| 2488 |
lucas.echa |
1 |
$HTTP["url"] =~ ".*" {
|
|
|
2 |
# Disabling directory listing as default setting
|
|
|
3 |
dir-listing.activate = "disable"
|
|
|
4 |
}
|
|
|
5 |
|
|
|
6 |
# If a wrong url is used, displaying homepage for unprivileged users
|
|
|
7 |
$HTTP["url"] !~ "^/(acc|save)/" {
|
|
|
8 |
server.error-handler-404 = "/"
|
|
|
9 |
}
|
|
|
10 |
|
|
|
11 |
# Error pages
|
|
|
12 |
server.errorfile-prefix = "/var/www/html/errors/error-"
|
|
|
13 |
|
|
|
14 |
$SERVER["socket"] == "alcasar.localdomain:443" {
|
|
|
15 |
ssl.engine = "enable"
|
|
|
16 |
ssl.pemfile = "/etc/pki/tls/private/alcasar.pem"
|
|
|
17 |
ssl.use-sslv2 = "disable"
|
|
|
18 |
ssl.use-sslv3 = "disable"
|
|
|
19 |
ssl.use-compression = "disable"
|
|
|
20 |
ssl.honor-cipher-order = "enable"
|
|
|
21 |
ssl.cipher-list = "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
|
|
|
22 |
|
|
|
23 |
var.server_name = "alcasar.localdomain"
|
|
|
24 |
server.name = server_name
|
|
|
25 |
|
|
|
26 |
server.document-root = "/var/www/html"
|
|
|
27 |
|
|
|
28 |
}
|
|
|
29 |
|
|
|
30 |
$HTTP["scheme"] == "https" {
|
|
|
31 |
|
|
|
32 |
alias.url = (
|
|
|
33 |
"/save" => "/var/Save"
|
|
|
34 |
)
|
|
|
35 |
|
|
|
36 |
# Digest authentication configuration
|
|
|
37 |
auth.backend = "htdigest"
|
|
|
38 |
auth.debug = 1
|
|
|
39 |
auth.require = (
|
|
|
40 |
"/acc/" =>
|
|
|
41 |
(
|
|
|
42 |
"method" => "digest",
|
|
|
43 |
"realm" => "ALCASAR Control Center (ACC)",
|
|
|
44 |
"require" => "valid-user"
|
|
|
45 |
),
|
|
|
46 |
"/save/" =>
|
|
|
47 |
(
|
|
|
48 |
"method" => "digest",
|
|
|
49 |
"realm" => "ALCASAR Control Center (ACC)",
|
|
|
50 |
"require" => "valid-user"
|
|
|
51 |
)
|
|
|
52 |
|
|
|
53 |
)
|
|
|
54 |
|
|
|
55 |
$HTTP["url"] =~ "^/(acc|save)/" {
|
|
|
56 |
# Setting digest files according access permissions
|
|
|
57 |
$HTTP["url"] =~ "^/acc/" {
|
|
|
58 |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_all"
|
|
|
59 |
|
|
|
60 |
$HTTP["url"] =~ "^/acc/admin" {
|
|
|
61 |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_admin"
|
|
|
62 |
}
|
|
|
63 |
|
|
|
64 |
$HTTP["url"] =~ "^/acc/manager/" {
|
|
|
65 |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_manager"
|
|
|
66 |
}
|
|
|
67 |
|
|
|
68 |
$HTTP["url"] =~ "^/acc/backup/" {
|
|
|
69 |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
|
|
|
70 |
}
|
|
|
71 |
}
|
|
|
72 |
|
|
|
73 |
$HTTP["url"] =~ "^/save" {
|
|
|
74 |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
|
|
|
75 |
|
|
|
76 |
# Enabling directory listing
|
|
|
77 |
dir-listing.activate = "enable"
|
|
|
78 |
}
|
|
|
79 |
}
|
|
|
80 |
}
|
|
|
81 |
|
|
|
82 |
$HTTP["scheme"] == "http" {
|
|
|
83 |
# Force HTTPS for privileged users
|
|
|
84 |
$HTTP["url"] =~ "^/(acc|save|(intercept|password).php)" {
|
|
|
85 |
$HTTP["host"] =~ ".*" {
|
|
|
86 |
url.redirect = (".*" => "https://%0$0")
|
|
|
87 |
}
|
|
|
88 |
}
|
|
|
89 |
}
|