Subversion Repositories ALCASAR

Rev

Rev 2488 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2488 lucas.echa 1
$HTTP["url"] =~ ".*" {
2
    # Disabling directory listing as default setting
3
    dir-listing.activate = "disable"
4
}
5
 
6
# If a wrong url is used, displaying homepage for unprivileged users
7
$HTTP["url"] !~ "^/(acc|save)/" {
8
    server.error-handler-404 = "/"
9
}
10
 
11
# Error pages
12
server.errorfile-prefix = "/var/www/html/errors/error-" 
13
 
14
$SERVER["socket"] == "alcasar.localdomain:443" {
15
    ssl.engine = "enable"
16
    ssl.pemfile = "/etc/pki/tls/private/alcasar.pem"
2500 tom.houday 17
    ssl.ca-file = "/etc/pki/tls/certs/server-chain.crt"
2488 lucas.echa 18
    ssl.use-sslv2 = "disable"
19
    ssl.use-sslv3 = "disable"
20
    ssl.use-compression = "disable"
21
    ssl.honor-cipher-order = "enable"
22
    ssl.cipher-list = "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
23
 
24
    var.server_name = "alcasar.localdomain"
25
    server.name = server_name
26
 
27
    server.document-root = "/var/www/html"
28
 
29
}
30
 
31
$HTTP["scheme"] == "https" {
32
 
33
    alias.url = (
34
        "/save" => "/var/Save"
35
    )
36
 
37
    # Digest authentication configuration
38
    auth.backend = "htdigest"
39
    auth.debug = 1
40
    auth.require = (
41
        "/acc/" => 
42
        (
43
            "method"  => "digest",
44
            "realm"   => "ALCASAR Control Center (ACC)",
45
            "require" => "valid-user"
46
        ),
47
        "/save/" => 
48
        (
49
            "method"  => "digest",
50
            "realm"   => "ALCASAR Control Center (ACC)",
51
            "require" => "valid-user"
52
        )
53
 
54
    )
55
 
56
    $HTTP["url"] =~ "^/(acc|save)/" {
57
        # Setting digest files according access permissions
58
        $HTTP["url"] =~ "^/acc/" {
59
            auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_all"
60
 
61
            $HTTP["url"] =~ "^/acc/admin" {
62
                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_admin"
63
            }
64
 
65
            $HTTP["url"] =~ "^/acc/manager/" {
66
                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_manager"
67
            }
68
 
69
            $HTTP["url"] =~ "^/acc/backup/" {
70
                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
71
            }
72
        }
73
 
74
        $HTTP["url"] =~ "^/save" {
75
            auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
76
 
77
            # Enabling directory listing
78
            dir-listing.activate = "enable"
79
        }
80
    }
81
}
82
 
83
$HTTP["scheme"] == "http" {
84
	# Force HTTPS for privileged users
85
	$HTTP["url"] =~ "^/(acc|save|(intercept|password).php)" {
86
		$HTTP["host"] =~ ".*" {
87
			url.redirect = (".*" => "https://%0$0")
88
		}
89
	}
90
}