Context Navigation

source: trunk/server/fedora/config/etc/httpd/conf/httpd.conf @ 2326

Last change on this file since 2326 was 2321, checked in by geofft, 12 years ago
Disable SSL compression to defend against rumored side-channel attack
File size: 13.4 KB

Rev	Line
[39]	1	ServerRoot /etc/httpd
	2	PidFile run/httpd.pid
[1164]	3	Timeout 300
[231]	4	KeepAlive On
[39]	5	MaxKeepAliveRequests 1000
[734]	6	KeepAliveTimeout 15
[39]	7
[708]	8	<IfModule mpm_prefork_module>
	9	MinSpareServers 5
[759]	10	MaxSpareServers 50
[708]	11	StartServers 8
[759]	12	ServerLimit 512
	13	MaxClients 512
[831]	14	MaxRequestsPerChild 10000
[708]	15	</IfModule>
	16
	17	<IfModule mpm_worker_module>
	18	StartServers 3
	19	MinSpareThreads 75
	20	MaxSpareThreads 250
[972]	21	ServerLimit 64
[759]	22	ThreadsPerChild 32
	23	MaxClients 1024
[831]	24	MaxRequestsPerChild 10000
[708]	25	</IfModule>
	26
[972]	27	<IfModule mpm_event_module>
	28	StartServers 3
	29	MinSpareThreads 75
	30	MaxSpareThreads 250
	31	ServerLimit 64
	32	ThreadsPerChild 32
	33	MaxClients 2048
	34	MaxRequestsPerChild 10000
	35	</IfModule>
	36
[39]	37	LoadModule auth_basic_module modules/mod_auth_basic.so
	38	LoadModule auth_digest_module modules/mod_auth_digest.so
	39	LoadModule authn_file_module modules/mod_authn_file.so
	40	LoadModule authn_alias_module modules/mod_authn_alias.so
	41	LoadModule authn_anon_module modules/mod_authn_anon.so
	42	#LoadModule authn_dbm_module modules/mod_authn_dbm.so
	43	LoadModule authn_default_module modules/mod_authn_default.so
	44	LoadModule authz_host_module modules/mod_authz_host.so
	45	LoadModule authz_user_module modules/mod_authz_user.so
	46	LoadModule authz_owner_module modules/mod_authz_owner.so
	47	LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
	48	#LoadModule authz_dbm_module modules/mod_authz_dbm.so
	49	LoadModule authz_default_module modules/mod_authz_default.so
[478]	50	LoadModule ldap_module modules/mod_ldap.so
[39]	51	#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
	52	LoadModule include_module modules/mod_include.so
	53	LoadModule log_config_module modules/mod_log_config.so
	54	#LoadModule logio_module modules/mod_logio.so
	55	LoadModule env_module modules/mod_env.so
	56	LoadModule ext_filter_module modules/mod_ext_filter.so
	57	#LoadModule mime_magic_module modules/mod_mime_magic.so
[635]	58	LoadModule expires_module modules/mod_expires.so
[1454]	59	LoadModule deflate_module modules/mod_deflate.so
[365]	60	LoadModule headers_module modules/mod_headers.so
[39]	61	#LoadModule usertrack_module modules/mod_usertrack.so
	62	LoadModule setenvif_module modules/mod_setenvif.so
	63	LoadModule mime_module modules/mod_mime.so
	64	#LoadModule dav_module modules/mod_dav.so
[972]	65	LoadModule status_module modules/mod_status.so
[39]	66	LoadModule autoindex_module modules/mod_autoindex.so
	67	#LoadModule info_module modules/mod_info.so
	68	#LoadModule dav_fs_module modules/mod_dav_fs.so
	69	#LoadModule vhost_alias_module modules/mod_vhost_alias.so
[520]	70	LoadModule negotiation_module modules/mod_negotiation.so
[39]	71	LoadModule dir_module modules/mod_dir.so
	72	LoadModule actions_module modules/mod_actions.so
	73	#LoadModule speling_module modules/mod_speling.so
	74	LoadModule userdir_module modules/mod_userdir.so
	75	LoadModule alias_module modules/mod_alias.so
	76	LoadModule rewrite_module modules/mod_rewrite.so
[1089]	77	LoadModule proxy_module modules/mod_proxy.so
	78	LoadModule proxy_http_module modules/mod_proxy_http.so
[39]	79	#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
	80	#LoadModule proxy_connect_module modules/mod_proxy_connect.so
	81	#LoadModule cache_module modules/mod_cache.so
	82	LoadModule suexec_module modules/mod_suexec.so
	83	#LoadModule disk_cache_module modules/mod_disk_cache.so
	84	#LoadModule file_cache_module modules/mod_file_cache.so
	85	#LoadModule mem_cache_module modules/mod_mem_cache.so
	86	LoadModule cgi_module modules/mod_cgi.so
	87	LoadModule ssl_module modules/mod_ssl.so
[478]	88	LoadModule vhost_ldap_module modules/mod_vhost_ldap.so
[39]	89
	90	User apache
	91	Group apache
	92
	93	#ErrorDocument 403 /403-404.html
	94	#ErrorDocument 404 /403-404.html
	95	#ErrorDocument 500 /script_error.html
	96
[247]	97	UserDir disabled
[39]	98
	99	<Directory />
[642]	100	AllowOverride None
[39]	101	Options FollowSymLinks IncludesNoExec
	102	</Directory>
	103
[642]	104	<Directory /afs///web_scripts>
	105	AllowOverride All
	106	</Directory>
	107	<Directory /afs///*/web_scripts>
	108	AllowOverride All
	109	</Directory>
	110	<Directory /afs/////web_scripts>
	111	AllowOverride All
	112	</Directory>
	113	<Directory /afs/////*/web_scripts>
	114	AllowOverride All
	115	</Directory>
	116	<Directory /afs///////web_scripts>
	117	AllowOverride All
	118	</Directory>
	119	<Directory /afs///////*/web_scripts>
	120	AllowOverride All
	121	</Directory>
	122	<Directory /afs/////////web_scripts>
	123	AllowOverride All
	124	</Directory>
	125
[39]	126	<IfModule mod_dir.c>
[1412]	127	DirectoryIndex index index.html index.htm index.cgi index.pl index.php index.py index.shtml index.exe index.fcgi
[39]	128	</IfModule>
	129
	130	AccessFileName .htaccess
	131
	132	<Files ~ "^\.ht">
[257]	133	Order Allow,Deny
	134	Deny from all
[39]	135	</Files>
	136
	137	UseCanonicalName Off
	138	TypesConfig /etc/mime.types
	139	DefaultType text/plain
	140	#MIMEMagicFile conf/magic
	141
	142	HostnameLookups Off
[149]	143	ErrorLog "/home/logview/error_log"
[39]	144	LogLevel warn
	145	LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
	146	LogFormat "%h %l %u %t \"%r\" %>s %b" common
[1316]	147	LogFormat "%a %V %U" statistics
[39]	148	#CustomLog /var/log/httpd/access_log combined
[1341]	149	#CustomLog "\|/etc/httpd/statistics_log_mitonly.sh" statistics
[39]	150	ServerSignature Off
	151	ServerAdmin scripts@mit.edu
	152	ServerTokens Prod
[2270]	153	Header add Scripts-IP "%{SERVER_ADDR}e"
[39]	154
[257]	155	<IfModule mod_autoindex.c>
[602]	156	Alias /__scripts/icons /var/www/icons
[257]	157	<Directory /var/www/icons>
[802]	158	Options Indexes
[257]	159	AllowOverride None
	160	<Files ~ "\.(gif\|png)$">
	161	SetHandler default-handler
	162	</Files>
	163	</Directory>
[39]	164
	165	IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
	166
[602]	167	AddIconByEncoding (CMP,/__scripts/icons/compressed.gif) x-compress x-gzip
[39]	168
[602]	169	AddIconByType (TXT,/__scripts/icons/text.gif) text/*
	170	AddIconByType (IMG,/__scripts/icons/image2.gif) image/*
	171	AddIconByType (SND,/__scripts/icons/sound2.gif) audio/*
	172	AddIconByType (VID,/__scripts/icons/movie.gif) video/*
[39]	173
[602]	174	AddIcon /__scripts/icons/binary.gif .bin .exe
	175	AddIcon /__scripts/icons/binhex.gif .hqx
	176	AddIcon /__scripts/icons/tar.gif .tar
	177	AddIcon /__scripts/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
	178	AddIcon /__scripts/icons/compressed.gif .Z .z .tgz .gz .zip
	179	AddIcon /__scripts/icons/a.gif .ps .ai .eps
	180	AddIcon /__scripts/icons/layout.gif .html .shtml .htm .pdf
	181	AddIcon /__scripts/icons/text.gif .txt
	182	AddIcon /__scripts/icons/c.gif .c
	183	AddIcon /__scripts/icons/p.gif .pl .py
	184	AddIcon /__scripts/icons/f.gif .for
	185	AddIcon /__scripts/icons/dvi.gif .dvi
	186	AddIcon /__scripts/icons/uuencoded.gif .uu
	187	AddIcon /__scripts/icons/script.gif .conf .sh .shar .csh .ksh .tcl
	188	AddIcon /__scripts/icons/tex.gif .tex
	189	AddIcon /__scripts/icons/bomb.gif core
[39]	190
[602]	191	AddIcon /__scripts/icons/back.gif ..
	192	AddIcon /__scripts/icons/hand.right.gif README
	193	AddIcon /__scripts/icons/folder.gif ^^DIRECTORY^^
	194	AddIcon /__scripts/icons/blank.gif ^^BLANKICON^^
[39]	195
[602]	196	DefaultIcon /__scripts/icons/unknown.gif
[39]	197
	198	ReadmeName README
	199	HeaderName HEADER
	200
[477]	201	IndexIgnore .??* ~ # RCS CVS ,v ,t
[39]	202	</IfModule>
	203
	204	<IfModule mod_mime.c>
[257]	205	AddType application/xhtml+xml .xhtml
	206	AddType application/http-index-format .hti
	207	AddType text/html .html
	208	AddType text/css .css
	209	AddType text/xsl .xslt
	210	AddType application/x-javascript .js
	211	AddType application/xml .xml
	212	AddType image/svg+xml .svg
	213	AddType application/vnd.mozilla.xul+xml .xul
	214	AddType application/rdf+xml .rdf
	215	AddType application/x-xpinstall .xpi
	216	AddType text/xml .xsl
	217	AddType text/html .shtml
	218	AddHandler server-parsed .shtml
[39]	219
	220	AddEncoding x-compress Z
	221	AddEncoding x-gzip gz tgz
	222
	223	AddLanguage da .dk
	224	AddLanguage nl .nl
	225	AddLanguage en .en
	226	AddLanguage et .ee
	227	AddLanguage fr .fr
	228	AddLanguage de .de
	229	AddLanguage el .el
	230	AddLanguage it .it
	231	AddLanguage ja .ja
	232	AddCharset ISO-2022-JP .jis
	233	AddLanguage pl .po
	234	AddCharset ISO-8859-2 .iso-pl
	235	AddLanguage pt .pt
	236	AddLanguage pt-br .pt-br
	237	AddLanguage ltz .lu
	238	AddLanguage ca .ca
	239	AddLanguage es .es
	240	AddLanguage sv .se
	241	AddLanguage cz .cz
	242
	243	<IfModule mod_negotiation.c>
	244	LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv
	245	</IfModule>
	246
	247	AddType application/x-tar .tgz
	248	AddType image/bmp .bmp
	249
	250	AddType text/x-hdml .hdml
	251	</IfModule>
	252
	253	<IfModule mod_setenvif.c>
	254	BrowserMatch "Mozilla/2" nokeepalive
	255	BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
	256	BrowserMatch "RealPlayer 4\.0" force-response-1.0
	257	BrowserMatch "Java/1\.0" force-response-1.0
	258	BrowserMatch "JDK/1\.0" force-response-1.0
	259	SetEnvIf User-Agent ".MSIE." nokeepalive ssl-unclean-shutdown
	260	</IfModule>
	261
	262	Listen 80
	263
[1032]	264	RLimitCPU 300 300
[1772]	265	RLimitMEM 1610612736 1610612736
[972]	266	RLimitNPROC 4096 4096
[39]	267
	268	NameVirtualHost *:80
	269	NameVirtualHost *:443
[332]	270	NameVirtualHost *:444
[151]	271	NameVirtualHost 18.181.0.50:80
	272	NameVirtualHost 18.181.0.50:443
[332]	273	NameVirtualHost 18.181.0.50:444
[39]	274
	275	ServerName localhost
	276	DocumentRoot /afs/athena.mit.edu/contrib/scripts/www
[151]	277
[972]	278	ExtendedStatus On
[151]	279	RewriteEngine Off
	280
[1089]	281	ProxyRequests Off
	282
[330]	283	<Location /robots.txt>
	284	ErrorDocument 404 "No robots.txt.
[151]	285	</Location>
[330]	286	<Location /favicon.ico>
	287	ErrorDocument 404 "No favicon.ico.
	288	</Location>
[151]	289
	290	<VirtualHost 18.181.0.50:80>
[257]	291	ServerName scripts-cert.mit.edu
	292	ServerAlias scripts-cert
[330]	293	Include conf.d/scripts-vhost.conf
[257]	294	Include conf.d/vhosts-common.conf
[151]	295	</VirtualHost>
	296
[454]	297	# LDAP vhost, w00t w00t
[478]	298	<VirtualHost *:80>
	299	Include conf.d/vhost_ldap.conf
	300	Include conf.d/vhosts-common.conf
	301	</VirtualHost>
[454]	302
[151]	303	<VirtualHost *:80>
[332]	304	Include conf.d/scripts-vhost-names.conf
[330]	305	Include conf.d/scripts-vhost.conf
[257]	306	Include conf.d/vhosts-common.conf
[151]	307	</VirtualHost>
	308
[244]	309	<IfModule ssl_module>
[257]	310	Listen 443
[332]	311	Listen 444
[233]	312
[257]	313	AddType application/x-x509-ca-cert .crt
	314	AddType application/x-pkcs7-crl .crl
[233]	315
[1540]	316	# This directive allows insecure renegotiations to succeed for browsers
	317	# that do not yet support RFC 5746. It should be removed when enough
	318	# of the world has caught up.
	319	SSLInsecureRenegotiation on
	320
[2321]	321	# Temporary fix for presumed CRIME attack against SSL
	322	SSLCompression off
	323
[257]	324	SSLPassPhraseDialog builtin
[740]	325	SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
[734]	326	SSLSessionCacheTimeout 28800
[740]	327	SSLMutex default
	328	SSLRandomSeed startup file:/dev/urandom 256
[257]	329	SSLRandomSeed connect builtin
[740]	330	SSLCryptoDevice builtin
[973]	331	SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
[1768]	332	SSLCertificateKeyFile /etc/pki/tls/private/scripts-1024.key
[257]	333	SSLCACertificateFile /etc/pki/tls/certs/ca.pem
	334	SSLVerifyClient none
	335	SSLOptions +StdEnvVars
[740]	336	SSLProtocol all -SSLv2
[2264]	337	SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
[332]	338	<VirtualHost 18.181.0.50:443 18.181.0.50:444>
[257]	339	ServerName scripts-cert.mit.edu
	340	ServerAlias scripts-cert
[330]	341	Include conf.d/scripts-vhost.conf
[257]	342	Include conf.d/vhosts-common-ssl.conf
[369]	343	SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
[2229]	344	SSLCertificateChainFile /etc/pki/tls/certs/scripts-cert.pem
[1887]	345	SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[270]	346	Include conf.d/vhosts-common-ssl-cert.conf
[257]	347	</VirtualHost>
[973]	348	<VirtualHost 18.181.0.43:443>
	349	Include conf.d/scripts-vhost-names.conf
	350	Include conf.d/scripts-vhost.conf
	351	Include conf.d/vhosts-common-ssl.conf
	352	SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[1867]	353	SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
	354	SSLCertificateChainFile /etc/pki/tls/certs/scripts.pem
[973]	355	</VirtualHost>
	356	<VirtualHost 18.181.0.43:444>
	357	Include conf.d/scripts-vhost-names.conf
	358	Include conf.d/scripts-vhost.conf
	359	Include conf.d/vhosts-common-ssl.conf
	360	Include conf.d/vhosts-common-ssl-cert.conf
	361	SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[1867]	362	SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
	363	SSLCertificateChainFile /etc/pki/tls/certs/scripts.pem
[973]	364	</VirtualHost>
[478]	365	# LDAP vhost, w00t w00t
[257]	366	<VirtualHost *:443>
[648]	367	ServerName localhost
[478]	368	Include conf.d/vhost_ldap.conf
	369	Include conf.d/vhosts-common-ssl.conf
	370	</VirtualHost>
[1086]	371	# LDAP vhost, w00t w00t
	372	<VirtualHost *:444>
	373	ServerName localhost
	374	Include conf.d/vhost_ldap.conf
	375	Include conf.d/vhosts-common-ssl.conf
	376	Include conf.d/vhosts-common-ssl-cert.conf
	377	</VirtualHost>
[1082]	378	</IfModule>
	379	Include vhosts.d/*.conf
	380	<IfModule ssl_module>
[478]	381	<VirtualHost *:443>
[648]	382	ServerName scripts.scripts.mit.edu
[687]	383	ServerAlias .scripts.mit.edu .scripts
[648]	384	SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
	385	Include conf.d/vhost_ldap.conf
	386	Include conf.d/vhosts-common-ssl.conf
	387	</VirtualHost>
	388	<VirtualHost *:443>
[332]	389	Include conf.d/scripts-vhost-names.conf
[330]	390	Include conf.d/scripts-vhost.conf
[257]	391	Include conf.d/vhosts-common-ssl.conf
	392	</VirtualHost>
[332]	393	<VirtualHost *:444>
[649]	394	ServerName scripts.scripts.mit.edu
[687]	395	ServerAlias .scripts.mit.edu .scripts
[649]	396	SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
	397	Include conf.d/vhost_ldap.conf
	398	Include conf.d/vhosts-common-ssl.conf
	399	Include conf.d/vhosts-common-ssl-cert.conf
	400	</VirtualHost>
	401	<VirtualHost *:444>
[332]	402	Include conf.d/scripts-vhost-names.conf
	403	Include conf.d/scripts-vhost.conf
	404	Include conf.d/vhosts-common-ssl.conf
	405	Include conf.d/vhosts-common-ssl-cert.conf
	406	</VirtualHost>
[151]	407	</IfModule>
	408
	409	LoadModule fcgid_module modules/mod_fcgid.so
	410	AddHandler fcgid-script fcgi
	411	<Files *.fcgi>
	412	Options +ExecCGI
	413	</Files>
[1482]	414	SocketPath /var/run/mod_fcgid
	415	SharememPath /var/run/mod_fcgid/fcgid_shm
[1016]	416	IPCCommTimeout 300
[1732]	417	FcgidMaxRequestLen 209715200
[2020]	418	FcgidIdleTimeout 600
	419	FcgidMaxProcessesPerClass 10
	420	FcgidMinProcessesPerClass 0
	421	FcgidMaxRequestsPerProcess 10000
[151]	422
[70]	423	Include conf.d/auth_sslcert.conf
[40]	424	Include conf.d/execsys.conf
[603]	425	Include conf.d/scripts-special.conf

Note: See TracBrowser for help on using the repository browser.

Download in other formats: