ServerRoot /etc/httpd
PidFile run/httpd.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 1000
KeepAliveTimeout 15
LoadModule mpm_worker_module modules/mod_mpm_worker.so
MinSpareServers 5
MaxSpareServers 50
StartServers 8
ServerLimit 512
MaxClients 512
MaxRequestsPerChild 10000
StartServers 3
MinSpareThreads 75
MaxSpareThreads 250
ServerLimit 64
ThreadsPerChild 32
MaxClients 1024
MaxRequestsPerChild 10000
StartServers 3
MinSpareThreads 75
MaxSpareThreads 250
ServerLimit 64
ThreadsPerChild 32
MaxClients 2048
MaxRequestsPerChild 10000
# This file configures systemd module:
LoadModule systemd_module modules/mod_systemd.so
# Enable .htaccess files to use the legacy Order By syntax
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule ldap_module modules/mod_ldap.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
#LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
#LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule info_module modules/mod_info.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
#LoadModule disk_cache_module modules/mod_disk_cache.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule vhost_ldap_module modules/mod_vhost_ldap.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule filter_module modules/mod_filter.so
User apache
Group apache
#ErrorDocument 403 /403-404.html
#ErrorDocument 404 /403-404.html
#ErrorDocument 500 /script_error.html
UserDir disabled
AllowOverride None
Options FollowSymLinks IncludesNoExec
# The new syntax wasn't added until 2.4,
# so there's simply no way any deployed sites
# are already using the new syntax.
SSILegacyExprParser on
AllowOverride All
AllowOverride All
AllowOverride All
AllowOverride All
AllowOverride All
AllowOverride All
AllowOverride All
DirectoryIndex index index.html index.htm index.cgi index.pl index.php index.py index.shtml index.exe index.fcgi
AccessFileName .htaccess
Require all denied
UseCanonicalName Off
TypesConfig /etc/mime.types
#MIMEMagicFile conf/magic
HostnameLookups Off
ErrorLog "/home/logview/error_log"
LogLevel warn
LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%a %V %U" statistics
#CustomLog /var/log/httpd/access_log combined
#CustomLog "|/etc/httpd/statistics_log_mitonly.sh" statistics
ServerSignature Off
ServerAdmin scripts@mit.edu
ServerTokens Prod
Header add Scripts-IP "%{SERVER_ADDR}e"
Alias /__scripts/icons /usr/share/httpd/icons/
Options Indexes
AllowOverride None
SetHandler default-handler
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
AddIconByEncoding (CMP,/__scripts/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/__scripts/icons/text.gif) text/*
AddIconByType (IMG,/__scripts/icons/image2.gif) image/*
AddIconByType (SND,/__scripts/icons/sound2.gif) audio/*
AddIconByType (VID,/__scripts/icons/movie.gif) video/*
AddIcon /__scripts/icons/binary.gif .bin .exe
AddIcon /__scripts/icons/binhex.gif .hqx
AddIcon /__scripts/icons/tar.gif .tar
AddIcon /__scripts/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /__scripts/icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /__scripts/icons/a.gif .ps .ai .eps
AddIcon /__scripts/icons/layout.gif .html .shtml .htm .pdf
AddIcon /__scripts/icons/text.gif .txt
AddIcon /__scripts/icons/c.gif .c
AddIcon /__scripts/icons/p.gif .pl .py
AddIcon /__scripts/icons/f.gif .for
AddIcon /__scripts/icons/dvi.gif .dvi
AddIcon /__scripts/icons/uuencoded.gif .uu
AddIcon /__scripts/icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /__scripts/icons/tex.gif .tex
AddIcon /__scripts/icons/bomb.gif core
AddIcon /__scripts/icons/back.gif ..
AddIcon /__scripts/icons/hand.right.gif README
AddIcon /__scripts/icons/folder.gif ^^DIRECTORY^^
AddIcon /__scripts/icons/blank.gif ^^BLANKICON^^
DefaultIcon /__scripts/icons/unknown.gif
ReadmeName README
HeaderName HEADER
IndexIgnore .??* *~ *# RCS CVS *,v *,t
AddType application/xhtml+xml .xhtml
AddType application/http-index-format .hti
AddType text/html .html
AddType text/css .css
AddType text/xsl .xslt
AddType application/x-javascript .js
AddType application/xml .xml
AddType image/svg+xml .svg
AddType application/vnd.mozilla.xul+xml .xul
AddType application/rdf+xml .rdf
AddType application/x-xpinstall .xpi
AddType text/xml .xsl
AddType text/html .shtml
AddHandler server-parsed .shtml
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .ee
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage it .it
AddLanguage ja .ja
AddCharset ISO-2022-JP .jis
AddLanguage pl .po
AddCharset ISO-8859-2 .iso-pl
AddLanguage pt .pt
AddLanguage pt-br .pt-br
AddLanguage ltz .lu
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cz .cz
LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv
AddType application/x-tar .tgz
AddType image/bmp .bmp
AddType text/x-hdml .hdml
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
Listen 80
RLimitCPU 300 300
RLimitMEM 1610612736 1610612736
RLimitNPROC 4096 4096
ServerName localhost
DocumentRoot /afs/athena.mit.edu/contrib/scripts/www
ExtendedStatus On
RewriteEngine Off
ProxyRequests Off
ErrorDocument 404 "No robots.txt.
ErrorDocument 404 "No favicon.ico.
ServerName scripts-cert.mit.edu
ServerAlias scripts-cert
Include conf.d/scripts-vhost.conf
Include conf.d/vhosts-common.conf
# LDAP vhost, w00t w00t
Include conf.d/vhost_ldap.conf
Include conf.d/vhosts-common.conf
Include conf.d/scripts-vhost-names.conf
Include conf.d/scripts-vhost.conf
Include conf.d/vhosts-common.conf
Listen 443
Listen 444
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# This directive allows insecure renegotiations to succeed for browsers
# that do not yet support RFC 5746. It should be removed when enough
# of the world has caught up.
SSLInsecureRenegotiation on
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 28800
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
SSLCACertificateFile /etc/pki/tls/certs/ca.pem
SSLVerifyClient none
SSLOptions +StdEnvVars
# Copied from https://wiki.mozilla.org/Security/Server_Side_TLS
# (backward compatibility configuration minus SSL 3.0; equivalently,
# intermediate compatibility configuration plus 3DES)
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
SSLCompression off
ServerName scripts-cert.mit.edu
ServerAlias scripts-cert
Include conf.d/scripts-vhost.conf
Include conf.d/vhosts-common-ssl.conf
SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
Include conf.d/vhosts-common-ssl-cert.conf
Include conf.d/scripts-vhost-names.conf
Include conf.d/scripts-vhost.conf
Include conf.d/vhosts-common-ssl.conf
SSLCertificateFile /etc/pki/tls/certs/scripts.pem
SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
Include conf.d/scripts-vhost-names.conf
Include conf.d/scripts-vhost.conf
Include conf.d/vhosts-common-ssl.conf
Include conf.d/vhosts-common-ssl-cert.conf
SSLCertificateFile /etc/pki/tls/certs/scripts.pem
SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
# LDAP vhost, w00t w00t
ServerName localhost
SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
Include conf.d/vhost_ldap.conf
Include conf.d/vhosts-common-ssl.conf
# LDAP vhost, w00t w00t
ServerName localhost
SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
Include conf.d/vhost_ldap.conf
Include conf.d/vhosts-common-ssl.conf
Include conf.d/vhosts-common-ssl-cert.conf
Include vhosts.d/*.conf
SSLCertificateFile /etc/pki/tls/certs/scripts.pem
SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
Include conf.d/scripts-vhost-names.conf
Include conf.d/scripts-vhost.conf
Include conf.d/vhosts-common-ssl.conf
SSLCertificateFile /etc/pki/tls/certs/scripts.pem
SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
Include conf.d/scripts-vhost-names.conf
Include conf.d/scripts-vhost.conf
Include conf.d/vhosts-common-ssl.conf
Include conf.d/vhosts-common-ssl-cert.conf
LoadModule fcgid_module modules/mod_fcgid.so
AddHandler fcgid-script fcgi
Options +ExecCGI
SocketPath /var/run/mod_fcgid
SharememPath /var/run/mod_fcgid/fcgid_shm
IPCCommTimeout 300
FcgidMaxRequestLen 209715200
FcgidIdleTimeout 600
FcgidMaxProcessesPerClass 10
FcgidMinProcessesPerClass 0
FcgidMaxRequestsPerProcess 10000
Include conf.d/auth_sslcert.conf
Include conf.d/execsys.conf
Include conf.d/scripts-special.conf