source: trunk/server/fedora/config/etc/httpd/conf/httpd.conf @ 2264

Last change on this file since 2264 was 2264, checked in by adehnert, 10 years ago
Switch to upstream cipher suites
File size: 13.3 KB
RevLine 
[39]1ServerRoot /etc/httpd
2PidFile run/httpd.pid
[1164]3Timeout 300
[231]4KeepAlive On
[39]5MaxKeepAliveRequests 1000
[734]6KeepAliveTimeout 15
[39]7
[708]8<IfModule mpm_prefork_module>
9    MinSpareServers 5
[759]10    MaxSpareServers 50
[708]11    StartServers 8
[759]12    ServerLimit 512
13    MaxClients 512
[831]14    MaxRequestsPerChild 10000
[708]15</IfModule>
16
17<IfModule mpm_worker_module>
18    StartServers 3
19    MinSpareThreads 75
20    MaxSpareThreads 250
[972]21    ServerLimit 64
[759]22    ThreadsPerChild 32
23    MaxClients 1024
[831]24    MaxRequestsPerChild 10000
[708]25</IfModule>
26
[972]27<IfModule mpm_event_module>
28    StartServers 3
29    MinSpareThreads 75
30    MaxSpareThreads 250
31    ServerLimit 64
32    ThreadsPerChild 32
33    MaxClients 2048
34    MaxRequestsPerChild 10000
35</IfModule>
36
[39]37LoadModule auth_basic_module modules/mod_auth_basic.so
38LoadModule auth_digest_module modules/mod_auth_digest.so
39LoadModule authn_file_module modules/mod_authn_file.so
40LoadModule authn_alias_module modules/mod_authn_alias.so
41LoadModule authn_anon_module modules/mod_authn_anon.so
42#LoadModule authn_dbm_module modules/mod_authn_dbm.so
43LoadModule authn_default_module modules/mod_authn_default.so
44LoadModule authz_host_module modules/mod_authz_host.so
45LoadModule authz_user_module modules/mod_authz_user.so
46LoadModule authz_owner_module modules/mod_authz_owner.so
47LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
48#LoadModule authz_dbm_module modules/mod_authz_dbm.so
49LoadModule authz_default_module modules/mod_authz_default.so
[478]50LoadModule ldap_module modules/mod_ldap.so
[39]51#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
52LoadModule include_module modules/mod_include.so
53LoadModule log_config_module modules/mod_log_config.so
54#LoadModule logio_module modules/mod_logio.so
55LoadModule env_module modules/mod_env.so
56LoadModule ext_filter_module modules/mod_ext_filter.so
57#LoadModule mime_magic_module modules/mod_mime_magic.so
[635]58LoadModule expires_module modules/mod_expires.so
[1454]59LoadModule deflate_module modules/mod_deflate.so
[365]60LoadModule headers_module modules/mod_headers.so
[39]61#LoadModule usertrack_module modules/mod_usertrack.so
62LoadModule setenvif_module modules/mod_setenvif.so
63LoadModule mime_module modules/mod_mime.so
64#LoadModule dav_module modules/mod_dav.so
[972]65LoadModule status_module modules/mod_status.so
[39]66LoadModule autoindex_module modules/mod_autoindex.so
67#LoadModule info_module modules/mod_info.so
68#LoadModule dav_fs_module modules/mod_dav_fs.so
69#LoadModule vhost_alias_module modules/mod_vhost_alias.so
[520]70LoadModule negotiation_module modules/mod_negotiation.so
[39]71LoadModule dir_module modules/mod_dir.so
72LoadModule actions_module modules/mod_actions.so
73#LoadModule speling_module modules/mod_speling.so
74LoadModule userdir_module modules/mod_userdir.so
75LoadModule alias_module modules/mod_alias.so
76LoadModule rewrite_module modules/mod_rewrite.so
[1089]77LoadModule proxy_module modules/mod_proxy.so
78LoadModule proxy_http_module modules/mod_proxy_http.so
[39]79#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
80#LoadModule proxy_connect_module modules/mod_proxy_connect.so
81#LoadModule cache_module modules/mod_cache.so
82LoadModule suexec_module modules/mod_suexec.so
83#LoadModule disk_cache_module modules/mod_disk_cache.so
84#LoadModule file_cache_module modules/mod_file_cache.so
85#LoadModule mem_cache_module modules/mod_mem_cache.so
86LoadModule cgi_module modules/mod_cgi.so
87LoadModule ssl_module modules/mod_ssl.so
[478]88LoadModule vhost_ldap_module modules/mod_vhost_ldap.so
[39]89
90User apache
91Group apache
92
93#ErrorDocument  403  /403-404.html
94#ErrorDocument  404  /403-404.html
95#ErrorDocument  500  /script_error.html
96
[247]97UserDir disabled
[39]98
99<Directory />
[642]100    AllowOverride None
[39]101    Options FollowSymLinks IncludesNoExec
102</Directory>
103
[642]104<Directory /afs/*/*/web_scripts>
105    AllowOverride All
106</Directory>
107<Directory /afs/*/*/*/web_scripts>
108    AllowOverride All
109</Directory>
110<Directory /afs/*/*/*/*/web_scripts>
111    AllowOverride All
112</Directory>
113<Directory /afs/*/*/*/*/*/web_scripts>
114    AllowOverride All
115</Directory>
116<Directory /afs/*/*/*/*/*/*/web_scripts>
117    AllowOverride All
118</Directory>
119<Directory /afs/*/*/*/*/*/*/*/web_scripts>
120    AllowOverride All
121</Directory>
122<Directory /afs/*/*/*/*/*/*/*/*/web_scripts>
123    AllowOverride All
124</Directory>
125
[39]126<IfModule mod_dir.c>
[1412]127    DirectoryIndex index index.html index.htm index.cgi index.pl index.php index.py index.shtml index.exe index.fcgi
[39]128</IfModule>
129
130AccessFileName .htaccess
131
132<Files ~ "^\.ht">
[257]133    Order Allow,Deny
134    Deny from all
[39]135</Files>
136
137UseCanonicalName Off
138TypesConfig /etc/mime.types
139DefaultType text/plain
140#MIMEMagicFile conf/magic
141
142HostnameLookups Off
[149]143ErrorLog "/home/logview/error_log"
[39]144LogLevel warn
145LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
146LogFormat "%h %l %u %t \"%r\" %>s %b" common
[1316]147LogFormat "%a %V %U" statistics
[39]148#CustomLog /var/log/httpd/access_log combined
[1341]149#CustomLog "|/etc/httpd/statistics_log_mitonly.sh" statistics
[39]150ServerSignature Off
151ServerAdmin scripts@mit.edu
152ServerTokens Prod
153
[257]154<IfModule mod_autoindex.c>
[602]155    Alias /__scripts/icons /var/www/icons
[257]156    <Directory /var/www/icons>
[802]157        Options Indexes
[257]158        AllowOverride None
159        <Files ~ "\.(gif|png)$">
160            SetHandler default-handler
161        </Files>
162    </Directory>
[39]163
164    IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
165
[602]166    AddIconByEncoding (CMP,/__scripts/icons/compressed.gif) x-compress x-gzip
[39]167
[602]168    AddIconByType (TXT,/__scripts/icons/text.gif) text/*
169    AddIconByType (IMG,/__scripts/icons/image2.gif) image/*
170    AddIconByType (SND,/__scripts/icons/sound2.gif) audio/*
171    AddIconByType (VID,/__scripts/icons/movie.gif) video/*
[39]172
[602]173    AddIcon /__scripts/icons/binary.gif .bin .exe
174    AddIcon /__scripts/icons/binhex.gif .hqx
175    AddIcon /__scripts/icons/tar.gif .tar
176    AddIcon /__scripts/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
177    AddIcon /__scripts/icons/compressed.gif .Z .z .tgz .gz .zip
178    AddIcon /__scripts/icons/a.gif .ps .ai .eps
179    AddIcon /__scripts/icons/layout.gif .html .shtml .htm .pdf
180    AddIcon /__scripts/icons/text.gif .txt
181    AddIcon /__scripts/icons/c.gif .c
182    AddIcon /__scripts/icons/p.gif .pl .py
183    AddIcon /__scripts/icons/f.gif .for
184    AddIcon /__scripts/icons/dvi.gif .dvi
185    AddIcon /__scripts/icons/uuencoded.gif .uu
186    AddIcon /__scripts/icons/script.gif .conf .sh .shar .csh .ksh .tcl
187    AddIcon /__scripts/icons/tex.gif .tex
188    AddIcon /__scripts/icons/bomb.gif core
[39]189
[602]190    AddIcon /__scripts/icons/back.gif ..
191    AddIcon /__scripts/icons/hand.right.gif README
192    AddIcon /__scripts/icons/folder.gif ^^DIRECTORY^^
193    AddIcon /__scripts/icons/blank.gif ^^BLANKICON^^
[39]194
[602]195    DefaultIcon /__scripts/icons/unknown.gif
[39]196
197    ReadmeName README
198    HeaderName HEADER
199   
[477]200    IndexIgnore .??* *~ *# RCS CVS *,v *,t
[39]201</IfModule>
202
203<IfModule mod_mime.c>
[257]204    AddType application/xhtml+xml         .xhtml
205    AddType application/http-index-format .hti
206    AddType text/html                     .html
207    AddType text/css                      .css
208    AddType text/xsl                      .xslt
209    AddType application/x-javascript      .js
210    AddType application/xml               .xml
211    AddType image/svg+xml                 .svg
212    AddType application/vnd.mozilla.xul+xml .xul
213    AddType application/rdf+xml             .rdf
214    AddType application/x-xpinstall         .xpi
215    AddType text/xml .xsl
216    AddType text/html .shtml
217    AddHandler server-parsed .shtml
[39]218
219    AddEncoding x-compress Z
220    AddEncoding x-gzip gz tgz
221
222    AddLanguage da .dk
223    AddLanguage nl .nl
224    AddLanguage en .en
225    AddLanguage et .ee
226    AddLanguage fr .fr
227    AddLanguage de .de
228    AddLanguage el .el
229    AddLanguage it .it
230    AddLanguage ja .ja
231    AddCharset ISO-2022-JP .jis
232    AddLanguage pl .po
233    AddCharset ISO-8859-2 .iso-pl
234    AddLanguage pt .pt
235    AddLanguage pt-br .pt-br
236    AddLanguage ltz .lu
237    AddLanguage ca .ca
238    AddLanguage es .es
239    AddLanguage sv .se
240    AddLanguage cz .cz
241
242    <IfModule mod_negotiation.c>
243        LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv
244    </IfModule>
245
246    AddType application/x-tar .tgz
247    AddType image/bmp .bmp
248
249    AddType text/x-hdml .hdml
250</IfModule>
251
252<IfModule mod_setenvif.c>
253    BrowserMatch "Mozilla/2" nokeepalive
254    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
255    BrowserMatch "RealPlayer 4\.0" force-response-1.0
256    BrowserMatch "Java/1\.0" force-response-1.0
257    BrowserMatch "JDK/1\.0" force-response-1.0
258    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
259</IfModule>
260
261Listen 80
262
[1032]263RLimitCPU 300 300
[1772]264RLimitMEM 1610612736 1610612736
[972]265RLimitNPROC 4096 4096
[39]266
267NameVirtualHost *:80
268NameVirtualHost *:443
[332]269NameVirtualHost *:444
[151]270NameVirtualHost 18.181.0.50:80
271NameVirtualHost 18.181.0.50:443
[332]272NameVirtualHost 18.181.0.50:444
[39]273
274ServerName localhost
275DocumentRoot /afs/athena.mit.edu/contrib/scripts/www
[151]276
[972]277ExtendedStatus On
[151]278RewriteEngine Off
279
[1089]280ProxyRequests Off
281
[330]282<Location /robots.txt>
283    ErrorDocument 404 "No robots.txt.
[151]284</Location>
[330]285<Location /favicon.ico>
286    ErrorDocument 404 "No favicon.ico.
287</Location>
[151]288
289<VirtualHost 18.181.0.50:80>
[257]290    ServerName scripts-cert.mit.edu
291    ServerAlias scripts-cert
[330]292    Include conf.d/scripts-vhost.conf
[257]293    Include conf.d/vhosts-common.conf
[151]294</VirtualHost>
295
[454]296# LDAP vhost, w00t w00t
[478]297<VirtualHost *:80>
298    Include conf.d/vhost_ldap.conf
299    Include conf.d/vhosts-common.conf
300</VirtualHost>
[454]301
[151]302<VirtualHost *:80>
[332]303    Include conf.d/scripts-vhost-names.conf
[330]304    Include conf.d/scripts-vhost.conf
[257]305    Include conf.d/vhosts-common.conf
[151]306</VirtualHost>
307
[244]308<IfModule ssl_module>
[257]309    Listen 443
[332]310    Listen 444
[233]311
[257]312    AddType application/x-x509-ca-cert .crt
313    AddType application/x-pkcs7-crl    .crl
[233]314
[1540]315    # This directive allows insecure renegotiations to succeed for browsers
316    # that do not yet support RFC 5746.  It should be removed when enough
317    # of the world has caught up.
318    SSLInsecureRenegotiation on
319
[257]320    SSLPassPhraseDialog  builtin
[740]321    SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
[734]322    SSLSessionCacheTimeout 28800
[740]323    SSLMutex default
324    SSLRandomSeed startup file:/dev/urandom 256
[257]325    SSLRandomSeed connect builtin
[740]326    SSLCryptoDevice builtin
[973]327    SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
[1768]328    SSLCertificateKeyFile /etc/pki/tls/private/scripts-1024.key
[257]329    SSLCACertificateFile /etc/pki/tls/certs/ca.pem
330    SSLVerifyClient none
331    SSLOptions +StdEnvVars
[740]332    SSLProtocol all -SSLv2
[2264]333    SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
[332]334    <VirtualHost 18.181.0.50:443 18.181.0.50:444>
[257]335        ServerName scripts-cert.mit.edu
336        ServerAlias scripts-cert
[330]337        Include conf.d/scripts-vhost.conf
[257]338        Include conf.d/vhosts-common-ssl.conf
[369]339        SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
[2229]340        SSLCertificateChainFile /etc/pki/tls/certs/scripts-cert.pem
[1887]341        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[270]342        Include conf.d/vhosts-common-ssl-cert.conf
[257]343    </VirtualHost>
[973]344    <VirtualHost 18.181.0.43:443>
345        Include conf.d/scripts-vhost-names.conf
346        Include conf.d/scripts-vhost.conf
347        Include conf.d/vhosts-common-ssl.conf
348        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[1867]349        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
350        SSLCertificateChainFile /etc/pki/tls/certs/scripts.pem
[973]351    </VirtualHost>
352    <VirtualHost 18.181.0.43:444>
353        Include conf.d/scripts-vhost-names.conf
354        Include conf.d/scripts-vhost.conf
355        Include conf.d/vhosts-common-ssl.conf
356        Include conf.d/vhosts-common-ssl-cert.conf
357        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[1867]358        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
359        SSLCertificateChainFile /etc/pki/tls/certs/scripts.pem
[973]360    </VirtualHost>
[478]361    # LDAP vhost, w00t w00t
[257]362    <VirtualHost *:443>
[648]363        ServerName localhost
[478]364        Include conf.d/vhost_ldap.conf
365        Include conf.d/vhosts-common-ssl.conf
366    </VirtualHost>
[1086]367    # LDAP vhost, w00t w00t
368    <VirtualHost *:444>
369        ServerName localhost
370        Include conf.d/vhost_ldap.conf
371        Include conf.d/vhosts-common-ssl.conf
372        Include conf.d/vhosts-common-ssl-cert.conf
373    </VirtualHost>
[1082]374</IfModule>
375Include vhosts.d/*.conf
376<IfModule ssl_module>
[478]377    <VirtualHost *:443>
[648]378        ServerName scripts.scripts.mit.edu
[687]379        ServerAlias *.scripts.mit.edu *.scripts
[648]380        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
381        Include conf.d/vhost_ldap.conf
382        Include conf.d/vhosts-common-ssl.conf
383    </VirtualHost>
384    <VirtualHost *:443>
[332]385        Include conf.d/scripts-vhost-names.conf
[330]386        Include conf.d/scripts-vhost.conf
[257]387        Include conf.d/vhosts-common-ssl.conf
388    </VirtualHost>
[332]389    <VirtualHost *:444>
[649]390        ServerName scripts.scripts.mit.edu
[687]391        ServerAlias *.scripts.mit.edu *.scripts
[649]392        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
393        Include conf.d/vhost_ldap.conf
394        Include conf.d/vhosts-common-ssl.conf
395        Include conf.d/vhosts-common-ssl-cert.conf
396    </VirtualHost>
397    <VirtualHost *:444>
[332]398        Include conf.d/scripts-vhost-names.conf
399        Include conf.d/scripts-vhost.conf
400        Include conf.d/vhosts-common-ssl.conf
401        Include conf.d/vhosts-common-ssl-cert.conf
402    </VirtualHost>
[151]403</IfModule>
404
405LoadModule fcgid_module modules/mod_fcgid.so
406AddHandler fcgid-script fcgi
407<Files *.fcgi>
408        Options +ExecCGI
409</Files>
[1482]410SocketPath /var/run/mod_fcgid
411SharememPath /var/run/mod_fcgid/fcgid_shm
[1016]412IPCCommTimeout 300
[1732]413FcgidMaxRequestLen 209715200
[2020]414FcgidIdleTimeout 600
415FcgidMaxProcessesPerClass 10
416FcgidMinProcessesPerClass 0
417FcgidMaxRequestsPerProcess 10000
[151]418
[70]419Include conf.d/auth_sslcert.conf
[40]420Include conf.d/execsys.conf
[603]421Include conf.d/scripts-special.conf
Note: See TracBrowser for help on using the repository browser.