source: branches/fc20-dev/server/fedora/config/etc/httpd/conf/httpd.conf

Last change on this file was 2585, checked in by glasgall, 10 years ago
Globally enable the legacy expression parser for SSI, because the new one didn't even exist until 2.4
File size: 13.3 KB
RevLine 
[39]1ServerRoot /etc/httpd
2PidFile run/httpd.pid
[1164]3Timeout 300
[231]4KeepAlive On
[39]5MaxKeepAliveRequests 1000
[734]6KeepAliveTimeout 15
[39]7
[2528]8LoadModule mpm_worker_module modules/mod_mpm_worker.so
9
[708]10<IfModule mpm_prefork_module>
11    MinSpareServers 5
[759]12    MaxSpareServers 50
[708]13    StartServers 8
[759]14    ServerLimit 512
15    MaxClients 512
[831]16    MaxRequestsPerChild 10000
[708]17</IfModule>
18
19<IfModule mpm_worker_module>
20    StartServers 3
21    MinSpareThreads 75
22    MaxSpareThreads 250
[972]23    ServerLimit 64
[759]24    ThreadsPerChild 32
25    MaxClients 1024
[831]26    MaxRequestsPerChild 10000
[708]27</IfModule>
28
[972]29<IfModule mpm_event_module>
30    StartServers 3
31    MinSpareThreads 75
32    MaxSpareThreads 250
33    ServerLimit 64
34    ThreadsPerChild 32
35    MaxClients 2048
36    MaxRequestsPerChild 10000
37</IfModule>
38
[2528]39# This file configures systemd module:
40LoadModule systemd_module modules/mod_systemd.so
41
[2536]42# Enable .htaccess files to use the legacy Order By syntax
43LoadModule access_compat_module modules/mod_access_compat.so
44
[39]45LoadModule auth_basic_module modules/mod_auth_basic.so
46LoadModule auth_digest_module modules/mod_auth_digest.so
[2528]47LoadModule authn_core_module modules/mod_authn_core.so
[39]48LoadModule authn_file_module modules/mod_authn_file.so
49LoadModule authn_anon_module modules/mod_authn_anon.so
50#LoadModule authn_dbm_module modules/mod_authn_dbm.so
[2528]51LoadModule authz_core_module modules/mod_authz_core.so
[39]52LoadModule authz_host_module modules/mod_authz_host.so
53LoadModule authz_user_module modules/mod_authz_user.so
54LoadModule authz_owner_module modules/mod_authz_owner.so
55LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
56#LoadModule authz_dbm_module modules/mod_authz_dbm.so
[478]57LoadModule ldap_module modules/mod_ldap.so
[39]58#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
59LoadModule include_module modules/mod_include.so
60LoadModule log_config_module modules/mod_log_config.so
61#LoadModule logio_module modules/mod_logio.so
62LoadModule env_module modules/mod_env.so
63LoadModule ext_filter_module modules/mod_ext_filter.so
64#LoadModule mime_magic_module modules/mod_mime_magic.so
[635]65LoadModule expires_module modules/mod_expires.so
[1454]66LoadModule deflate_module modules/mod_deflate.so
[365]67LoadModule headers_module modules/mod_headers.so
[39]68#LoadModule usertrack_module modules/mod_usertrack.so
69LoadModule setenvif_module modules/mod_setenvif.so
70LoadModule mime_module modules/mod_mime.so
71#LoadModule dav_module modules/mod_dav.so
[972]72LoadModule status_module modules/mod_status.so
[39]73LoadModule autoindex_module modules/mod_autoindex.so
74#LoadModule info_module modules/mod_info.so
75#LoadModule dav_fs_module modules/mod_dav_fs.so
76#LoadModule vhost_alias_module modules/mod_vhost_alias.so
[520]77LoadModule negotiation_module modules/mod_negotiation.so
[39]78LoadModule dir_module modules/mod_dir.so
79LoadModule actions_module modules/mod_actions.so
80#LoadModule speling_module modules/mod_speling.so
81LoadModule userdir_module modules/mod_userdir.so
82LoadModule alias_module modules/mod_alias.so
83LoadModule rewrite_module modules/mod_rewrite.so
[1089]84LoadModule proxy_module modules/mod_proxy.so
85LoadModule proxy_http_module modules/mod_proxy_http.so
[39]86#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
87#LoadModule proxy_connect_module modules/mod_proxy_connect.so
88#LoadModule cache_module modules/mod_cache.so
89LoadModule suexec_module modules/mod_suexec.so
90#LoadModule disk_cache_module modules/mod_disk_cache.so
91#LoadModule file_cache_module modules/mod_file_cache.so
92#LoadModule mem_cache_module modules/mod_mem_cache.so
93LoadModule cgi_module modules/mod_cgi.so
94LoadModule ssl_module modules/mod_ssl.so
[2528]95LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
[478]96LoadModule vhost_ldap_module modules/mod_vhost_ldap.so
[2528]97LoadModule unixd_module modules/mod_unixd.so
[39]98
99User apache
100Group apache
101
102#ErrorDocument  403  /403-404.html
103#ErrorDocument  404  /403-404.html
104#ErrorDocument  500  /script_error.html
105
[247]106UserDir disabled
[39]107
108<Directory />
[642]109    AllowOverride None
[39]110    Options FollowSymLinks IncludesNoExec
[2585]111    # The new syntax wasn't added until 2.4,
112    # so there's simply no way any deployed sites
113    # are already using the new syntax.
114    <IfModule include_module>
115        SSILegacyExprParser on
116    </IfModule>
[39]117</Directory>
118
[642]119<Directory /afs/*/*/web_scripts>
120    AllowOverride All
121</Directory>
122<Directory /afs/*/*/*/web_scripts>
123    AllowOverride All
124</Directory>
125<Directory /afs/*/*/*/*/web_scripts>
126    AllowOverride All
127</Directory>
128<Directory /afs/*/*/*/*/*/web_scripts>
129    AllowOverride All
130</Directory>
131<Directory /afs/*/*/*/*/*/*/web_scripts>
132    AllowOverride All
133</Directory>
134<Directory /afs/*/*/*/*/*/*/*/web_scripts>
135    AllowOverride All
136</Directory>
137<Directory /afs/*/*/*/*/*/*/*/*/web_scripts>
138    AllowOverride All
139</Directory>
140
[39]141<IfModule mod_dir.c>
[1412]142    DirectoryIndex index index.html index.htm index.cgi index.pl index.php index.py index.shtml index.exe index.fcgi
[39]143</IfModule>
144
145AccessFileName .htaccess
146
147<Files ~ "^\.ht">
[2528]148    Require all denied
[39]149</Files>
150
151UseCanonicalName Off
152TypesConfig /etc/mime.types
153#MIMEMagicFile conf/magic
154
155HostnameLookups Off
[149]156ErrorLog "/home/logview/error_log"
[39]157LogLevel warn
158LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
159LogFormat "%h %l %u %t \"%r\" %>s %b" common
[1316]160LogFormat "%a %V %U" statistics
[39]161#CustomLog /var/log/httpd/access_log combined
[1341]162#CustomLog "|/etc/httpd/statistics_log_mitonly.sh" statistics
[39]163ServerSignature Off
164ServerAdmin scripts@mit.edu
165ServerTokens Prod
[2270]166Header add Scripts-IP "%{SERVER_ADDR}e"
[39]167
[257]168<IfModule mod_autoindex.c>
[2536]169    Alias /__scripts/icons /usr/share/httpd/icons/
170    <Directory /usr/share/httpd/icons/>
[802]171        Options Indexes
[257]172        AllowOverride None
173        <Files ~ "\.(gif|png)$">
174            SetHandler default-handler
175        </Files>
176    </Directory>
[39]177
178    IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
179
[602]180    AddIconByEncoding (CMP,/__scripts/icons/compressed.gif) x-compress x-gzip
[39]181
[602]182    AddIconByType (TXT,/__scripts/icons/text.gif) text/*
183    AddIconByType (IMG,/__scripts/icons/image2.gif) image/*
184    AddIconByType (SND,/__scripts/icons/sound2.gif) audio/*
185    AddIconByType (VID,/__scripts/icons/movie.gif) video/*
[39]186
[602]187    AddIcon /__scripts/icons/binary.gif .bin .exe
188    AddIcon /__scripts/icons/binhex.gif .hqx
189    AddIcon /__scripts/icons/tar.gif .tar
190    AddIcon /__scripts/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
191    AddIcon /__scripts/icons/compressed.gif .Z .z .tgz .gz .zip
192    AddIcon /__scripts/icons/a.gif .ps .ai .eps
193    AddIcon /__scripts/icons/layout.gif .html .shtml .htm .pdf
194    AddIcon /__scripts/icons/text.gif .txt
195    AddIcon /__scripts/icons/c.gif .c
196    AddIcon /__scripts/icons/p.gif .pl .py
197    AddIcon /__scripts/icons/f.gif .for
198    AddIcon /__scripts/icons/dvi.gif .dvi
199    AddIcon /__scripts/icons/uuencoded.gif .uu
200    AddIcon /__scripts/icons/script.gif .conf .sh .shar .csh .ksh .tcl
201    AddIcon /__scripts/icons/tex.gif .tex
202    AddIcon /__scripts/icons/bomb.gif core
[39]203
[602]204    AddIcon /__scripts/icons/back.gif ..
205    AddIcon /__scripts/icons/hand.right.gif README
206    AddIcon /__scripts/icons/folder.gif ^^DIRECTORY^^
207    AddIcon /__scripts/icons/blank.gif ^^BLANKICON^^
[39]208
[602]209    DefaultIcon /__scripts/icons/unknown.gif
[39]210
211    ReadmeName README
212    HeaderName HEADER
213   
[477]214    IndexIgnore .??* *~ *# RCS CVS *,v *,t
[39]215</IfModule>
216
217<IfModule mod_mime.c>
[257]218    AddType application/xhtml+xml         .xhtml
219    AddType application/http-index-format .hti
220    AddType text/html                     .html
221    AddType text/css                      .css
222    AddType text/xsl                      .xslt
223    AddType application/x-javascript      .js
224    AddType application/xml               .xml
225    AddType image/svg+xml                 .svg
226    AddType application/vnd.mozilla.xul+xml .xul
227    AddType application/rdf+xml             .rdf
228    AddType application/x-xpinstall         .xpi
229    AddType text/xml .xsl
230    AddType text/html .shtml
231    AddHandler server-parsed .shtml
[39]232
233    AddEncoding x-compress Z
234    AddEncoding x-gzip gz tgz
235
236    AddLanguage da .dk
237    AddLanguage nl .nl
238    AddLanguage en .en
239    AddLanguage et .ee
240    AddLanguage fr .fr
241    AddLanguage de .de
242    AddLanguage el .el
243    AddLanguage it .it
244    AddLanguage ja .ja
245    AddCharset ISO-2022-JP .jis
246    AddLanguage pl .po
247    AddCharset ISO-8859-2 .iso-pl
248    AddLanguage pt .pt
249    AddLanguage pt-br .pt-br
250    AddLanguage ltz .lu
251    AddLanguage ca .ca
252    AddLanguage es .es
253    AddLanguage sv .se
254    AddLanguage cz .cz
255
256    <IfModule mod_negotiation.c>
257        LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv
258    </IfModule>
259
260    AddType application/x-tar .tgz
261    AddType image/bmp .bmp
262
263    AddType text/x-hdml .hdml
264</IfModule>
265
266<IfModule mod_setenvif.c>
267    BrowserMatch "Mozilla/2" nokeepalive
268    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
269    BrowserMatch "RealPlayer 4\.0" force-response-1.0
270    BrowserMatch "Java/1\.0" force-response-1.0
271    BrowserMatch "JDK/1\.0" force-response-1.0
272    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
273</IfModule>
274
275Listen 80
276
[1032]277RLimitCPU 300 300
[1772]278RLimitMEM 1610612736 1610612736
[972]279RLimitNPROC 4096 4096
[39]280
281ServerName localhost
282DocumentRoot /afs/athena.mit.edu/contrib/scripts/www
[151]283
[972]284ExtendedStatus On
[151]285RewriteEngine Off
286
[1089]287ProxyRequests Off
288
[330]289<Location /robots.txt>
290    ErrorDocument 404 "No robots.txt.
[151]291</Location>
[330]292<Location /favicon.ico>
293    ErrorDocument 404 "No favicon.ico.
294</Location>
[151]295
296<VirtualHost 18.181.0.50:80>
[257]297    ServerName scripts-cert.mit.edu
298    ServerAlias scripts-cert
[330]299    Include conf.d/scripts-vhost.conf
[257]300    Include conf.d/vhosts-common.conf
[151]301</VirtualHost>
302
[454]303# LDAP vhost, w00t w00t
[478]304<VirtualHost *:80>
305    Include conf.d/vhost_ldap.conf
306    Include conf.d/vhosts-common.conf
307</VirtualHost>
[454]308
[151]309<VirtualHost *:80>
[332]310    Include conf.d/scripts-vhost-names.conf
[330]311    Include conf.d/scripts-vhost.conf
[257]312    Include conf.d/vhosts-common.conf
[151]313</VirtualHost>
314
[244]315<IfModule ssl_module>
[257]316    Listen 443
[332]317    Listen 444
[233]318
[257]319    AddType application/x-x509-ca-cert .crt
320    AddType application/x-pkcs7-crl    .crl
[233]321
[1540]322    # This directive allows insecure renegotiations to succeed for browsers
323    # that do not yet support RFC 5746.  It should be removed when enough
324    # of the world has caught up.
325    SSLInsecureRenegotiation on
326
[2321]327    # Temporary fix for presumed CRIME attack against SSL
328    SSLCompression off
329
[257]330    SSLPassPhraseDialog  builtin
[740]331    SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
[734]332    SSLSessionCacheTimeout 28800
[740]333    SSLRandomSeed startup file:/dev/urandom 256
[257]334    SSLRandomSeed connect builtin
[740]335    SSLCryptoDevice builtin
[257]336    SSLCACertificateFile /etc/pki/tls/certs/ca.pem
337    SSLVerifyClient none
338    SSLOptions +StdEnvVars
[740]339    SSLProtocol all -SSLv2
[2528]340    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
[332]341    <VirtualHost 18.181.0.50:443 18.181.0.50:444>
[257]342        ServerName scripts-cert.mit.edu
343        ServerAlias scripts-cert
[330]344        Include conf.d/scripts-vhost.conf
[257]345        Include conf.d/vhosts-common-ssl.conf
[369]346        SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
[1887]347        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[270]348        Include conf.d/vhosts-common-ssl-cert.conf
[257]349    </VirtualHost>
[973]350    <VirtualHost 18.181.0.43:443>
351        Include conf.d/scripts-vhost-names.conf
352        Include conf.d/scripts-vhost.conf
353        Include conf.d/vhosts-common-ssl.conf
354        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[1867]355        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[973]356    </VirtualHost>
357    <VirtualHost 18.181.0.43:444>
358        Include conf.d/scripts-vhost-names.conf
359        Include conf.d/scripts-vhost.conf
360        Include conf.d/vhosts-common-ssl.conf
361        Include conf.d/vhosts-common-ssl-cert.conf
362        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[1867]363        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[973]364    </VirtualHost>
[478]365    # LDAP vhost, w00t w00t
[257]366    <VirtualHost *:443>
[648]367        ServerName localhost
[2541]368        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
369        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[478]370        Include conf.d/vhost_ldap.conf
371        Include conf.d/vhosts-common-ssl.conf
372    </VirtualHost>
[1086]373    # LDAP vhost, w00t w00t
374    <VirtualHost *:444>
375        ServerName localhost
[2541]376        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
377        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[1086]378        Include conf.d/vhost_ldap.conf
379        Include conf.d/vhosts-common-ssl.conf
380        Include conf.d/vhosts-common-ssl-cert.conf
381    </VirtualHost>
[1082]382</IfModule>
383Include vhosts.d/*.conf
384<IfModule ssl_module>
[478]385    <VirtualHost *:443>
[2541]386        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[2531]387        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[332]388        Include conf.d/scripts-vhost-names.conf
[330]389        Include conf.d/scripts-vhost.conf
[257]390        Include conf.d/vhosts-common-ssl.conf
391    </VirtualHost>
[332]392    <VirtualHost *:444>
[2541]393        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[2531]394        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[332]395        Include conf.d/scripts-vhost-names.conf
396        Include conf.d/scripts-vhost.conf
397        Include conf.d/vhosts-common-ssl.conf
398        Include conf.d/vhosts-common-ssl-cert.conf
399    </VirtualHost>
[151]400</IfModule>
401
402LoadModule fcgid_module modules/mod_fcgid.so
403AddHandler fcgid-script fcgi
404<Files *.fcgi>
405        Options +ExecCGI
406</Files>
[1482]407SocketPath /var/run/mod_fcgid
408SharememPath /var/run/mod_fcgid/fcgid_shm
[1016]409IPCCommTimeout 300
[1732]410FcgidMaxRequestLen 209715200
[2020]411FcgidIdleTimeout 600
412FcgidMaxProcessesPerClass 10
413FcgidMinProcessesPerClass 0
414FcgidMaxRequestsPerProcess 10000
[151]415
[70]416Include conf.d/auth_sslcert.conf
[40]417Include conf.d/execsys.conf
[603]418Include conf.d/scripts-special.conf
Note: See TracBrowser for help on using the repository browser.