source: branches/fc20-dev/server/fedora/config/etc/httpd/conf/httpd.conf @ 2585

Last change on this file since 2585 was 2585, checked in by glasgall, 8 years ago
Globally enable the legacy expression parser for SSI, because the new one didn't even exist until 2.4
File size: 13.3 KB
Line 
1ServerRoot /etc/httpd
2PidFile run/httpd.pid
3Timeout 300
4KeepAlive On
5MaxKeepAliveRequests 1000
6KeepAliveTimeout 15
7
8LoadModule mpm_worker_module modules/mod_mpm_worker.so
9
10<IfModule mpm_prefork_module>
11    MinSpareServers 5
12    MaxSpareServers 50
13    StartServers 8
14    ServerLimit 512
15    MaxClients 512
16    MaxRequestsPerChild 10000
17</IfModule>
18
19<IfModule mpm_worker_module>
20    StartServers 3
21    MinSpareThreads 75
22    MaxSpareThreads 250
23    ServerLimit 64
24    ThreadsPerChild 32
25    MaxClients 1024
26    MaxRequestsPerChild 10000
27</IfModule>
28
29<IfModule mpm_event_module>
30    StartServers 3
31    MinSpareThreads 75
32    MaxSpareThreads 250
33    ServerLimit 64
34    ThreadsPerChild 32
35    MaxClients 2048
36    MaxRequestsPerChild 10000
37</IfModule>
38
39# This file configures systemd module:
40LoadModule systemd_module modules/mod_systemd.so
41
42# Enable .htaccess files to use the legacy Order By syntax
43LoadModule access_compat_module modules/mod_access_compat.so
44
45LoadModule auth_basic_module modules/mod_auth_basic.so
46LoadModule auth_digest_module modules/mod_auth_digest.so
47LoadModule authn_core_module modules/mod_authn_core.so
48LoadModule authn_file_module modules/mod_authn_file.so
49LoadModule authn_anon_module modules/mod_authn_anon.so
50#LoadModule authn_dbm_module modules/mod_authn_dbm.so
51LoadModule authz_core_module modules/mod_authz_core.so
52LoadModule authz_host_module modules/mod_authz_host.so
53LoadModule authz_user_module modules/mod_authz_user.so
54LoadModule authz_owner_module modules/mod_authz_owner.so
55LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
56#LoadModule authz_dbm_module modules/mod_authz_dbm.so
57LoadModule ldap_module modules/mod_ldap.so
58#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
59LoadModule include_module modules/mod_include.so
60LoadModule log_config_module modules/mod_log_config.so
61#LoadModule logio_module modules/mod_logio.so
62LoadModule env_module modules/mod_env.so
63LoadModule ext_filter_module modules/mod_ext_filter.so
64#LoadModule mime_magic_module modules/mod_mime_magic.so
65LoadModule expires_module modules/mod_expires.so
66LoadModule deflate_module modules/mod_deflate.so
67LoadModule headers_module modules/mod_headers.so
68#LoadModule usertrack_module modules/mod_usertrack.so
69LoadModule setenvif_module modules/mod_setenvif.so
70LoadModule mime_module modules/mod_mime.so
71#LoadModule dav_module modules/mod_dav.so
72LoadModule status_module modules/mod_status.so
73LoadModule autoindex_module modules/mod_autoindex.so
74#LoadModule info_module modules/mod_info.so
75#LoadModule dav_fs_module modules/mod_dav_fs.so
76#LoadModule vhost_alias_module modules/mod_vhost_alias.so
77LoadModule negotiation_module modules/mod_negotiation.so
78LoadModule dir_module modules/mod_dir.so
79LoadModule actions_module modules/mod_actions.so
80#LoadModule speling_module modules/mod_speling.so
81LoadModule userdir_module modules/mod_userdir.so
82LoadModule alias_module modules/mod_alias.so
83LoadModule rewrite_module modules/mod_rewrite.so
84LoadModule proxy_module modules/mod_proxy.so
85LoadModule proxy_http_module modules/mod_proxy_http.so
86#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
87#LoadModule proxy_connect_module modules/mod_proxy_connect.so
88#LoadModule cache_module modules/mod_cache.so
89LoadModule suexec_module modules/mod_suexec.so
90#LoadModule disk_cache_module modules/mod_disk_cache.so
91#LoadModule file_cache_module modules/mod_file_cache.so
92#LoadModule mem_cache_module modules/mod_mem_cache.so
93LoadModule cgi_module modules/mod_cgi.so
94LoadModule ssl_module modules/mod_ssl.so
95LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
96LoadModule vhost_ldap_module modules/mod_vhost_ldap.so
97LoadModule unixd_module modules/mod_unixd.so
98
99User apache
100Group apache
101
102#ErrorDocument  403  /403-404.html
103#ErrorDocument  404  /403-404.html
104#ErrorDocument  500  /script_error.html
105
106UserDir disabled
107
108<Directory />
109    AllowOverride None
110    Options FollowSymLinks IncludesNoExec
111    # The new syntax wasn't added until 2.4,
112    # so there's simply no way any deployed sites
113    # are already using the new syntax.
114    <IfModule include_module>
115        SSILegacyExprParser on
116    </IfModule>
117</Directory>
118
119<Directory /afs/*/*/web_scripts>
120    AllowOverride All
121</Directory>
122<Directory /afs/*/*/*/web_scripts>
123    AllowOverride All
124</Directory>
125<Directory /afs/*/*/*/*/web_scripts>
126    AllowOverride All
127</Directory>
128<Directory /afs/*/*/*/*/*/web_scripts>
129    AllowOverride All
130</Directory>
131<Directory /afs/*/*/*/*/*/*/web_scripts>
132    AllowOverride All
133</Directory>
134<Directory /afs/*/*/*/*/*/*/*/web_scripts>
135    AllowOverride All
136</Directory>
137<Directory /afs/*/*/*/*/*/*/*/*/web_scripts>
138    AllowOverride All
139</Directory>
140
141<IfModule mod_dir.c>
142    DirectoryIndex index index.html index.htm index.cgi index.pl index.php index.py index.shtml index.exe index.fcgi
143</IfModule>
144
145AccessFileName .htaccess
146
147<Files ~ "^\.ht">
148    Require all denied
149</Files>
150
151UseCanonicalName Off
152TypesConfig /etc/mime.types
153#MIMEMagicFile conf/magic
154
155HostnameLookups Off
156ErrorLog "/home/logview/error_log"
157LogLevel warn
158LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
159LogFormat "%h %l %u %t \"%r\" %>s %b" common
160LogFormat "%a %V %U" statistics
161#CustomLog /var/log/httpd/access_log combined
162#CustomLog "|/etc/httpd/statistics_log_mitonly.sh" statistics
163ServerSignature Off
164ServerAdmin scripts@mit.edu
165ServerTokens Prod
166Header add Scripts-IP "%{SERVER_ADDR}e"
167
168<IfModule mod_autoindex.c>
169    Alias /__scripts/icons /usr/share/httpd/icons/
170    <Directory /usr/share/httpd/icons/>
171        Options Indexes
172        AllowOverride None
173        <Files ~ "\.(gif|png)$">
174            SetHandler default-handler
175        </Files>
176    </Directory>
177
178    IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
179
180    AddIconByEncoding (CMP,/__scripts/icons/compressed.gif) x-compress x-gzip
181
182    AddIconByType (TXT,/__scripts/icons/text.gif) text/*
183    AddIconByType (IMG,/__scripts/icons/image2.gif) image/*
184    AddIconByType (SND,/__scripts/icons/sound2.gif) audio/*
185    AddIconByType (VID,/__scripts/icons/movie.gif) video/*
186
187    AddIcon /__scripts/icons/binary.gif .bin .exe
188    AddIcon /__scripts/icons/binhex.gif .hqx
189    AddIcon /__scripts/icons/tar.gif .tar
190    AddIcon /__scripts/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
191    AddIcon /__scripts/icons/compressed.gif .Z .z .tgz .gz .zip
192    AddIcon /__scripts/icons/a.gif .ps .ai .eps
193    AddIcon /__scripts/icons/layout.gif .html .shtml .htm .pdf
194    AddIcon /__scripts/icons/text.gif .txt
195    AddIcon /__scripts/icons/c.gif .c
196    AddIcon /__scripts/icons/p.gif .pl .py
197    AddIcon /__scripts/icons/f.gif .for
198    AddIcon /__scripts/icons/dvi.gif .dvi
199    AddIcon /__scripts/icons/uuencoded.gif .uu
200    AddIcon /__scripts/icons/script.gif .conf .sh .shar .csh .ksh .tcl
201    AddIcon /__scripts/icons/tex.gif .tex
202    AddIcon /__scripts/icons/bomb.gif core
203
204    AddIcon /__scripts/icons/back.gif ..
205    AddIcon /__scripts/icons/hand.right.gif README
206    AddIcon /__scripts/icons/folder.gif ^^DIRECTORY^^
207    AddIcon /__scripts/icons/blank.gif ^^BLANKICON^^
208
209    DefaultIcon /__scripts/icons/unknown.gif
210
211    ReadmeName README
212    HeaderName HEADER
213   
214    IndexIgnore .??* *~ *# RCS CVS *,v *,t
215</IfModule>
216
217<IfModule mod_mime.c>
218    AddType application/xhtml+xml         .xhtml
219    AddType application/http-index-format .hti
220    AddType text/html                     .html
221    AddType text/css                      .css
222    AddType text/xsl                      .xslt
223    AddType application/x-javascript      .js
224    AddType application/xml               .xml
225    AddType image/svg+xml                 .svg
226    AddType application/vnd.mozilla.xul+xml .xul
227    AddType application/rdf+xml             .rdf
228    AddType application/x-xpinstall         .xpi
229    AddType text/xml .xsl
230    AddType text/html .shtml
231    AddHandler server-parsed .shtml
232
233    AddEncoding x-compress Z
234    AddEncoding x-gzip gz tgz
235
236    AddLanguage da .dk
237    AddLanguage nl .nl
238    AddLanguage en .en
239    AddLanguage et .ee
240    AddLanguage fr .fr
241    AddLanguage de .de
242    AddLanguage el .el
243    AddLanguage it .it
244    AddLanguage ja .ja
245    AddCharset ISO-2022-JP .jis
246    AddLanguage pl .po
247    AddCharset ISO-8859-2 .iso-pl
248    AddLanguage pt .pt
249    AddLanguage pt-br .pt-br
250    AddLanguage ltz .lu
251    AddLanguage ca .ca
252    AddLanguage es .es
253    AddLanguage sv .se
254    AddLanguage cz .cz
255
256    <IfModule mod_negotiation.c>
257        LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv
258    </IfModule>
259
260    AddType application/x-tar .tgz
261    AddType image/bmp .bmp
262
263    AddType text/x-hdml .hdml
264</IfModule>
265
266<IfModule mod_setenvif.c>
267    BrowserMatch "Mozilla/2" nokeepalive
268    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
269    BrowserMatch "RealPlayer 4\.0" force-response-1.0
270    BrowserMatch "Java/1\.0" force-response-1.0
271    BrowserMatch "JDK/1\.0" force-response-1.0
272    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
273</IfModule>
274
275Listen 80
276
277RLimitCPU 300 300
278RLimitMEM 1610612736 1610612736
279RLimitNPROC 4096 4096
280
281ServerName localhost
282DocumentRoot /afs/athena.mit.edu/contrib/scripts/www
283
284ExtendedStatus On
285RewriteEngine Off
286
287ProxyRequests Off
288
289<Location /robots.txt>
290    ErrorDocument 404 "No robots.txt.
291</Location>
292<Location /favicon.ico>
293    ErrorDocument 404 "No favicon.ico.
294</Location>
295
296<VirtualHost 18.181.0.50:80>
297    ServerName scripts-cert.mit.edu
298    ServerAlias scripts-cert
299    Include conf.d/scripts-vhost.conf
300    Include conf.d/vhosts-common.conf
301</VirtualHost>
302
303# LDAP vhost, w00t w00t
304<VirtualHost *:80>
305    Include conf.d/vhost_ldap.conf
306    Include conf.d/vhosts-common.conf
307</VirtualHost>
308
309<VirtualHost *:80>
310    Include conf.d/scripts-vhost-names.conf
311    Include conf.d/scripts-vhost.conf
312    Include conf.d/vhosts-common.conf
313</VirtualHost>
314
315<IfModule ssl_module>
316    Listen 443
317    Listen 444
318
319    AddType application/x-x509-ca-cert .crt
320    AddType application/x-pkcs7-crl    .crl
321
322    # This directive allows insecure renegotiations to succeed for browsers
323    # that do not yet support RFC 5746.  It should be removed when enough
324    # of the world has caught up.
325    SSLInsecureRenegotiation on
326
327    # Temporary fix for presumed CRIME attack against SSL
328    SSLCompression off
329
330    SSLPassPhraseDialog  builtin
331    SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
332    SSLSessionCacheTimeout 28800
333    SSLRandomSeed startup file:/dev/urandom 256
334    SSLRandomSeed connect builtin
335    SSLCryptoDevice builtin
336    SSLCACertificateFile /etc/pki/tls/certs/ca.pem
337    SSLVerifyClient none
338    SSLOptions +StdEnvVars
339    SSLProtocol all -SSLv2
340    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
341    <VirtualHost 18.181.0.50:443 18.181.0.50:444>
342        ServerName scripts-cert.mit.edu
343        ServerAlias scripts-cert
344        Include conf.d/scripts-vhost.conf
345        Include conf.d/vhosts-common-ssl.conf
346        SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
347        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
348        Include conf.d/vhosts-common-ssl-cert.conf
349    </VirtualHost>
350    <VirtualHost 18.181.0.43:443>
351        Include conf.d/scripts-vhost-names.conf
352        Include conf.d/scripts-vhost.conf
353        Include conf.d/vhosts-common-ssl.conf
354        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
355        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
356    </VirtualHost>
357    <VirtualHost 18.181.0.43:444>
358        Include conf.d/scripts-vhost-names.conf
359        Include conf.d/scripts-vhost.conf
360        Include conf.d/vhosts-common-ssl.conf
361        Include conf.d/vhosts-common-ssl-cert.conf
362        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
363        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
364    </VirtualHost>
365    # LDAP vhost, w00t w00t
366    <VirtualHost *:443>
367        ServerName localhost
368        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
369        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
370        Include conf.d/vhost_ldap.conf
371        Include conf.d/vhosts-common-ssl.conf
372    </VirtualHost>
373    # LDAP vhost, w00t w00t
374    <VirtualHost *:444>
375        ServerName localhost
376        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
377        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
378        Include conf.d/vhost_ldap.conf
379        Include conf.d/vhosts-common-ssl.conf
380        Include conf.d/vhosts-common-ssl-cert.conf
381    </VirtualHost>
382</IfModule>
383Include vhosts.d/*.conf
384<IfModule ssl_module>
385    <VirtualHost *:443>
386        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
387        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
388        Include conf.d/scripts-vhost-names.conf
389        Include conf.d/scripts-vhost.conf
390        Include conf.d/vhosts-common-ssl.conf
391    </VirtualHost>
392    <VirtualHost *:444>
393        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
394        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
395        Include conf.d/scripts-vhost-names.conf
396        Include conf.d/scripts-vhost.conf
397        Include conf.d/vhosts-common-ssl.conf
398        Include conf.d/vhosts-common-ssl-cert.conf
399    </VirtualHost>
400</IfModule>
401
402LoadModule fcgid_module modules/mod_fcgid.so
403AddHandler fcgid-script fcgi
404<Files *.fcgi>
405        Options +ExecCGI
406</Files>
407SocketPath /var/run/mod_fcgid
408SharememPath /var/run/mod_fcgid/fcgid_shm
409IPCCommTimeout 300
410FcgidMaxRequestLen 209715200
411FcgidIdleTimeout 600
412FcgidMaxProcessesPerClass 10
413FcgidMinProcessesPerClass 0
414FcgidMaxRequestsPerProcess 10000
415
416Include conf.d/auth_sslcert.conf
417Include conf.d/execsys.conf
418Include conf.d/scripts-special.conf
Note: See TracBrowser for help on using the repository browser.