Subversion Repositories ALCASAR

Rev

Rev 2592 | Rev 2920 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log

$HTTP["url"] =~ ".*" {
    # Disabling directory listing as default setting
    dir-listing.activate = "disable"
}

# If a wrong url is used, displaying homepage for unprivileged users
$HTTP["url"] !~ "^/(acc|save)/" {
    server.error-handler-404 = "/"
}

# Error pages
server.errorfile-prefix = "/var/www/html/errors/error-" 

$SERVER["socket"] == "alcasar.localdomain:443" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/pki/tls/private/alcasar.pem"
    ssl.ca-file = "/etc/pki/tls/certs/server-chain.pem"
    ssl.use-sslv2 = "disable"
    ssl.use-sslv3 = "disable"
    ssl.use-compression = "disable"
    ssl.honor-cipher-order = "enable"
    ssl.cipher-list = "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"

    var.server_name = "alcasar.localdomain"
    server.name = server_name

    server.document-root = "/var/www/html"
    
}

$HTTP["scheme"] == "https" {

    alias.url = (
        "/save" => "/var/Save"
    )

    # Digest authentication configuration
    auth.backend = "htdigest"
    auth.debug = 1
    auth.require = (
        "/acc/" => 
        (
            "method"  => "digest",
            "realm"   => "ALCASAR Control Center (ACC)",
            "require" => "valid-user"
        ),
        "/save/" => 
        (
            "method"  => "digest",
            "realm"   => "ALCASAR Control Center (ACC)",
            "require" => "valid-user"
        )

    )

    $HTTP["url"] =~ "^/(acc|save)/" {
        # Setting digest files according access permissions
        $HTTP["url"] =~ "^/acc/" {
            auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_all"

            $HTTP["url"] =~ "^/acc/admin" {
                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_admin"
            }

            $HTTP["url"] =~ "^/acc/manager/" {
                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_manager"
            }

            $HTTP["url"] =~ "^/acc/backup/" {
                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
            }
        }

        $HTTP["url"] =~ "^/save" {
            auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
            
            # Enabling directory listing
            dir-listing.activate = "enable"
        }
    }
}

$HTTP["scheme"] == "http" {
        # Force HTTPS for specific pages
        # $HTTP["url"] =~ "^/(acc|save|(intercept|password).php)" {
        $HTTP["url"] =~ "^/(acc|save)" {
                $HTTP["host"] =~ ".*" {
                        url.redirect = (".*" => "https://%0$0")
                }
        }
}