-# $Id$
#
# This config provides two kinds of configuration, for url based ("/eventum")
# and vhost based ("http://eventum.example.org").
#
# To use one of the configurations uncomment the other.
-# running as alias, part 1
-#alias.url += (
-# "/eventum" => "/usr/share/eventum/htdocs",
-#)
+# To redirect all http requests to https server:
+#$SERVER["socket"] == ":80" {
+# $HTTP["host"] == "eventum.example.org" {
+# server.name = "eventum.example.org"
+# url.redirect = ( "^/(.*)" => "https://eventum.example.org/$1" )
+# }
+#}
+
+# HTTP Strict Transport Security (HSTS) headers on https addresses
+#$SERVER["socket"] == ":443" {
+# # HSTS (mod_setenv is required) (15768000 seconds = 6 months)
+# setenv.add-response-header += ( "Strict-Transport-Security" => "max-age=15768000" )
#}
+# running as alias, part 1
+alias.url += (
+ "/eventum" => "/usr/share/eventum/htdocs",
+)
+
# running as separate vhost, part 1
-$HTTP["host"] == "eventum.delfi.lan" {
- server.document-root = "/usr/share/eventum/htdocs",
-}
+#$HTTP["host"] == "eventum.example.org" {
+# server.document-root = "/usr/share/eventum/htdocs",
+#}
# running as alias, part 2
-#$HTTP["url"] =~ "/eventum/" {
+$HTTP["url"] =~ "^/eventum/" {
# running as separate vhost, part 2
-$HTTP["host"] == "eventum.delfi.lan" {
-
- # Make whole eventum password protected
- auth.backend = "htpasswd"
- auth.backend.htpasswd.userfile = "/etc/webapps/eventum/htpasswd"
-
- # rss has it's own authorization
- $HTTP["url"] !~ "/rss\.php$" {
- auth.require += (
- "/" => (
- "method" => "basic",
- "realm" => "Eventum",
- "require" => "valid-user"
- )
- )
- }
+#$HTTP["host"] == "eventum.example.org" {
+
+# # Make whole eventum password protected
+# auth.backend = "htpasswd"
+# auth.backend.htpasswd.userfile = "/etc/webapps/eventum/htpasswd"
+#
+# # rss has it's own authorization
+# $HTTP["url"] !~ "/rss\.php$" {
+# auth.require += (
+# "/" => (
+# "method" => "basic",
+# "realm" => "Eventum",
+# "require" => "valid-user"
+# )
+# )
+# }
- # for SCM integration
- # Set here IP of host running CVS
+ # SCM integration. Set here IP of host running CVS, SVN, Git
$HTTP["remoteip"] != "127.0.0.1" {
$HTTP["url"] =~ "/scm_ping\.php$" {
url.access-deny = ( "" )
}
}
+ # IP Restrict XMLRPC
+ $HTTP["url"] =~ "/rpc/xmlrpc.php" {
+ $HTTP["remoteip"] !~ "127.0.0.1" {
+ url.access-deny = ( "" )
+ }
+ }
}
# vim:ts=4