing when client
-# authentication is used). This can be used to import the certificates
-# into CGI scripts.
+# This exports two additional environment variables: SSL_CLIENT_CERT and
+# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+# server (always existing) and the client (only existing when client
+# authentication is used). This can be used to import the certificates
+# into CGI scripts.
# o StdEnvVars:
-# This exports the standard SSL/TLS related `SSL_*' environment variables.
-# Per default this exportation is switched off for performance reasons,
-# because the extraction step is an expensive operation and is usually
-# useless for serving static content. So one usually enables the
-# exportation for CGI and SSI requests only.
+# This exports the standard SSL/TLS related `SSL_*' environment variables.
+# Per default this exportation is switched off for performance reasons,
+# because the extraction step is an expensive operation and is usually
+# useless for serving static content. So one usually enables the
+# exportation for CGI and SSI requests only.
# o StrictRequire:
-# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
-# under a "Satisfy any" situation, i.e. when it applies access is denied
-# and no other module can change it.
+# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+# under a "Satisfy any" situation, i.e. when it applies access is denied
+# and no other module can change it.
# o OptRenegotiate:
-# This enables optimized SSL connection renegotiation handling when SSL
-# directives are used in per-directory context.
+# This enables optimized SSL connection renegotiation handling when SSL
+# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
- SSLOptions +StdEnvVars
+ SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/home/services/httpd/cgi-bin">
- SSLOptions +StdEnvVars
+ SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
-# This forces an unclean shutdown when the connection is closed, i.e. no
-# SSL close notify alert is send or allowed to received. This violates
-# the SSL/TLS standard but is needed for some brain-dead browsers. Use
-# this when you receive I/O errors because of the standard approach where
-# mod_ssl sends the close notify alert.
+# This forces an unclean shutdown when the connection is closed, i.e. no
+# SSL close notify alert is send or allowed to received. This violates
+# the SSL/TLS standard but is needed for some brain-dead browsers. Use
+# this when you receive I/O errors because of the standard approach where
+# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
-# This forces an accurate shutdown when the connection is closed, i.e. a
-# SSL close notify alert is send and mod_ssl waits for the close notify
-# alert of the client. This is 100% SSL/TLS standard compliant, but in
-# practice often causes hanging connections with brain-dead browsers. Use
-# this only for browsers where you know that their SSL implementation
-# works correctly.
+# This forces an accurate shutdown when the connection is closed, i.e. a
+# SSL close notify alert is send and mod_ssl waits for the close notify
+# alert of the client. This is 100% SSL/TLS standard compliant, but in
+# practice often causes hanging connections with brain-dead browsers. Use
+# this only for browsers where you know that their SSL implementation
+# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch ".*MSIE.*" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
-CustomLog logs/ssl_request_log \
- "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
# $Id$
-LoadModule status_module modules/mod_status.so
+LoadModule status_module modules/mod_status.so
#
# Get information about the requests being processed by the server
# Change the ".example.com" to match your domain to enable.
<Location /server-status>
- SetHandler server-status
- Order deny,allow
- Deny from all
- Allow from 127.0.0.1
+ SetHandler server-status
+ Order deny,allow
+ Deny from all
+ Allow from 127.0.0.1
</Location>
#
# $Id$
-LoadModule suexec_module modules/mod_suexec.so
+LoadModule suexec_module modules/mod_suexec.so
# $Id$
-LoadModule userdir_module modules/mod_userdir.so
+LoadModule userdir_module modules/mod_userdir.so
# Settings for user home directories
#
# for a site where these directories are restricted to read-only.
#
<Directory /home/*/public_html>
- AllowOverride FileInfo AuthConfig Limit Indexes
- Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
- <Limit GET POST OPTIONS>
- Order allow,deny
- Allow from all
- </Limit>
- <LimitExcept GET POST OPTIONS>
- Order deny,allow
- Deny from all
- </LimitExcept>
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ <Limit GET POST OPTIONS>
+ Order allow,deny
+ Allow from all
+ </Limit>
+ <LimitExcept GET POST OPTIONS>
+ Order deny,allow
+ Deny from all
+ </LimitExcept>
</Directory>
</IfModule>
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
- StartServers 5
- MinSpareServers 5
- MaxSpareServers 10
- MaxClients 150
- MaxRequestsPerChild 0
+ StartServers 5
+ MinSpareServers 5
+ MaxSpareServers 10
+ MaxClients 150
+ MaxRequestsPerChild 0
</IfModule>
# worker MPM
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
- StartServers 2
- MaxClients 150
- MinSpareThreads 25
- MaxSpareThreads 75
- ThreadsPerChild 25
- MaxRequestsPerChild 0
+ StartServers 2
+ MaxClients 150
+ MinSpareThreads 25
+ MaxSpareThreads 75
+ ThreadsPerChild 25
+ MaxRequestsPerChild 0
</IfModule>
Alias /error/ "/home/services/httpd/error/"
<Directory "/home/services/httpd/error">
- AllowOverride None
- Options IncludesNoExec
- AddOutputFilter Includes html
- AddHandler type-map var
+ AllowOverride None
+ Options IncludesNoExec
+ AddOutputFilter Includes html
+ AddHandler type-map var
Order allow,deny
Allow from all
- LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
- ForceLanguagePriority Prefer Fallback
+ LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
+ ForceLanguagePriority Prefer Fallback
</Directory>
ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var