gitlabFork/ISPConfig3.git - Solinfo Gitblit

Implemented: FS#3706 - disable SSLv3 to protect servers agains POODLE attack.

Till Brehm

2014-10-16 53124ed9dc52e8aee60d9018ffb32c18f03c4daa

commit \| author \| age
47cca9	1
T	2	<Directory {tmpl_var name='web_basedir'}/{tmpl_var name='domain'}>
0305b2	3	AllowOverride None
1da57c	4	<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
7ae7e8	5	Require all denied
1da57c	6	<tmpl_else>
0305b2	7	Order Deny,Allow
M	8	Deny from all
1da57c	9	</tmpl_if>
47cca9	10	</Directory>
T	11
a7bdf8	12	<tmpl_loop name="vhosts">
T	13	<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
47cca9	14	<tmpl_if name='php' op='==' value='suphp'>
0305b2	15	DocumentRoot <tmpl_var name='web_document_root'>
47cca9	16	</tmpl_else>
0305b2	17	<tmpl_if name='php' op='==' value='cgi'>
M	18	DocumentRoot <tmpl_var name='web_document_root'>
	19	</tmpl_else>
cc6568	20	<tmpl_if name='php' op='==' value='php-fpm'>
H	21	DocumentRoot <tmpl_var name='web_document_root'>
	22	</tmpl_else>
0305b2	23	DocumentRoot <tmpl_var name='web_document_root_www'>
cc6568	24	</tmpl_if>
0305b2	25	</tmpl_if>
47cca9	26	</tmpl_if>
T	27
0305b2	28	ServerName <tmpl_var name='domain'>
47cca9	29	<tmpl_if name='alias'>
0305b2	30	<tmpl_var name='alias'>
47cca9	31	</tmpl_if>
0305b2	32	ServerAdmin webmaster@<tmpl_var name='domain'>
47cca9	33
0305b2	34	ErrorLog /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log
3e0034	35
47cca9	36	<tmpl_if name='errordocs'>
0305b2	37	Alias /error/ "<tmpl_var name='web_document_root_www'>/error/"
M	38	ErrorDocument 400 /error/400.html
	39	ErrorDocument 401 /error/401.html
	40	ErrorDocument 403 /error/403.html
	41	ErrorDocument 404 /error/404.html
	42	ErrorDocument 405 /error/405.html
	43	ErrorDocument 500 /error/500.html
	44	ErrorDocument 502 /error/502.html
	45	ErrorDocument 503 /error/503.html
47cca9	46	</tmpl_if>
a7bdf8	47
0305b2	48	<IfModule mod_ssl.c>
a7bdf8	49	<tmpl_if name='ssl_enabled'>
53124e	50	SSLEngine on
TB	51	SSLProtocol All -SSLv2 -SSLv3
0305b2	52	SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt
M	53	SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key
a7bdf8	54	<tmpl_if name='has_bundle_cert'>
0305b2	55	SSLCACertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.bundle
a7bdf8	56	</tmpl_if>
dec0df	57	</tmpl_if>
0305b2	58	</IfModule>
dec0df	59
0305b2	60	<Directory {tmpl_var name='web_document_root_www'}>
5a6670	61	# Clear PHP settings of this website
MC	62	<FilesMatch ".+\.ph(p[345]?\|t\|tml)$">
	63	SetHandler None
	64	</FilesMatch>
5545f1	65	Options +FollowSymLinks
0305b2	66	AllowOverride <tmpl_var name='allow_override'>
1da57c	67	<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
8133de	68	Require all granted
1da57c	69	<tmpl_else>
0305b2	70	Order allow,deny
M	71	Allow from all
1da57c	72	</tmpl_if>
47cca9	73	<tmpl_if name='ssi' op='==' value='y'>
0305b2	74
M	75	# ssi enabled
	76	AddType text/html .shtml
	77	AddOutputFilter INCLUDES .shtml
	78	Options +Includes
47cca9	79	</tmpl_if>
T	80	<tmpl_if name='php' op='==' value='no'>
0305b2	81	<Files ~ '.php[s3-6]{0,1}$'>
1da57c	82	<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
8133de	83	Require all denied
1da57c	84	<tmpl_else>
0305b2	85	Order allow,deny
M	86	Deny from all
	87	Allow from none
1da57c	88	</tmpl_if>
0305b2	89	</Files>
47cca9	90	</tmpl_if>
0305b2	91	</Directory>
M	92	<Directory {tmpl_var name='web_document_root'}>
5a6670	93	# Clear PHP settings of this website
MC	94	<FilesMatch ".+\.ph(p[345]?\|t\|tml)$">
	95	SetHandler None
	96	</FilesMatch>
5545f1	97	Options +FollowSymLinks
0305b2	98	AllowOverride <tmpl_var name='allow_override'>
1da57c	99	<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
8133de	100	Require all granted
1da57c	101	<tmpl_else>
0305b2	102	Order allow,deny
M	103	Allow from all
1da57c	104	</tmpl_if>
47cca9	105	<tmpl_if name='ssi' op='==' value='y'>
0305b2	106
M	107	# ssi enabled
	108	AddType text/html .shtml
	109	AddOutputFilter INCLUDES .shtml
	110	Options +Includes
47cca9	111	</tmpl_if>
07d3a1	112	<tmpl_if name='php' op='==' value='no'>
0305b2	113	<Files ~ '.php[s3-6]{0,1}$'>
1da57c	114	<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
8133de	115	Require all denied
1da57c	116	<tmpl_else>
8133de	117	Order allow,deny
MC	118	Deny from all
	119	Allow from none
1da57c	120	</tmpl_if>
0305b2	121	</Files>
07d3a1	122	</tmpl_if>
0305b2	123	</Directory>
07d3a1	124
22ef48	125	<tmpl_if name='ruby' op='==' value='y'>
0305b2	126	<IfModule mod_ruby.c>
M	127	<Directory {tmpl_var name='web_document_root_www'}>
	128	Options +ExecCGI
	129	</Directory>
	130	RubyRequire apache/ruby-run
	131	#RubySafeLevel 0
	132	AddType text/html .rb
	133	AddType text/html .rbx
	134	<Files *.rb>
	135	SetHandler ruby-object
	136	RubyHandler Apache::RubyRun.instance
	137	</Files>
	138	<Files *.rbx>
	139	SetHandler ruby-object
	140	RubyHandler Apache::RubyRun.instance
	141	</Files>
	142	</IfModule>
22ef48	143	</tmpl_if>
47cca9	144
ab7597	145	<tmpl_if name='perl' op='==' value='y'>
M	146	<IfModule mod_perl.c>
	147	PerlModule ModPerl::Registry
	148	PerlModule Apache2::Reload
	149	<Directory {tmpl_var name='web_document_root_www'}>
	150	PerlResponseHandler ModPerl::Registry
	151	PerlOptions +ParseHeaders
	152	Options +ExecCGI
	153	</Directory>
72d6a8	154	<Directory {tmpl_var name='web_document_root'}>
TB	155	PerlResponseHandler ModPerl::Registry
	156	PerlOptions +ParseHeaders
	157	Options +ExecCGI
	158	</Directory>
6fb93d	159	<Files *.pl>
M	160	SetHandler perl-script
	161	</Files>
ab7597	162	</IfModule>
M	163	</tmpl_if>
	164
298ef5	165	<tmpl_if name='python' op='==' value='y'>
0305b2	166	<IfModule mod_python.c>
M	167	<Directory {tmpl_var name='web_document_root_www'}>
3bc1e1	168	<FilesMatch "\.py$">
MC	169	SetHandler mod_python
	170	</FilesMatch>
0305b2	171	PythonHandler mod_python.publisher
M	172	PythonDebug On
	173	</Directory>
	174	</IfModule>
298ef5	175	</tmpl_if>
F	176
47cca9	177	<tmpl_if name='cgi' op='==' value='y'>
0305b2	178	# cgi enabled
47cca9	179	<Directory {tmpl_var name='document_root'}/cgi-bin>
1da57c	180	<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
8133de	181	Require all granted
1da57c	182	<tmpl_else>
0305b2	183	Order allow,deny
M	184	Allow from all
1da57c	185	</tmpl_if>
0305b2	186	</Directory>
M	187	ScriptAlias /cgi-bin/ <tmpl_var name='document_root'>/cgi-bin/
3bc1e1	188	<FilesMatch "\.(cgi\|pl)$">
MC	189	SetHandler cgi-script
	190	</FilesMatch>
47cca9	191	</tmpl_if>
T	192	<tmpl_if name='suexec' op='==' value='y'>
0305b2	193	# suexec enabled
M	194	<IfModule mod_suexec.c>
	195	SuexecUserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
	196	</IfModule>
47cca9	197	</tmpl_if>
T	198	<tmpl_if name='php' op='==' value='mod'>
0305b2	199	# mod_php enabled
M	200	AddType application/x-httpd-php .php .php3 .php4 .php5
	201	php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
	202	php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
	203	php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
10f838	204	# PHPIniDir <tmpl_var name='custom_php_ini_dir'>
215d18	205	<tmpl_if name='security_level' op='==' value='20'>
0305b2	206	php_admin_value open_basedir <tmpl_var name='php_open_basedir'>
215d18	207	</tmpl_if>
47cca9	208	</tmpl_if>
T	209	<tmpl_if name='php' op='==' value='suphp'>
0305b2	210	# suphp enabled
M	211	<Directory {tmpl_var name='web_document_root'}>
f8d8a4	212	<IfModule mod_suphp.c>
3bc1e1	213	suPHP_Engine on
MC	214	# suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
7fddfe	215	<tmpl_if name='has_custom_php_ini'>
T	216	suPHP_ConfigPath <tmpl_var name='custom_php_ini_dir'>
	217	</tmpl_if>
3bc1e1	218	<FilesMatch "\.php[345]?$">
MC	219	SetHandler x-httpd-suphp
	220	</FilesMatch>
	221	suPHP_AddHandler x-httpd-suphp
f8d8a4	222	</IfModule>
0305b2	223	</Directory>
47cca9	224	</tmpl_if>
T	225	<tmpl_if name='php' op='==' value='cgi'>
0305b2	226	# php as cgi enabled
M	227	ScriptAlias /php5-cgi <tmpl_var name='cgi_starter_path'><tmpl_var name='cgi_starter_script'>
	228	Action php5-cgi /php5-cgi
51910d	229	<Directory {tmpl_var name='web_document_root_www'}>
TB	230	<FilesMatch "\.php[345]?$">
	231	SetHandler php5-cgi
	232	</FilesMatch>
	233	</Directory>
	234	<Directory {tmpl_var name='web_document_root'}>
	235	<FilesMatch "\.php[345]?$">
	236	SetHandler php5-cgi
	237	</FilesMatch>
	238	</Directory>
0305b2	239	<Directory {tmpl_var name='cgi_starter_path'}>
1da57c	240	<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
8133de	241	Require all granted
1da57c	242	<tmpl_else>
8133de	243	Order allow,deny
MC	244	Allow from all
1da57c	245	</tmpl_if>
0305b2	246	</Directory>
47cca9	247	</tmpl_if>
T	248	<tmpl_if name='php' op='==' value='fast-cgi'>
0305b2	249	# php as fast-cgi enabled
8fe84f	250	# For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
0305b2	251	<IfModule mod_fcgid.c>
92e0ce	252	<tmpl_if name='fastcgi_config_syntax' op='==' value='2'>
0305b2	253	FcgidIdleTimeout 300
M	254	FcgidProcessLifeTime 3600
	255	# FcgidMaxProcesses 1000
bfcdef	256	FcgidMaxRequestsPerProcess <tmpl_var name='fastcgi_max_requests'>
0305b2	257	FcgidMinProcessesPerClass 0
310f4c	258	FcgidMaxProcessesPerClass 10
0305b2	259	FcgidConnectTimeout 3
2ed8f0	260	FcgidIOTimeout 600
MC	261	FcgidBusyTimeout 3600
bfcdef	262	FcgidMaxRequestLen 1073741824
92e0ce	263	<tmpl_else>
0305b2	264	IdleTimeout 300
M	265	ProcessLifeTime 3600
	266	# MaxProcessCount 1000
	267	DefaultMinClassProcessCount 0
	268	DefaultMaxClassProcessCount 100
	269	IPCConnectTimeout 3
2ed8f0	270	IPCCommTimeout 600
MC	271	BusyTimeout 3600
92e0ce	272	</tmpl_if>
0305b2	273	</IfModule>
M	274	<Directory {tmpl_var name='web_document_root_www'}>
3bc1e1	275	<FilesMatch "\.php[345]?$">
MC	276	SetHandler fcgid-script
	277	</FilesMatch>
0305b2	278	FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php
c0a1a4	279	FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php3
TB	280	FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php4
	281	FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php5
0305b2	282	Options +ExecCGI
M	283	AllowOverride <tmpl_var name='allow_override'>
1da57c	284	<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
8133de	285	Require all granted
1da57c	286	<tmpl_else>
0305b2	287	Order allow,deny
M	288	Allow from all
1da57c	289	</tmpl_if>
0305b2	290	</Directory>
M	291	<Directory {tmpl_var name='web_document_root'}>
3bc1e1	292	<FilesMatch "\.php[345]?$">
MC	293	SetHandler fcgid-script
	294	</FilesMatch>
0305b2	295	FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php
c0a1a4	296	FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php3
TB	297	FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php4
	298	FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php5
0305b2	299	Options +ExecCGI
M	300	AllowOverride <tmpl_var name='allow_override'>
1da57c	301	<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
8133de	302	Require all granted
1da57c	303	<tmpl_else>
0305b2	304	Order allow,deny
M	305	Allow from all
1da57c	306	</tmpl_if>
0305b2	307	</Directory>
47cca9	308	</tmpl_if>
274362	309	<tmpl_if name='php' op='==' value='php-fpm'>
0305b2	310	<IfModule mod_fastcgi.c>
10b4c8	311	<Directory {tmpl_var name='document_root'}/cgi-bin>
1da57c	312	<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
8133de	313	Require all granted
1da57c	314	<tmpl_else>
8133de	315	Order allow,deny
MC	316	Allow from all
1da57c	317	</tmpl_if>
52846b	318	</Directory>
51910d	319	<Directory {tmpl_var name='web_document_root_www'}>
TB	320	<FilesMatch "\.php[345]?$">
	321	SetHandler php5-fcgi
	322	</FilesMatch>
	323	</Directory>
	324	<Directory {tmpl_var name='web_document_root'}>
	325	<FilesMatch "\.php[345]?$">
	326	SetHandler php5-fcgi
	327	</FilesMatch>
	328	</Directory>
52846b	329	Action php5-fcgi /php5-fcgi
bfcdef	330	Alias /php5-fcgi {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'}
274362	331	<tmpl_if name='use_tcp'>
cc6568	332	FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -host 127.0.0.1:<tmpl_var name='fpm_port'> -pass-header Authorization
274362	333	</tmpl_if>
F	334	<tmpl_if name='use_socket'>
cc6568	335	FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket <tmpl_var name='fpm_socket'> -pass-header Authorization
274362	336	</tmpl_if>
0305b2	337	</IfModule>
9b021b	338	<IfModule mod_proxy_fcgi.c>
TB	339	ProxyPassMatch ^/(.\.php[345]?(/.)?)$ fcgi://127.0.0.1:<tmpl_var name='fpm_port'><tmpl_var name='web_document_root'>/$1
	340	</IfModule>
274362	341	</tmpl_if>
e64fbb	342
8ab3cd	343	<tmpl_if name="rewrite_enabled">
0305b2	344	RewriteEngine on
8ab3cd	345	<tmpl_if name='seo_redirect_enabled'>
bfcdef	346	RewriteCond %{HTTP_HOST} <tmpl_var name='seo_redirect_operator'>^<tmpl_var name='seo_redirect_origin_domain'>$ [NC]
cc6568	347	RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='seo_redirect_target_domain'>$1 [R=301,L]
e64fbb	348	</tmpl_if>
bfcdef	349	<tmpl_loop name="alias_seo_redirects">
T	350	RewriteCond %{HTTP_HOST} <tmpl_var name='alias_seo_redirect_operator'>^<tmpl_var name='alias_seo_redirect_origin_domain'>$ [NC]
cc6568	351	RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='alias_seo_redirect_target_domain'>$1 [R=301,L]
bfcdef	352	</tmpl_loop>
47cca9	353	<tmpl_loop name="redirects">
0305b2	354	RewriteCond %{HTTP_HOST} <tmpl_var name='rewrite_domain'>$ [NC]
046d62	355	<tmpl_if name="rewrite_is_url" op="==" value="n">
M	356	RewriteCond %{REQUEST_URI} !^/webdav/
6f4f6b	357	RewriteCond %{REQUEST_URI} !^/php5-fcgi/
046d62	358	RewriteCond %{REQUEST_URI} !^<tmpl_var name='rewrite_target'>
M	359	</tmpl_if>
6f833c	360
e6fd35	361	RewriteRule ^/(.*)$ <tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if> <tmpl_var name='rewrite_type'>
6f833c	362
47cca9	363	</tmpl_loop>
T	364	</tmpl_if>
	365
0305b2	366	# add support for apache mpm_itk
M	367	<IfModule mpm_itk_module>
	368	AssignUserId <tmpl_var name='system_user'> <tmpl_var name='system_group'>
	369	</IfModule>
c4570e	370
0305b2	371	<IfModule mod_dav_fs.c>
M	372	# Do not execute PHP files in webdav directory
	373	<Directory {tmpl_var name='document_root'}/webdav>
7762fb	374	<ifModule mod_security2.c>
M	375	SecRuleRemoveById 960015
	376	SecRuleRemoveById 960032
	377	</ifModule>
	378	<FilesMatch "\.ph(p3?\|tml)$">
0305b2	379	SetHandler None
M	380	</FilesMatch>
	381	</Directory>
	382	DavLockDB {tmpl_var name='document_root'}/tmp/DavLock
	383	# DO NOT REMOVE THE COMMENTS!
	384	# IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
	385	# WEBDAV BEGIN
	386	# WEBDAV END
	387	</IfModule>
ac933e	388
47cca9	389	<tmpl_var name='apache_directives'>
T	390	</VirtualHost>
a7bdf8	391	</tmpl_loop>