Subversion Repositories ALCASAR

Rev

Rev 3110 | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2592 rexy 1 
$HTTP["url"] =~ ".*" {
2 
    # Disabling directory listing as default setting
3 
    dir-listing.activate = "disable"
4 
}
5 
 
6 
# If a wrong url is used, displaying homepage for unprivileged users
7 
$HTTP["url"] !~ "^/(acc|save)/" {
8 
    server.error-handler-404 = "/"
9 
}
10 
 
11 
# Error pages
12 
server.errorfile-prefix = "/var/www/html/errors/error-"
13 
 
14 
$SERVER["socket"] == "alcasar.localdomain:443" {
15 
    ssl.engine = "enable"
16 
    ssl.pemfile = "/etc/pki/tls/private/alcasar.pem"
3191 rexy 17 
    ssl.verifyclient.ca-file = "/etc/pki/tls/certs/server-chain.pem"
2592 rexy 18 
    var.server_name = "alcasar.localdomain"
19 
    server.name = server_name
20 
    server.document-root = "/var/www/html"
21 
}
22 
 
23 
$HTTP["scheme"] == "https" {
24 
    alias.url = (
25 
        "/save" => "/var/Save"
26 
    )
27 
    # Digest authentication configuration
28 
    auth.backend = "htdigest"
29 
    auth.require = (
30 
        "/acc/" =>
31 
        (
32 
            "method"  => "digest",
33 
            "realm"   => "ALCASAR Control Center (ACC)",
34 
            "require" => "valid-user"
35 
        ),
36 
        "/save/" =>
37 
        (
38 
            "method"  => "digest",
39 
            "realm"   => "ALCASAR Control Center (ACC)",
40 
            "require" => "valid-user"
41 
        )
42 
    )
43 
    $HTTP["url"] =~ "^/(acc|save)/" {
44 
        # Setting digest files according access permissions
45 
        $HTTP["url"] =~ "^/acc/" {
46 
            auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_all"
47 
            $HTTP["url"] =~ "^/acc/admin" {
48 
                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_admin"
49 
            }
50 
            $HTTP["url"] =~ "^/acc/manager/" {
51 
                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_manager"
52 
            }
53 
            $HTTP["url"] =~ "^/acc/backup/" {
54 
                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
55 
            }
56 
        }
57 
        $HTTP["url"] =~ "^/save" {
58 
            auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
59 
            # Enabling directory listing
60 
            dir-listing.activate = "enable"
61 
        }
62 
    }
63 
}
64 
 
65 
$HTTP["scheme"] == "http" {
2923 rexy 66 
        # Force HTTPS for specific pages
67 
        $HTTP["url"] =~ "^/(acc|save)" {
68 
                $HTTP["host"] =~ ".*" {
69 
                        url.redirect = (".*" => "https://%0$0")
70 
                }
71 
        }
2592 rexy 72 
}