httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Hudak <jjhu...@gmail.com>
Subject Re: [users@httpd] One IP, Many Domains - One Headache
Date Fri, 02 May 2014 18:56:39 GMT
I think that will help. I am not sure but I think it will fix it.
>From an organizational perspective, each site should have a unique document
root. From my experience, this worked well for me:

.~/html/ site_A
.~/html/ site_B
.~/html/site_C
.
.
.
.~/html/ site_etc...

j



On Fri, May 2, 2014 at 11:15 AM, Michael Peters <
michael.peters@lazarusalliance.com> wrote:

> That certainly helped fix most of the sites. The one that still does not
> work is out of the /html/ directory. Do I need to move it into a new
> subdirectory instead?
>
> NameVirtualHost *:80
> #
> <VirtualHost *:80>
> ServerName policy-machine.com
> ServerAlias itsecuritypolicy.org
> ServerAlias policymachine.com
> UseCanonicalName Off
> DocumentRoot "/html/itsecuritypolicy"
> ServerAdmin webmaster@policy-machine.com
> <Directory "/html/itsecuritypolicy">
>   Options Indexes FollowSymLinks
>   AllowOverride All
>   Order allow,deny
>   Allow from all
> </Directory>
> </VirtualHost>
> #
> <VirtualHost *:80>
> ServerName michaelpeters.org
> DocumentRoot "/html/michaelpeters"
> ServerAdmin webmaster@michaelpeters.org
> <Directory "/html/michaelpeters">
>   Options Indexes FollowSymLinks
>   AllowOverride All
>   Order allow,deny
>   Allow from all
> </Directory>
> </VirtualHost>
> #
> <VirtualHost *:80>
> ServerName lazarusalliance.com
> ServerAlias fedramp.us
> ServerAlias ssae-16.us
> ServerAlias yourpersonalcxo.com
> UseCanonicalName Off
> DocumentRoot "/html/lazarusalliance"
> ServerAdmin webmaster@lazarusalliance.com
> <Directory "/html/lazarusalliance">
>   Options Indexes FollowSymLinks
>   AllowOverride All
>   Order allow,deny
>   Allow from all
> </Directory>
> </VirtualHost>
> #
> <VirtualHost *:80>
> ServerName securitytrifecta.com
> DocumentRoot "/html"
> ServerAdmin webmaster@securitytrifecta.com
> ServerAlias securitytrifecta.com
> UseCanonicalName Off
> <Directory "/html">
>   Options Indexes FollowSymLinks
>   AllowOverride All
>   Order allow,deny
>   Allow from all
> </Directory>
> <Directory "/html/menu">
>   Options Indexes FollowSymLinks
>   AllowOverride All
>   Order allow,deny
>   Allow from all
> </Directory>
> <Directory "/html/auditprotocol">
>   Options Indexes FollowSymLinks
>   AllowOverride All
>   Order allow,deny
>   Allow from all
>   SSLRenegBufferSize 26214400
>   LimitRequestBody 2044430000
> </Directory>
> <Directory "/html/skipfish">
>   Options Indexes FollowSymLinks
>   AllowOverride All
>   Order allow,deny
>   Allow from all
>   AuthType Basic
>   AuthName "Restricted Files"
>   AuthBasicProvider file
>   AuthUserFile /www/html/passwd/passwords
>   Require user mdpeters67
> </Directory>
> <Directory "/html/skipfish-2.10b">
>   Options Indexes FollowSymLinks
>   AllowOverride All
>   Order allow,deny
>   Allow from all
>   AuthType Basic
>   AuthName "Restricted Files"
>   AuthBasicProvider file
>   AuthUserFile /www/html/passwd/passwords
>   Require user mdpeters67
> </Directory>
> <Directory "/html/phpMyAdmin">
>   Options Indexes FollowSymLinks
>   AllowOverride All
>   Order allow,deny
>   Allow from all
>   AuthType Basic
>   AuthName "Restricted Files"
>   AuthBasicProvider file
>   AuthUserFile /www/html/passwd/passwords
>   Require user mdpeters67
> </Directory>
> <Directory "/html/phpMyAdmin-4.1.6-all-languages">
>   Options Indexes FollowSymLinks
>   AllowOverride All
>   Order allow,deny
>   Allow from all
>   AuthType Basic
>   AuthName "Restricted Files"
>   AuthBasicProvider file
>   AuthUserFile /www/html/passwd/passwords
>   Require user mdpeters67
> </Directory>
> <Directory "/html/munin">
>   Options Indexes FollowSymLinks
>   AllowOverride All
>   Order allow,deny
>   Allow from all
>   AuthType Basic
>   AuthName "Restricted Files"
>   AuthBasicProvider file
>   AuthUserFile /www/html/passwd/passwords
>   Require user mdpeters67
> </Directory>
> <Directory "/usr/lib/munin/cgi">
>   Options +ExecCGI
>   <IfModule mod_fcgid.c>
>   SetHandler fcgid-script
>   </IfModule>
>   <IfModule !mod_fcgid.c>
>   SetHandler cgi-script
>   </IfModule>
> </Directory>
> </VirtualHost>
> #
>
>
>
>
> -----Original Message-----
> From: Yehuda Katz [mailto:yehuda@ymkatz.net]
> Sent: Friday, May 2, 2014 7:41 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] One IP, Many Domains - One Headache
>
> You can not have multiple ServerName directives in one vhost.
> For example, you have a vhost with:
> ServerName policy-machine.com
> ServerName itsecuritypolicy.org
> ServerName policymachine.com
>
> Only one of those will work.
> If you want to have multiple sites that use the same vhost, you need
> to have one ServerName and multiple ServerAlias directives.
>
> When you look at the output of httpd -S it should look more like (this
> is part of mine from one server):
>
> VirtualHost configuration:
> *:80                   is a NameVirtualHost
>          default server
> ph05.example.net(/etc/apache2/sites-enabled/000-default.conf:1)
>          port 80 namevhost
> ph05.example.net(/etc/apache2/sites-enabled/000-default.conf:1)
>          port 80 namevhost
> admin.example.com(/etc/apache2/sites-enabled/admin.example.com.conf:1)
>                  alias www.admin.example.com
>          port 80 namevhost
> apps.example.org(/etc/apache2/sites-enabled/apps.example.org.conf:1)
>                  alias www.apps.example.org
>                  alias apps.example.net
>                  alias www.apps.example.net
>                  alias apps.example.com
>                  alias www.apps.example.com
>
> Your server will only properly server sites listed here. Any other access
> will see the "default server" mentioned on the first line.
>
> - Y
>
> On Fri, May 2, 2014 at 10:24 AM, Michael Peters
> <michael.peters@lazarusalliance.com> wrote:
> > I assume this looks proper?
> >
> > VirtualHost configuration:
> > wildcard NameVirtualHosts and _default_ servers:
> > *:80                   is a NameVirtualHost
> >          default server policymachine.com(/etc/httpd/conf/httpd.conf:290)
> >          port 80 namevhost policymachine.com
> > (/etc/httpd/conf/httpd.conf:290)
> >          port 80 namevhost michaelpeters.org
> > (/etc/httpd/conf/httpd.conf:304)
> >          port 80 namevhost yourpersonalcxo.com
> > (/etc/httpd/conf/httpd.conf:316)
> >          port 80 namevhost securitytrifecta.com
> > (/etc/httpd/conf/httpd.conf:331)
> > *:443                  is a NameVirtualHost
> >          default server securitytrifecta.com
> > (/etc/httpd/conf.d/ssl.conf:13)
> >          port 443 namevhost securitytrifecta.com
> > (/etc/httpd/conf.d/ssl.conf:13)
> >          port 443 namevhost michaelpeters.org
> > (/etc/httpd/conf.d/ssl.conf:92)
> >          port 443 namevhost yourpsersonalcxo.com
> > (/etc/httpd/conf.d/ssl.conf:109)
> >          port 443 namevhost policymachine.com
> > (/etc/httpd/conf.d/ssl.conf:129)
> > Syntax OK
> >
> >
> >
> > -----Original Message-----
> > From: Yehuda Katz [mailto:yehuda@ymkatz.net]
> > Sent: Friday, May 2, 2014 7:11 AM
> > To: users@httpd.apache.org
> > Subject: Re: [users@httpd] One IP, Many Domains - One Headache
> >
> > Run httpd -S to see all vhosts that apache is listening for and compare
> > that to what you expect to see.
> >
> > - Y
> >
> >
> > On Fri, May 2, 2014 at 9:59 AM, Michael Peters
> > <michael.peters@lazarusalliance.com> wrote:
> >>
> >> This is the httpd.conf file now. Some things I’ve made progress on are:
> >>
> >>
> >>
> >> 1.       Michaelpeters.org works fine now (this is a wordpress site)
> >>
> >> 2.       Policy-Machine.com and Itsecuritypolicy.org work fine now (A
> >> combination wordpress and php site)
> >>
> >> 3.       Lazarusalliance.com, Fedramp.us, ssae-16.us and
> >> yourpersonalcxo.com are still broken. They all redirect to
> >> Policy-Machine.com. This is a regular php and html site.
> >>
> >> 4.       Securitytrifecta.com is still broken. It redirects to
> >> Policy-machine.com too. This is a regular php and html site.
> >>
> >>
> >>
> >> Is it possible that I need .htaccess files in each directory? If so, how
> >> should I write those?
> >>
> >>
> >>
> >> ++++++++++++++++++++
> >>
> >>
> >>
> >> ServerTokens OS
> >>
> >> ServerRoot "/etc/httpd"
> >>
> >> PidFile run/httpd.pid
> >>
> >> #
> >>
> >> Timeout 120
> >>
> >> KeepAlive Off
> >>
> >> MaxKeepAliveRequests 100
> >>
> >> KeepAliveTimeout 15
> >>
> >> #
> >>
> >> <IfModule itk.c>
> >>
> >> StartServers       8
> >>
> >> MinSpareServers    5
> >>
> >> MaxSpareServers   20
> >>
> >> ServerLimit      256
> >>
> >> MaxClients       256
> >>
> >> MaxRequestsPerChild  4000
> >>
> >> </IfModule>
> >>
> >> #
> >>
> >> <IfModule prefork.c>
> >>
> >> StartServers       8
> >>
> >> MinSpareServers    5
> >>
> >> MaxSpareServers   20
> >>
> >> ServerLimit      256
> >>
> >> MaxClients       256
> >>
> >> MaxRequestsPerChild  4000
> >>
> >> </IfModule>
> >>
> >> #
> >>
> >> <IfModule worker.c>
> >>
> >> StartServers         2
> >>
> >> MaxClients         150
> >>
> >> MinSpareThreads     25
> >>
> >> MaxSpareThreads     75
> >>
> >> ThreadsPerChild     25
> >>
> >> MaxRequestsPerChild  0
> >>
> >> </IfModule>
> >>
> >> #
> >>
> >> Listen 208.109.171.169:80
> >>
> >> #
> >>
> >> LoadModule auth_basic_module modules/mod_auth_basic.so
> >>
> >> LoadModule auth_digest_module modules/mod_auth_digest.so
> >>
> >> LoadModule authn_file_module modules/mod_authn_file.so
> >>
> >> LoadModule authn_alias_module modules/mod_authn_alias.so
> >>
> >> LoadModule authn_anon_module modules/mod_authn_anon.so
> >>
> >> LoadModule authn_dbm_module modules/mod_authn_dbm.so
> >>
> >> LoadModule authn_default_module modules/mod_authn_default.so
> >>
> >> LoadModule authz_host_module modules/mod_authz_host.so
> >>
> >> LoadModule authz_user_module modules/mod_authz_user.so
> >>
> >> LoadModule authz_owner_module modules/mod_authz_owner.so
> >>
> >> LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
> >>
> >> LoadModule authz_dbm_module modules/mod_authz_dbm.so
> >>
> >> LoadModule authz_default_module modules/mod_authz_default.so
> >>
> >> LoadModule ldap_module modules/mod_ldap.so
> >>
> >> LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
> >>
> >> LoadModule include_module modules/mod_include.so
> >>
> >> LoadModule log_config_module modules/mod_log_config.so
> >>
> >> LoadModule logio_module modules/mod_logio.so
> >>
> >> LoadModule env_module modules/mod_env.so
> >>
> >> LoadModule ext_filter_module modules/mod_ext_filter.so
> >>
> >> LoadModule mime_magic_module modules/mod_mime_magic.so
> >>
> >> LoadModule expires_module modules/mod_expires.so
> >>
> >> LoadModule deflate_module modules/mod_deflate.so
> >>
> >> LoadModule headers_module modules/mod_headers.so
> >>
> >> LoadModule usertrack_module modules/mod_usertrack.so
> >>
> >> LoadModule setenvif_module modules/mod_setenvif.so
> >>
> >> LoadModule mime_module modules/mod_mime.so
> >>
> >> LoadModule dav_module modules/mod_dav.so
> >>
> >> LoadModule status_module modules/mod_status.so
> >>
> >> LoadModule autoindex_module modules/mod_autoindex.so
> >>
> >> LoadModule info_module modules/mod_info.so
> >>
> >> LoadModule dav_fs_module modules/mod_dav_fs.so
> >>
> >> LoadModule vhost_alias_module modules/mod_vhost_alias.so
> >>
> >> LoadModule negotiation_module modules/mod_negotiation.so
> >>
> >> LoadModule dir_module modules/mod_dir.so
> >>
> >> LoadModule actions_module modules/mod_actions.so
> >>
> >> LoadModule speling_module modules/mod_speling.so
> >>
> >> LoadModule userdir_module modules/mod_userdir.so
> >>
> >> LoadModule alias_module modules/mod_alias.so
> >>
> >> LoadModule rewrite_module modules/mod_rewrite.so
> >>
> >> LoadModule proxy_module modules/mod_proxy.so
> >>
> >> LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
> >>
> >> LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
> >>
> >> LoadModule proxy_http_module modules/mod_proxy_http.so
> >>
> >> LoadModule proxy_connect_module modules/mod_proxy_connect.so
> >>
> >> LoadModule cache_module modules/mod_cache.so
> >>
> >> LoadModule suexec_module modules/mod_suexec.so
> >>
> >> LoadModule disk_cache_module modules/mod_disk_cache.so
> >>
> >> LoadModule file_cache_module modules/mod_file_cache.so
> >>
> >> LoadModule mem_cache_module modules/mod_mem_cache.so
> >>
> >> LoadModule cgi_module modules/mod_cgi.so
> >>
> >> #
> >>
> >> Include conf.d/*.conf
> >>
> >> #
> >>
> >> User apache
> >>
> >> Group apache
> >>
> >> #
> >>
> >> ServerAdmin webmaster@securitytrifecta.com
> >>
> >> ServerName 208.109.171.169:80
> >>
> >> UseCanonicalName Off
> >>
> >> DocumentRoot "/html"
> >>
> >> #
> >>
> >> <Directory />
> >>
> >>   Options FollowSymLinks
> >>
> >>   AllowOverride None
> >>
> >> </Directory>
> >>
> >> #
> >>
> >> <Directory "/html">
> >>
> >>   Options Indexes FollowSymLinks
> >>
> >>   AllowOverride All
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >> </Directory>
> >>
> >> #
> >>
> >> <IfModule mod_userdir.c>
> >>
> >>   UserDir disabled
> >>
> >> </IfModule>
> >>
> >> #
> >>
> >> DirectoryIndex index.html index.html.var index.php
> >>
> >> AccessFileName .htaccess
> >>
> >> #
> >>
> >> <Files ~ "^\.ht">
> >>
> >>   Order allow,deny
> >>
> >>   Deny from all
> >>
> >> </Files>
> >>
> >> #
> >>
> >> TypesConfig /etc/mime.types
> >>
> >> DefaultType text/plain
> >>
> >> #
> >>
> >> <IfModule mod_mime_magic.c>
> >>
> >>   MIMEMagicFile conf/magic
> >>
> >> </IfModule>
> >>
> >> #
> >>
> >> HostnameLookups Off
> >>
> >> #
> >>
> >> ErrorLog logs/error_log
> >>
> >> LogLevel warn
> >>
> >> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
> >> combined
> >>
> >> LogFormat "%h %l %u %t \"%r\" %>s %b" common
> >>
> >> LogFormat "%{Referer}i -> %U" referer
> >>
> >> LogFormat "%{User-agent}i" agent
> >>
> >> CustomLog logs/access_log common
> >>
> >> CustomLog logs/access_log combined
> >>
> >> #
> >>
> >> ServerSignature On
> >>
> >> #
> >>
> >> Alias /icons/ "/www/icons/"
> >>
> >> #
> >>
> >> <Directory "/www/icons">
> >>
> >>   Options Indexes MultiViews FollowSymLinks
> >>
> >>   AllowOverride None
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >> </Directory>
> >>
> >> #
> >>
> >> <IfModule mod_dav_fs.c>
> >>
> >>   DAVLockDB /var/lib/dav/lockdb
> >>
> >> </IfModule>
> >>
> >> #
> >>
> >> ScriptAlias /cgi-bin/ "/www/cgi-bin/"
> >>
> >> #
> >>
> >> <Directory "/www/cgi-bin">
> >>
> >>   AllowOverride None
> >>
> >>   Options None
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >> </Directory>
> >>
> >> #
> >>
> >> IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
> >> Charset=UTF-8
> >>
> >> AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
> >>
> >> AddIconByType (TXT,/icons/text.gif) text/*
> >>
> >> AddIconByType (IMG,/icons/image2.gif) image/*
> >>
> >> AddIconByType (SND,/icons/sound2.gif) audio/*
> >>
> >> AddIconByType (VID,/icons/movie.gif) video/*
> >>
> >> AddIcon /icons/binary.gif .bin .exe
> >>
> >> AddIcon /icons/binhex.gif .hqx
> >>
> >> AddIcon /icons/tar.gif .tar
> >>
> >> AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
> >>
> >> AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
> >>
> >> AddIcon /icons/a.gif .ps .ai .eps
> >>
> >> AddIcon /icons/layout.gif .html .shtml .htm .pdf
> >>
> >> AddIcon /icons/text.gif .txt
> >>
> >> AddIcon /icons/c.gif .c
> >>
> >> AddIcon /icons/p.gif .pl .py
> >>
> >> AddIcon /icons/f.gif .for
> >>
> >> AddIcon /icons/dvi.gif .dvi
> >>
> >> AddIcon /icons/uuencoded.gif .uu
> >>
> >> AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
> >>
> >> AddIcon /icons/tex.gif .tex
> >>
> >> AddIcon /icons/bomb.gif core
> >>
> >> AddIcon /icons/back.gif ..
> >>
> >> AddIcon /icons/hand.right.gif README
> >>
> >> AddIcon /icons/folder.gif ^^DIRECTORY^^
> >>
> >> AddIcon /icons/blank.gif ^^BLANKICON^^
> >>
> >> DefaultIcon /icons/unknown.gif
> >>
> >> #
> >>
> >> ReadmeName README.html
> >>
> >> HeaderName HEADER.html
> >>
> >> #
> >>
> >> IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
> >>
> >> #
> >>
> >> AddLanguage ca .ca
> >>
> >> AddLanguage cs .cz .cs
> >>
> >> AddLanguage da .dk
> >>
> >> AddLanguage de .de
> >>
> >> AddLanguage el .el
> >>
> >> AddLanguage en .en
> >>
> >> AddLanguage eo .eo
> >>
> >> AddLanguage es .es
> >>
> >> AddLanguage et .et
> >>
> >> AddLanguage fr .fr
> >>
> >> AddLanguage he .he
> >>
> >> AddLanguage hr .hr
> >>
> >> AddLanguage it .it
> >>
> >> AddLanguage ja .ja
> >>
> >> AddLanguage ko .ko
> >>
> >> AddLanguage ltz .ltz
> >>
> >> AddLanguage nl .nl
> >>
> >> AddLanguage nn .nn
> >>
> >> AddLanguage no .no
> >>
> >> AddLanguage pl .po
> >>
> >> AddLanguage pt .pt
> >>
> >> AddLanguage pt-BR .pt-br
> >>
> >> AddLanguage ru .ru
> >>
> >> AddLanguage sv .sv
> >>
> >> AddLanguage zh-CN .zh-cn
> >>
> >> AddLanguage zh-TW .zh-tw
> >>
> >> #
> >>
> >> LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn
> >> no
> >> pl pt pt-BR ru sv zh-CN zh-TW
> >>
> >> ForceLanguagePriority Prefer Fallback
> >>
> >> AddDefaultCharset UTF-8
> >>
> >> #
> >>
> >> AddType application/x-compress .Z
> >>
> >> AddType application/x-gzip .gz .tgz
> >>
> >> AddType application/x-x509-ca-cert .crt
> >>
> >> AddType application/x-pkcs7-crl    .crl
> >>
> >> AddHandler type-map var
> >>
> >> AddType text/html .shtml
> >>
> >> AddOutputFilter INCLUDES .shtml
> >>
> >> #
> >>
> >> Alias /error/ "/www/error/"
> >>
> >> #
> >>
> >> <IfModule mod_negotiation.c>
> >>
> >> <IfModule mod_include.c>
> >>
> >> <Directory "/www/error">
> >>
> >>   AllowOverride None
> >>
> >>   Options IncludesNoExec
> >>
> >>   AddOutputFilter Includes html
> >>
> >>   AddHandler type-map var
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >>   LanguagePriority en es de fr
> >>
> >>   ForceLanguagePriority Prefer Fallback
> >>
> >> </Directory>
> >>
> >> #
> >>
> >> #ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
> >>
> >> #ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
> >>
> >> #ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
> >>
> >> #ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
> >>
> >> #ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
> >>
> >> #ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
> >>
> >> #ErrorDocument 410 /error/HTTP_GONE.html.var
> >>
> >> #ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
> >>
> >> #ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
> >>
> >> #ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
> >>
> >> #ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
> >>
> >> #ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
> >>
> >> #ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
> >>
> >> #ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
> >>
> >> #ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
> >>
> >> #ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
> >>
> >> #ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
> >>
> >> #
> >>
> >> </IfModule>
> >>
> >> </IfModule>
> >>
> >> #
> >>
> >> BrowserMatch "Mozilla/2" nokeepalive
> >>
> >> BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
> >>
> >> BrowserMatch "RealPlayer 4\.0" force-response-1.0
> >>
> >> BrowserMatch "Java/1\.0" force-response-1.0
> >>
> >> BrowserMatch "JDK/1\.0" force-response-1.0
> >>
> >> BrowserMatch "Microsoft Data Access Internet Publishing Provider"
> >> redirect-carefully
> >>
> >> BrowserMatch "MS FrontPage" redirect-carefully
> >>
> >> BrowserMatch "^WebDrive" redirect-carefully
> >>
> >> BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
> >>
> >> BrowserMatch "^gnome-vfs/1.0" redirect-carefully
> >>
> >> BrowserMatch "^XML Spy" redirect-carefully
> >>
> >> BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
> >>
> >> #
> >>
> >> NameVirtualHost *:80
> >>
> >> #
> >>
> >> <VirtualHost *:80>
> >>
> >> ServerName policy-machine.com
> >>
> >> ServerName itsecuritypolicy.org
> >>
> >> ServerName policymachine.com
> >>
> >> DocumentRoot "/html/itsecuritypolicy"
> >>
> >> ServerAdmin webmaster@policy-machine.com
> >>
> >> <Directory "/html/itsecuritypolicy">
> >>
> >>   Options Indexes FollowSymLinks
> >>
> >>   AllowOverride All
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >> </Directory>
> >>
> >> </VirtualHost>
> >>
> >> #
> >>
> >> <VirtualHost *:80>
> >>
> >> ServerName michaelpeters.org
> >>
> >> DocumentRoot "/html/michaelpeters"
> >>
> >> ServerAdmin webmaster@michaelpeters.org
> >>
> >> <Directory "/html/michaelpeters">
> >>
> >>   Options Indexes FollowSymLinks
> >>
> >>   AllowOverride All
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >> </Directory>
> >>
> >> </VirtualHost>
> >>
> >> #
> >>
> >> <VirtualHost *:80>
> >>
> >> ServerName lazarusalliance.com
> >>
> >> ServerName fedramp.us
> >>
> >> ServerName ssae-16.us
> >>
> >> ServerName yourpersonalcxo.com
> >>
> >> DocumentRoot "/html/lazarusalliance"
> >>
> >> ServerAdmin webmaster@lazarusalliance.com
> >>
> >> <Directory "/html/lazarusalliance">
> >>
> >>   Options Indexes FollowSymLinks
> >>
> >>   AllowOverride All
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >> </Directory>
> >>
> >> </VirtualHost>
> >>
> >> #
> >>
> >> <VirtualHost *:80>
> >>
> >> ServerName securitytrifecta.com
> >>
> >> DocumentRoot "/html"
> >>
> >> ServerAdmin webmaster@securitytrifecta.com
> >>
> >> <Directory "/html">
> >>
> >>   Options Indexes FollowSymLinks
> >>
> >>   AllowOverride All
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >> </Directory>
> >>
> >> <Directory "/html/menu">
> >>
> >>   Options Indexes FollowSymLinks
> >>
> >>   AllowOverride All
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >> </Directory>
> >>
> >> <Directory "/html/auditprotocol">
> >>
> >>   Options Indexes FollowSymLinks
> >>
> >>   AllowOverride All
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >>   SSLRenegBufferSize 26214400
> >>
> >>   LimitRequestBody 2044430000
> >>
> >> </Directory>
> >>
> >> <Directory "/html/skipfish">
> >>
> >>   Options Indexes FollowSymLinks
> >>
> >>   AllowOverride All
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >>   AuthType Basic
> >>
> >>   AuthName "Restricted Files"
> >>
> >>   AuthBasicProvider file
> >>
> >>   AuthUserFile /www/html/passwd/passwords
> >>
> >>   Require user mdpeters67
> >>
> >> </Directory>
> >>
> >> <Directory "/html/skipfish-2.10b">
> >>
> >>   Options Indexes FollowSymLinks
> >>
> >>   AllowOverride All
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >>   AuthType Basic
> >>
> >>   AuthName "Restricted Files"
> >>
> >>   AuthBasicProvider file
> >>
> >>   AuthUserFile /www/html/passwd/passwords
> >>
> >>   Require user mdpeters67
> >>
> >> </Directory>
> >>
> >> <Directory "/html/phpMyAdmin">
> >>
> >>   Options Indexes FollowSymLinks
> >>
> >>   AllowOverride All
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >>   AuthType Basic
> >>
> >>   AuthName "Restricted Files"
> >>
> >>   AuthBasicProvider file
> >>
> >>   AuthUserFile /www/html/passwd/passwords
> >>
> >>   Require user mdpeters67
> >>
> >> </Directory>
> >>
> >> <Directory "/html/phpMyAdmin-4.1.6-all-languages">
> >>
> >>   Options Indexes FollowSymLinks
> >>
> >>   AllowOverride All
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >>   AuthType Basic
> >>
> >>   AuthName "Restricted Files"
> >>
> >>   AuthBasicProvider file
> >>
> >>   AuthUserFile /www/html/passwd/passwords
> >>
> >>   Require user mdpeters67
> >>
> >> </Directory>
> >>
> >> <Directory "/html/munin">
> >>
> >>   Options Indexes FollowSymLinks
> >>
> >>   AllowOverride All
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >>   AuthType Basic
> >>
> >>   AuthName "Restricted Files"
> >>
> >>   AuthBasicProvider file
> >>
> >>   AuthUserFile /www/html/passwd/passwords
> >>
> >>   Require user mdpeters67
> >>
> >> </Directory>
> >>
> >> <Directory "/usr/lib/munin/cgi">
> >>
> >>   Options +ExecCGI
> >>
> >>   <IfModule mod_fcgid.c>
> >>
> >>   SetHandler fcgid-script
> >>
> >>   </IfModule>
> >>
> >>   <IfModule !mod_fcgid.c>
> >>
> >>   SetHandler cgi-script
> >>
> >>   </IfModule>
> >>
> >> </Directory>
> >>
> >> </VirtualHost>
> >>
> >> #
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> From: John Hudak [mailto:jjhudak@gmail.com]
> >> Sent: Friday, May 2, 2014 6:44 AM
> >> To: users@httpd.apache.org
> >> Subject: Re: [users@httpd] One IP, Many Domains - One Headache
> >>
> >>
> >>
> >> I cant pick out any errors.  It does appear you are using name-based
> >> virtual hosting.  For testing you can put the domain names in your host
> >> table...maybe you did and forgot to remove them?
> >>
> >> Perhaps start with one site and get that reliably working, and then add
> a
> >> second site and get both reliabily working, then extend the Virtual
> Hosts
> >> section to accomodate the other sites.
> >>
> >>
> >>
> >> J
> >>
> >>
> >>
> >>
> >>
> >> On Fri, May 2, 2014 at 12:57 AM, Michael Peters
> >> <michael.peters@lazarusalliance.com> wrote:
> >>
> >> I have one IP and many domains. My problem is that when I request one
> >> site, a different one displays sometimes, sometimes not. Also, nearly
> all
> >> sub-pages do not display with 404 errors. I’ve tried so many httpd.conf
> >> and ssl.conf combinations, my head hurts. I’ve ready many examples and
> >> help files. I’ve looked at error logs and nothing makes sense to me.
> >>
> >>
> >>
> >> Would someone please help? It’s probably something simple but this has
> >> been a real bugger for me.
> >>
> >>
> >>
> >> Here is my current httpd.conf:
> >>
> >>
> >>
> >> ### Section 1: Global Environment
> >>
> >> #
> >>
> >> # The directives in this section affect the overall operation of Apache,
> >>
> >> # such as the number of concurrent requests it can handle or where it
> >>
> >> # can find its configuration files.
> >>
> >> #
> >>
> >>
> >>
> >> #
> >>
> >> # Don't give away too much information about all the subcomponents
> >>
> >> # we are running.  Comment out this line if you don't mind remote sites
> >>
> >> # finding out what major optional modules you are running
> >>
> >> ServerTokens OS
> >>
> >>
> >>
> >> #
> >>
> >> # ServerRoot: The top of the directory tree under which the server's
> >>
> >> # configuration, error, and log files are kept.
> >>
> >> #
> >>
> >> # NOTE!  If you intend to place this on an NFS (or otherwise network)
> >>
> >> # mounted filesystem then please read the LockFile documentation
> >>
> >> # (available at
> >> <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
> >>
> >> # you will save yourself a lot of trouble.
> >>
> >> #
> >>
> >> # Do NOT add a slash at the end of the directory path.
> >>
> >> #
> >>
> >> ServerRoot "/etc/httpd"
> >>
> >>
> >>
> >> #
> >>
> >> # PidFile: The file in which the server should record its process
> >>
> >> # identification number when it starts.
> >>
> >> #
> >>
> >> PidFile run/httpd.pid
> >>
> >>
> >>
> >> #
> >>
> >> # Timeout: The number of seconds before receives and sends time out.
> >>
> >> #
> >>
> >> Timeout 120
> >>
> >>
> >>
> >> #
> >>
> >> # KeepAlive: Whether or not to allow persistent connections (more than
> >>
> >> # one request per connection). Set to "Off" to deactivate.
> >>
> >> #
> >>
> >> KeepAlive Off
> >>
> >>
> >>
> >> #
> >>
> >> # MaxKeepAliveRequests: The maximum number of requests to allow
> >>
> >> # during a persistent connection. Set to 0 to allow an unlimited amount.
> >>
> >> # We recommend you leave this number high, for maximum performance.
> >>
> >> #
> >>
> >> MaxKeepAliveRequests 100
> >>
> >>
> >>
> >> #
> >>
> >> # KeepAliveTimeout: Number of seconds to wait for the next request from
> >> the
> >>
> >> # same client on the same connection.
> >>
> >> #
> >>
> >> KeepAliveTimeout 15
> >>
> >>
> >>
> >> ##
> >>
> >> ## Server-Pool Size Regulation (MPM specific)
> >>
> >> ##
> >>
> >>
> >>
> >> # prefork ITK
> >>
> >>
> >>
> >> # AssignUserID: Takes two parameters, uid and gid (or really, user name
> >> and
> >>
> >> #  group name); specifies what uid and gid the vhost will run as
> >>
> >> #  (after parsing the request etc., of course). Note that if you do not
> >> assign
> >>
> >> #  a user ID, the default one from Apache will be used.
> >>
> >>
> >>
> >> # MaxClientsVHost: A separate MaxClients for the vhost. This can be
> >> useful
> >> if,
> >>
> >> #  say, half of your vhosts depend on some NFS server (like on our
> >> setup);
> >>
> >> #  if the NFS server goes down, you do not want the children waiting
> >> forever
> >>
> >> #  on NFS to take the non-NFS-dependent hosts down. This can thus act as
> >> a
> >>
> >> #  safety measure, giving "server too busy" on the NFS-dependent vhosts
> >>
> >> #  while keeping the other ones happily running. (Of course, you could
> >> use
> >>
> >> #  it to simply keep one site from eating way too much resources, but
> >> there
> >>
> >> #  are probably better ways of doing that.)
> >>
> >>
> >>
> >> # NiceValue: Lets you nice some requests down, to give them less CPU
> >> time.
> >>
> >>
> >>
> >> <IfModule itk.c>
> >>
> >> StartServers       8
> >>
> >> MinSpareServers    5
> >>
> >> MaxSpareServers   20
> >>
> >> ServerLimit      256
> >>
> >> MaxClients       256
> >>
> >> MaxRequestsPerChild  4000
> >>
> >> </IfModule>
> >>
> >>
> >>
> >> # prefork MPM
> >>
> >> # StartServers: number of server processes to start
> >>
> >> # MinSpareServers: minimum number of server processes which are kept
> >> spare
> >>
> >> # MaxSpareServers: maximum number of server processes which are kept
> >> spare
> >>
> >> # ServerLimit: maximum value for MaxClients for the lifetime of the
> >> server
> >>
> >> # MaxClients: maximum number of server processes allowed to start
> >>
> >> # MaxRequestsPerChild: maximum number of requests a server process
> serves
> >>
> >> <IfModule prefork.c>
> >>
> >> StartServers       8
> >>
> >> MinSpareServers    5
> >>
> >> MaxSpareServers   20
> >>
> >> ServerLimit      256
> >>
> >> MaxClients       256
> >>
> >> MaxRequestsPerChild  4000
> >>
> >> </IfModule>
> >>
> >>
> >>
> >> # worker MPM
> >>
> >> # StartServers: initial number of server processes to start
> >>
> >> # MaxClients: maximum number of simultaneous client connections
> >>
> >> # MinSpareThreads: minimum number of worker threads which are kept spare
> >>
> >> # MaxSpareThreads: maximum number of worker threads which are kept spare
> >>
> >> # ThreadsPerChild: constant number of worker threads in each server
> >> process
> >>
> >> # MaxRequestsPerChild: maximum number of requests a server process
> serves
> >>
> >> <IfModule worker.c>
> >>
> >> StartServers         2
> >>
> >> MaxClients         150
> >>
> >> MinSpareThreads     25
> >>
> >> MaxSpareThreads     75
> >>
> >> ThreadsPerChild     25
> >>
> >> MaxRequestsPerChild  0
> >>
> >> </IfModule>
> >>
> >>
> >>
> >> #
> >>
> >> # Listen: Allows you to bind Apache to specific IP addresses and/or
> >>
> >> # ports, in addition to the default. See also the <VirtualHost>
> >>
> >> # directive.
> >>
> >> #
> >>
> >> # Change this to Listen on specific IP addresses as shown below to
> >>
> >> # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
> >>
> >> #
> >>
> >> #Listen 12.34.56.78:80
> >>
> >> Listen 208.109.171.169:80
> >>
> >>
> >>
> >> #
> >>
> >> # Dynamic Shared Object (DSO) Support
> >>
> >> #
> >>
> >> # To be able to use the functionality of a module which was built as a
> >> DSO
> >> you
> >>
> >> # have to place corresponding `LoadModule' lines at this location so the
> >>
> >> # directives contained in it are actually available _before_ they are
> >> used.
> >>
> >> # Statically compiled modules (those listed by `httpd -l') do not need
> >>
> >> # to be loaded here.
> >>
> >> #
> >>
> >> # Example:
> >>
> >> # LoadModule foo_module modules/mod_foo.so
> >>
> >> #
> >>
> >> LoadModule auth_basic_module modules/mod_auth_basic.so
> >>
> >> LoadModule auth_digest_module modules/mod_auth_digest.so
> >>
> >> LoadModule authn_file_module modules/mod_authn_file.so
> >>
> >> LoadModule authn_alias_module modules/mod_authn_alias.so
> >>
> >> LoadModule authn_anon_module modules/mod_authn_anon.so
> >>
> >> LoadModule authn_dbm_module modules/mod_authn_dbm.so
> >>
> >> LoadModule authn_default_module modules/mod_authn_default.so
> >>
> >> LoadModule authz_host_module modules/mod_authz_host.so
> >>
> >> LoadModule authz_user_module modules/mod_authz_user.so
> >>
> >> LoadModule authz_owner_module modules/mod_authz_owner.so
> >>
> >> LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
> >>
> >> LoadModule authz_dbm_module modules/mod_authz_dbm.so
> >>
> >> LoadModule authz_default_module modules/mod_authz_default.so
> >>
> >> LoadModule ldap_module modules/mod_ldap.so
> >>
> >> LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
> >>
> >> LoadModule include_module modules/mod_include.so
> >>
> >> LoadModule log_config_module modules/mod_log_config.so
> >>
> >> LoadModule logio_module modules/mod_logio.so
> >>
> >> LoadModule env_module modules/mod_env.so
> >>
> >> LoadModule ext_filter_module modules/mod_ext_filter.so
> >>
> >> LoadModule mime_magic_module modules/mod_mime_magic.so
> >>
> >> LoadModule expires_module modules/mod_expires.so
> >>
> >> LoadModule deflate_module modules/mod_deflate.so
> >>
> >> LoadModule headers_module modules/mod_headers.so
> >>
> >> LoadModule usertrack_module modules/mod_usertrack.so
> >>
> >> LoadModule setenvif_module modules/mod_setenvif.so
> >>
> >> LoadModule mime_module modules/mod_mime.so
> >>
> >> LoadModule dav_module modules/mod_dav.so
> >>
> >> LoadModule status_module modules/mod_status.so
> >>
> >> LoadModule autoindex_module modules/mod_autoindex.so
> >>
> >> LoadModule info_module modules/mod_info.so
> >>
> >> LoadModule dav_fs_module modules/mod_dav_fs.so
> >>
> >> LoadModule vhost_alias_module modules/mod_vhost_alias.so
> >>
> >> LoadModule negotiation_module modules/mod_negotiation.so
> >>
> >> LoadModule dir_module modules/mod_dir.so
> >>
> >> LoadModule actions_module modules/mod_actions.so
> >>
> >> LoadModule speling_module modules/mod_speling.so
> >>
> >> LoadModule userdir_module modules/mod_userdir.so
> >>
> >> LoadModule alias_module modules/mod_alias.so
> >>
> >> LoadModule rewrite_module modules/mod_rewrite.so
> >>
> >> LoadModule proxy_module modules/mod_proxy.so
> >>
> >> LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
> >>
> >> LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
> >>
> >> LoadModule proxy_http_module modules/mod_proxy_http.so
> >>
> >> LoadModule proxy_connect_module modules/mod_proxy_connect.so
> >>
> >> LoadModule cache_module modules/mod_cache.so
> >>
> >> LoadModule suexec_module modules/mod_suexec.so
> >>
> >> LoadModule disk_cache_module modules/mod_disk_cache.so
> >>
> >> LoadModule file_cache_module modules/mod_file_cache.so
> >>
> >> LoadModule mem_cache_module modules/mod_mem_cache.so
> >>
> >> LoadModule cgi_module modules/mod_cgi.so
> >>
> >>
> >>
> >> #
> >>
> >> # The following modules are not loaded by default:
> >>
> >> #
> >>
> >> #LoadModule cern_meta_module modules/mod_cern_meta.so
> >>
> >> #LoadModule asis_module modules/mod_asis.so
> >>
> >>
> >>
> >> #
> >>
> >> # Load config files from the config directory "/etc/httpd/conf.d".
> >>
> >> #
> >>
> >> Include conf.d/*.conf
> >>
> >>
> >>
> >> #
> >>
> >> # ExtendedStatus controls whether Apache will generate "full" status
> >>
> >> # information (ExtendedStatus On) or just basic information
> >> (ExtendedStatus
> >>
> >> # Off) when the "server-status" handler is called. The default is Off.
> >>
> >> #
> >>
> >> #ExtendedStatus On
> >>
> >>
> >>
> >> #
> >>
> >> # If you wish httpd to run as a different user or group, you must run
> >>
> >> # httpd as root initially and it will switch.
> >>
> >> #
> >>
> >> # User/Group: The name (or #number) of the user/group to run httpd as.
> >>
> >> #  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
> >>
> >> #  . On HPUX you may not be able to use shared memory as nobody, and the
> >>
> >> #    suggested workaround is to create a user www and use that user.
> >>
> >> #  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
> >>
> >> #  when the value of (unsigned)Group is above 60000;
> >>
> >> #  don't use Group #-1 on these systems!
> >>
> >> #
> >>
> >> User apache
> >>
> >> Group apache
> >>
> >>
> >>
> >> ### Section 2: 'Main' server configuration
> >>
> >> #
> >>
> >> # The directives in this section set up the values used by the 'main'
> >>
> >> # server, which responds to any requests that aren't handled by a
> >>
> >> # <VirtualHost> definition.  These values also provide defaults for
> >>
> >> # any <VirtualHost> containers you may define later in the file.
> >>
> >> #
> >>
> >> # All of these directives may appear inside <VirtualHost> containers,
> >>
> >> # in which case these default settings will be overridden for the
> >>
> >> # virtual host being defined.
> >>
> >> #
> >>
> >>
> >>
> >> #
> >>
> >> # ServerAdmin: Your address, where problems with the server should be
> >>
> >> # e-mailed.  This address appears on some server-generated pages, such
> >>
> >> # as error documents.  e.g. admin@your-domain.com
> >>
> >> #
> >>
> >> ServerAdmin webmaster@securitytrifecta.com
> >>
> >>
> >>
> >> #
> >>
> >> # ServerName gives the name and port that the server uses to identify
> >> itself.
> >>
> >> # This can often be determined automatically, but we recommend you
> >> specify
> >>
> >> # it explicitly to prevent problems during startup.
> >>
> >> #
> >>
> >> # If this is not set to valid DNS name for your host, server-generated
> >>
> >> # redirections will not work.  See also the UseCanonicalName directive.
> >>
> >> #
> >>
> >> # If your host doesn't have a registered DNS name, enter its IP address
> >> here.
> >>
> >> # You will have to access it by its address anyway, and this will make
> >>
> >> # redirections work in a sensible way.
> >>
> >> #
> >>
> >> ServerName 208.109.171.169:80
> >>
> >>
> >>
> >> #
> >>
> >> # UseCanonicalName: Determines how Apache constructs self-referencing
> >>
> >> # URLs and the SERVER_NAME and SERVER_PORT variables.
> >>
> >> # When set "Off", Apache will use the Hostname and Port supplied
> >>
> >> # by the client.  When set "On", Apache will use the value of the
> >>
> >> # ServerName directive.
> >>
> >> #
> >>
> >> UseCanonicalName Off
> >>
> >>
> >>
> >> #
> >>
> >> # DocumentRoot: The directory out of which you will serve your
> >>
> >> # documents. By default, all requests are taken from this directory, but
> >>
> >> # symbolic links and aliases may be used to point to other locations.
> >>
> >> #
> >>
> >> DocumentRoot "/html"
> >>
> >>
> >>
> >> #
> >>
> >> # Each directory to which Apache has access can be configured with
> >> respect
> >>
> >> # to which services and features are allowed and/or disabled in that
> >>
> >> # directory (and its subdirectories).
> >>
> >> #
> >>
> >> # First, we configure the "default" to be a very restrictive set of
> >>
> >> # features.
> >>
> >> #
> >>
> >> <Directory />
> >>
> >>     Options FollowSymLinks
> >>
> >>     AllowOverride None
> >>
> >> </Directory>
> >>
> >>
> >>
> >> #
> >>
> >> # Note that from this point forward you must specifically allow
> >>
> >> # particular features to be enabled - so if something's not working as
> >>
> >> # you might expect, make sure that you have specifically enabled it
> >>
> >> # below.
> >>
> >> #
> >>
> >>
> >>
> >> #
> >>
> >> # This should be changed to whatever you set DocumentRoot to.
> >>
> >> #
> >>
> >> <Directory "/html">
> >>
> >>
> >>
> >> #
> >>
> >> # Possible values for the Options directive are "None", "All",
> >>
> >> # or any combination of:
> >>
> >> #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI
> >> MultiViews
> >>
> >> #
> >>
> >> # Note that "MultiViews" must be named *explicitly* --- "Options All"
> >>
> >> # doesn't give it to you.
> >>
> >> #
> >>
> >> # The Options directive is both complicated and important.  Please see
> >>
> >> # http://httpd.apache.org/docs/2.2/mod/core.html#options
> >>
> >> # for more information.
> >>
> >> #
> >>
> >>     Options Indexes FollowSymLinks
> >>
> >>
> >>
> >> #
> >>
> >> # AllowOverride controls what directives may be placed in .htaccess
> >> files.
> >>
> >> # It can be "All", "None", or any combination of the keywords:
> >>
> >> #   Options FileInfo AuthConfig Limit
> >>
> >> #
> >>
> >>     AllowOverride None
> >>
> >>
> >>
> >> #
> >>
> >> # Controls who can get stuff from this server.
> >>
> >> #
> >>
> >>     Order allow,deny
> >>
> >>     Allow from all
> >>
> >>
> >>
> >> </Directory>
> >>
> >>
> >>
> >> #
> >>
> >> # UserDir: The name of the directory that is appended onto a user's home
> >>
> >> # directory if a ~user request is received.
> >>
> >> #
> >>
> >> # The path to the end user account 'public_html' directory must be
> >>
> >> # accessible to the webserver userid.  This usually means that ~userid
> >>
> >> # must have permissions of 711, ~userid/public_html must have
> permissions
> >>
> >> # of 755, and documents contained therein must be world-readable.
> >>
> >> # Otherwise, the client will only receive a "403 Forbidden" message.
> >>
> >> #
> >>
> >> # See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
> >>
> >> #
> >>
> >> <IfModule mod_userdir.c>
> >>
> >>     #
> >>
> >>     # UserDir is disabled by default since it can confirm the presence
> >>
> >>     # of a username on the system (depending on home directory
> >>
> >>     # permissions).
> >>
> >>     #
> >>
> >>     UserDir disabled
> >>
> >>
> >>
> >>     #
> >>
> >>     # To enable requests to /~user/ to serve the user's public_html
> >>
> >>     # directory, remove the "UserDir disabled" line above, and uncomment
> >>
> >>     # the following line instead:
> >>
> >>     #
> >>
> >>     #UserDir public_html
> >>
> >>
> >>
> >> </IfModule>
> >>
> >>
> >>
> >> #
> >>
> >> # Control access to UserDir directories.  The following is an example
> >>
> >> # for a site where these directories are restricted to read-only.
> >>
> >> #
> >>
> >> #<Directory /home/*/public_html>
> >>
> >> #    AllowOverride FileInfo AuthConfig Limit
> >>
> >> #    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
> >>
> >> #    <Limit GET POST OPTIONS>
> >>
> >> #        Order allow,deny
> >>
> >> #        Allow from all
> >>
> >> #    </Limit>
> >>
> >> #    <LimitExcept GET POST OPTIONS>
> >>
> >> #        Order deny,allow
> >>
> >> #        Deny from all
> >>
> >> #    </LimitExcept>
> >>
> >> #</Directory>
> >>
> >>
> >>
> >> #
> >>
> >> # DirectoryIndex: sets the file that Apache will serve if a directory
> >>
> >> # is requested.
> >>
> >> #
> >>
> >> # The index.html.var file (a type-map) is used to deliver content-
> >>
> >> # negotiated documents.  The MultiViews Option can be used for the
> >>
> >> # same purpose, but it is much slower.
> >>
> >> #
> >>
> >> DirectoryIndex index.html index.html.var index.php
> >>
> >>
> >>
> >> #
> >>
> >> # AccessFileName: The name of the file to look for in each directory
> >>
> >> # for additional configuration directives.  See also the AllowOverride
> >>
> >> # directive.
> >>
> >> #
> >>
> >> AccessFileName .htaccess
> >>
> >>
> >>
> >> #
> >>
> >> # The following lines prevent .htaccess and .htpasswd files from being
> >>
> >> # viewed by Web clients.
> >>
> >> #
> >>
> >> <Files ~ "^\.ht">
> >>
> >>     Order allow,deny
> >>
> >>     Deny from all
> >>
> >> </Files>
> >>
> >>
> >>
> >> #
> >>
> >> # TypesConfig describes where the mime.types file (or equivalent) is
> >>
> >> # to be found.
> >>
> >> #
> >>
> >> TypesConfig /etc/mime.types
> >>
> >>
> >>
> >> #
> >>
> >> # DefaultType is the default MIME type the server will use for a
> document
> >>
> >> # if it cannot otherwise determine one, such as from filename
> extensions.
> >>
> >> # If your server contains mostly text or HTML documents, "text/plain" is
> >>
> >> # a good value.  If most of your content is binary, such as applications
> >>
> >> # or images, you may want to use "application/octet-stream" instead to
> >>
> >> # keep browsers from trying to display binary files as though they are
> >>
> >> # text.
> >>
> >> #
> >>
> >> DefaultType text/plain
> >>
> >>
> >>
> >> #
> >>
> >> # The mod_mime_magic module allows the server to use various hints from
> >> the
> >>
> >> # contents of the file itself to determine its type.  The MIMEMagicFile
> >>
> >> # directive tells the module where the hint definitions are located.
> >>
> >> #
> >>
> >> <IfModule mod_mime_magic.c>
> >>
> >> #   MIMEMagicFile /usr/share/magic.mime
> >>
> >>     MIMEMagicFile conf/magic
> >>
> >> </IfModule>
> >>
> >>
> >>
> >> #
> >>
> >> # HostnameLookups: Log the names of clients or just their IP addresses
> >>
> >> # e.g., www.apache.org (on) or 204.62.129.132 (off).
> >>
> >> # The default is off because it'd be overall better for the net if
> people
> >>
> >> # had to knowingly turn this feature on, since enabling it means that
> >>
> >> # each client request will result in AT LEAST one lookup request to the
> >>
> >> # nameserver.
> >>
> >> #
> >>
> >> HostnameLookups Off
> >>
> >>
> >>
> >> #
> >>
> >> # EnableMMAP: Control whether memory-mapping is used to deliver
> >>
> >> # files (assuming that the underlying OS supports it).
> >>
> >> # The default is on; turn this off if you serve from NFS-mounted
> >>
> >> # filesystems.  On some systems, turning it off (regardless of
> >>
> >> # filesystem) can improve performance; for details, please see
> >>
> >> # http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap
> >>
> >> #
> >>
> >> #EnableMMAP off
> >>
> >>
> >>
> >> #
> >>
> >> # EnableSendfile: Control whether the sendfile kernel support is
> >>
> >> # used to deliver files (assuming that the OS supports it).
> >>
> >> # The default is on; turn this off if you serve from NFS-mounted
> >>
> >> # filesystems.  Please see
> >>
> >> # http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
> >>
> >> #
> >>
> >> #EnableSendfile off
> >>
> >>
> >>
> >> #
> >>
> >> # ErrorLog: The location of the error log file.
> >>
> >> # If you do not specify an ErrorLog directive within a <VirtualHost>
> >>
> >> # container, error messages relating to that virtual host will be
> >>
> >> # logged here.  If you *do* define an error logfile for a <VirtualHost>
> >>
> >> # container, that host's errors will be logged there and not here.
> >>
> >> #
> >>
> >> ErrorLog logs/error_log
> >>
> >>
> >>
> >> #
> >>
> >> # LogLevel: Control the number of messages logged to the error_log.
> >>
> >> # Possible values include: debug, info, notice, warn, error, crit,
> >>
> >> # alert, emerg.
> >>
> >> #
> >>
> >> LogLevel warn
> >>
> >>
> >>
> >> #
> >>
> >> # The following directives define some format nicknames for use with
> >>
> >> # a CustomLog directive (see below).
> >>
> >> #
> >>
> >> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
> >> combined
> >>
> >> LogFormat "%h %l %u %t \"%r\" %>s %b" common
> >>
> >> LogFormat "%{Referer}i -> %U" referer
> >>
> >> LogFormat "%{User-agent}i" agent
> >>
> >>
> >>
> >> # "combinedio" includes actual counts of actual bytes received (%I) and
> >> sent (%O); this
> >>
> >> # requires the mod_logio module to be loaded.
> >>
> >> #LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
> >> %I %O" combinedio
> >>
> >>
> >>
> >> #
> >>
> >> # The location and format of the access logfile (Common Logfile Format).
> >>
> >> # If you do not define any access logfiles within a <VirtualHost>
> >>
> >> # container, they will be logged here.  Contrariwise, if you *do*
> >>
> >> # define per-<VirtualHost> access logfiles, transactions will be
> >>
> >> # logged therein and *not* in this file.
> >>
> >> #
> >>
> >> CustomLog logs/access_log common
> >>
> >>
> >>
> >> #
> >>
> >> # If you would like to have separate agent and referer logfiles,
> >> uncomment
> >>
> >> # the following directives.
> >>
> >> #
> >>
> >> #CustomLog logs/referer_log referer
> >>
> >> #CustomLog logs/agent_log agent
> >>
> >>
> >>
> >> #
> >>
> >> # For a single logfile with access, agent, and referer information
> >>
> >> # (Combined Logfile Format), use the following directive:
> >>
> >> #
> >>
> >> CustomLog logs/access_log combined
> >>
> >>
> >>
> >> #
> >>
> >> # Optionally add a line containing the server version and virtual host
> >>
> >> # name to server-generated pages (internal error documents, FTP
> directory
> >>
> >> # listings, mod_status and mod_info output etc., but not CGI generated
> >>
> >> # documents or custom error documents).
> >>
> >> # Set to "EMail" to also include a mailto: link to the ServerAdmin.
> >>
> >> # Set to one of:  On | Off | EMail
> >>
> >> #
> >>
> >> ServerSignature On
> >>
> >>
> >>
> >> #
> >>
> >> # Aliases: Add here as many aliases as you need (with no limit). The
> >> format is
> >>
> >> # Alias fakename realname
> >>
> >> #
> >>
> >> # Note that if you include a trailing / on fakename then the server will
> >>
> >> # require it to be present in the URL.  So "/icons" isn't aliased in
> this
> >>
> >> # example, only "/icons/".  If the fakename is slash-terminated, then
> the
> >>
> >> # realname must also be slash terminated, and if the fakename omits the
> >>
> >> # trailing slash, the realname must also omit it.
> >>
> >> #
> >>
> >> # We include the /icons/ alias for FancyIndexed directory listings.  If
> >> you
> >>
> >> # do not use FancyIndexing, you may comment this out.
> >>
> >> #
> >>
> >> Alias /icons/ "/www/icons/"
> >>
> >>
> >>
> >> <Directory "/www/icons">
> >>
> >>     Options Indexes MultiViews FollowSymLinks
> >>
> >>     AllowOverride None
> >>
> >>     Order allow,deny
> >>
> >>     Allow from all
> >>
> >> </Directory>
> >>
> >>
> >>
> >> #
> >>
> >> # WebDAV module configuration section.
> >>
> >> #
> >>
> >> <IfModule mod_dav_fs.c>
> >>
> >>     # Location of the WebDAV lock database.
> >>
> >>     DAVLockDB /var/lib/dav/lockdb
> >>
> >> </IfModule>
> >>
> >>
> >>
> >> #
> >>
> >> # ScriptAlias: This controls which directories contain server scripts.
> >>
> >> # ScriptAliases are essentially the same as Aliases, except that
> >>
> >> # documents in the realname directory are treated as applications and
> >>
> >> # run by the server when requested rather than as documents sent to the
> >> client.
> >>
> >> # The same rules about trailing "/" apply to ScriptAlias directives as
> to
> >>
> >> # Alias.
> >>
> >> #
> >>
> >> ScriptAlias /cgi-bin/ "/www/cgi-bin/"
> >>
> >>
> >>
> >> #
> >>
> >> # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
> >>
> >> # CGI directory exists, if you have that configured.
> >>
> >> #
> >>
> >> <Directory "/www/cgi-bin">
> >>
> >>     AllowOverride None
> >>
> >>     Options None
> >>
> >>     Order allow,deny
> >>
> >>     Allow from all
> >>
> >> </Directory>
> >>
> >>
> >>
> >> #
> >>
> >> # Redirect allows you to tell clients about documents which used to
> exist
> >> in
> >>
> >> # your server's namespace, but do not anymore. This allows you to tell
> >> the
> >>
> >> # clients where to look for the relocated document.
> >>
> >> # Example:
> >>
> >> # Redirect permanent /foo http://www.example.com/bar
> >>
> >>
> >>
> >> #
> >>
> >> # Directives controlling the display of server-generated directory
> >> listings.
> >>
> >> #
> >>
> >>
> >>
> >> #
> >>
> >> # IndexOptions: Controls the appearance of server-generated directory
> >>
> >> # listings.
> >>
> >> #
> >>
> >> IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
> >> Charset=UTF-8
> >>
> >>
> >>
> >> #
> >>
> >> # AddIcon* directives tell the server which icon to show for different
> >>
> >> # files or filename extensions.  These are only displayed for
> >>
> >> # FancyIndexed directories.
> >>
> >> #
> >>
> >> AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
> >>
> >>
> >>
> >> AddIconByType (TXT,/icons/text.gif) text/*
> >>
> >> AddIconByType (IMG,/icons/image2.gif) image/*
> >>
> >> AddIconByType (SND,/icons/sound2.gif) audio/*
> >>
> >> AddIconByType (VID,/icons/movie.gif) video/*
> >>
> >>
> >>
> >> AddIcon /icons/binary.gif .bin .exe
> >>
> >> AddIcon /icons/binhex.gif .hqx
> >>
> >> AddIcon /icons/tar.gif .tar
> >>
> >> AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
> >>
> >> AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
> >>
> >> AddIcon /icons/a.gif .ps .ai .eps
> >>
> >> AddIcon /icons/layout.gif .html .shtml .htm .pdf
> >>
> >> AddIcon /icons/text.gif .txt
> >>
> >> AddIcon /icons/c.gif .c
> >>
> >> AddIcon /icons/p.gif .pl .py
> >>
> >> AddIcon /icons/f.gif .for
> >>
> >> AddIcon /icons/dvi.gif .dvi
> >>
> >> AddIcon /icons/uuencoded.gif .uu
> >>
> >> AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
> >>
> >> AddIcon /icons/tex.gif .tex
> >>
> >> AddIcon /icons/bomb.gif core
> >>
> >>
> >>
> >> AddIcon /icons/back.gif ..
> >>
> >> AddIcon /icons/hand.right.gif README
> >>
> >> AddIcon /icons/folder.gif ^^DIRECTORY^^
> >>
> >> AddIcon /icons/blank.gif ^^BLANKICON^^
> >>
> >>
> >>
> >> #
> >>
> >> # DefaultIcon is which icon to show for files which do not have an icon
> >>
> >> # explicitly set.
> >>
> >> #
> >>
> >> DefaultIcon /icons/unknown.gif
> >>
> >>
> >>
> >> #
> >>
> >> # AddDescription allows you to place a short description after a file in
> >>
> >> # server-generated indexes.  These are only displayed for FancyIndexed
> >>
> >> # directories.
> >>
> >> # Format: AddDescription "description" filename
> >>
> >> #
> >>
> >> #AddDescription "GZIP compressed document" .gz
> >>
> >> #AddDescription "tar archive" .tar
> >>
> >> #AddDescription "GZIP compressed tar archive" .tgz
> >>
> >>
> >>
> >> #
> >>
> >> # ReadmeName is the name of the README file the server will look for by
> >>
> >> # default, and append to directory listings.
> >>
> >> #
> >>
> >> # HeaderName is the name of a file which should be prepended to
> >>
> >> # directory indexes.
> >>
> >> ReadmeName README.html
> >>
> >> HeaderName HEADER.html
> >>
> >>
> >>
> >> #
> >>
> >> # IndexIgnore is a set of filenames which directory indexing should
> >> ignore
> >>
> >> # and not include in the listing.  Shell-style wildcarding is permitted.
> >>
> >> #
> >>
> >> IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
> >>
> >>
> >>
> >> #
> >>
> >> # DefaultLanguage and AddLanguage allows you to specify the language of
> >>
> >> # a document. You can then use content negotiation to give a browser a
> >>
> >> # file in a language the user can understand.
> >>
> >> #
> >>
> >> # Specify a default language. This means that all data
> >>
> >> # going out without a specific language tag (see below) will
> >>
> >> # be marked with this one. You probably do NOT want to set
> >>
> >> # this unless you are sure it is correct for all cases.
> >>
> >> #
> >>
> >> # * It is generally better to not mark a page as
> >>
> >> # * being a certain language than marking it with the wrong
> >>
> >> # * language!
> >>
> >> #
> >>
> >> # DefaultLanguage nl
> >>
> >> #
> >>
> >> # Note 1: The suffix does not have to be the same as the language
> >>
> >> # keyword --- those with documents in Polish (whose net-standard
> >>
> >> # language code is pl) may wish to use "AddLanguage pl .po" to
> >>
> >> # avoid the ambiguity with the common suffix for perl scripts.
> >>
> >> #
> >>
> >> # Note 2: The example entries below illustrate that in some cases
> >>
> >> # the two character 'Language' abbreviation is not identical to
> >>
> >> # the two character 'Country' code for its country,
> >>
> >> # E.g. 'Danmark/dk' versus 'Danish/da'.
> >>
> >> #
> >>
> >> # Note 3: In the case of 'ltz' we violate the RFC by using a three char
> >>
> >> # specifier. There is 'work in progress' to fix this and get
> >>
> >> # the reference data for rfc1766 cleaned up.
> >>
> >> #
> >>
> >> # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
> >>
> >> # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German
> >> (de)
> >>
> >> # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
> >>
> >> # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
> >>
> >> # Norwegian (no) - Polish (pl) - Portugese (pt)
> >>
> >> # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
> >>
> >> # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese
> (zh-TW)
> >>
> >> #
> >>
> >> AddLanguage ca .ca
> >>
> >> AddLanguage cs .cz .cs
> >>
> >> AddLanguage da .dk
> >>
> >> AddLanguage de .de
> >>
> >> AddLanguage el .el
> >>
> >> AddLanguage en .en
> >>
> >> AddLanguage eo .eo
> >>
> >> AddLanguage es .es
> >>
> >> AddLanguage et .et
> >>
> >> AddLanguage fr .fr
> >>
> >> AddLanguage he .he
> >>
> >> AddLanguage hr .hr
> >>
> >> AddLanguage it .it
> >>
> >> AddLanguage ja .ja
> >>
> >> AddLanguage ko .ko
> >>
> >> AddLanguage ltz .ltz
> >>
> >> AddLanguage nl .nl
> >>
> >> AddLanguage nn .nn
> >>
> >> AddLanguage no .no
> >>
> >> AddLanguage pl .po
> >>
> >> AddLanguage pt .pt
> >>
> >> AddLanguage pt-BR .pt-br
> >>
> >> AddLanguage ru .ru
> >>
> >> AddLanguage sv .sv
> >>
> >> AddLanguage zh-CN .zh-cn
> >>
> >> AddLanguage zh-TW .zh-tw
> >>
> >>
> >>
> >> #
> >>
> >> # LanguagePriority allows you to give precedence to some languages
> >>
> >> # in case of a tie during content negotiation.
> >>
> >> #
> >>
> >> # Just list the languages in decreasing order of preference. We have
> >>
> >> # more or less alphabetized them here. You probably want to change this.
> >>
> >> #
> >>
> >> LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn
> >> no
> >> pl pt pt-BR ru sv zh-CN zh-TW
> >>
> >>
> >>
> >> #
> >>
> >> # ForceLanguagePriority allows you to serve a result page rather than
> >>
> >> # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE
> >> (Fallback)
> >>
> >> # [in case no accepted languages matched the available variants]
> >>
> >> #
> >>
> >> ForceLanguagePriority Prefer Fallback
> >>
> >>
> >>
> >> #
> >>
> >> # Specify a default charset for all content served; this enables
> >>
> >> # interpretation of all content as UTF-8 by default.  To use the
> >>
> >> # default browser choice (ISO-8859-1), or to allow the META tags
> >>
> >> # in HTML content to override this choice, comment out this
> >>
> >> # directive:
> >>
> >> #
> >>
> >> AddDefaultCharset UTF-8
> >>
> >>
> >>
> >> #
> >>
> >> # AddType allows you to add to or override the MIME configuration
> >>
> >> # file mime.types for specific file types.
> >>
> >> #
> >>
> >> #AddType application/x-tar .tgz
> >>
> >>
> >>
> >> #
> >>
> >> # AddEncoding allows you to have certain browsers uncompress
> >>
> >> # information on the fly. Note: Not all browsers support this.
> >>
> >> # Despite the name similarity, the following Add* directives have
> nothing
> >>
> >> # to do with the FancyIndexing customization directives above.
> >>
> >> #
> >>
> >> #AddEncoding x-compress .Z
> >>
> >> #AddEncoding x-gzip .gz .tgz
> >>
> >>
> >>
> >> # If the AddEncoding directives above are commented-out, then you
> >>
> >> # probably should define those extensions to indicate media types:
> >>
> >> #
> >>
> >> AddType application/x-compress .Z
> >>
> >> AddType application/x-gzip .gz .tgz
> >>
> >>
> >>
> >> #
> >>
> >> #   MIME-types for downloading Certificates and CRLs
> >>
> >> #
> >>
> >> AddType application/x-x509-ca-cert .crt
> >>
> >> AddType application/x-pkcs7-crl    .crl
> >>
> >>
> >>
> >> #
> >>
> >> # AddHandler allows you to map certain file extensions to "handlers":
> >>
> >> # actions unrelated to filetype. These can be either built into the
> >> server
> >>
> >> # or added with the Action directive (see below)
> >>
> >> #
> >>
> >> # To use CGI scripts outside of ScriptAliased directories:
> >>
> >> # (You will also need to add "ExecCGI" to the "Options" directive.)
> >>
> >> #
> >>
> >> #AddHandler cgi-script .cgi
> >>
> >>
> >>
> >> #
> >>
> >> # For files that include their own HTTP headers:
> >>
> >> #
> >>
> >> #AddHandler send-as-is asis
> >>
> >>
> >>
> >> #
> >>
> >> # For type maps (negotiated resources):
> >>
> >> # (This is enabled by default to allow the Apache "It Worked" page
> >>
> >> #  to be distributed in multiple languages.)
> >>
> >> #
> >>
> >> AddHandler type-map var
> >>
> >>
> >>
> >> #
> >>
> >> # Filters allow you to process content before it is sent to the client.
> >>
> >> #
> >>
> >> # To parse .shtml files for server-side includes (SSI):
> >>
> >> # (You will also need to add "Includes" to the "Options" directive.)
> >>
> >> #
> >>
> >> AddType text/html .shtml
> >>
> >> AddOutputFilter INCLUDES .shtml
> >>
> >>
> >>
> >> #
> >>
> >> # Action lets you define media types that will execute a script whenever
> >>
> >> # a matching file is called. This eliminates the need for repeated URL
> >>
> >> # pathnames for oft-used CGI file processors.
> >>
> >> # Format: Action media/type /cgi-script/location
> >>
> >> # Format: Action handler-name /cgi-script/location
> >>
> >> #
> >>
> >>
> >>
> >> #
> >>
> >> # Customizable error responses come in three flavors:
> >>
> >> # 1) plain text 2) local redirects 3) external redirects
> >>
> >> #
> >>
> >> # Some examples:
> >>
> >> #ErrorDocument 500 "The server made a boo boo."
> >>
> >> #ErrorDocument 404 /missing.html
> >>
> >> #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
> >>
> >> #ErrorDocument 402 http://www.example.com/subscription_info.html
> >>
> >> #
> >>
> >>
> >>
> >> #
> >>
> >> # Putting this all together, we can internationalize error responses.
> >>
> >> #
> >>
> >> # We use Alias to redirect any /error/HTTP_<error>.html.var response to
> >>
> >> # our collection of by-error message multi-language collections.  We use
> >>
> >> # includes to substitute the appropriate text.
> >>
> >> #
> >>
> >> # You can modify the messages' appearance without changing any of the
> >>
> >> # default HTTP_<error>.html.var files by adding the line:
> >>
> >> #
> >>
> >> #   Alias /error/include/ "/your/include/path/"
> >>
> >> #
> >>
> >> # which allows you to create your own set of files by starting with the
> >>
> >> # /var/www/error/include/ files and
> >>
> >> # copying them to /your/include/path/, even on a per-VirtualHost basis.
> >>
> >> #
> >>
> >>
> >>
> >> Alias /error/ "/www/error/"
> >>
> >>
> >>
> >> <IfModule mod_negotiation.c>
> >>
> >> <IfModule mod_include.c>
> >>
> >>     <Directory "/www/error">
> >>
> >>         AllowOverride None
> >>
> >>         Options IncludesNoExec
> >>
> >>         AddOutputFilter Includes html
> >>
> >>         AddHandler type-map var
> >>
> >>         Order allow,deny
> >>
> >>         Allow from all
> >>
> >>         LanguagePriority en es de fr
> >>
> >>         ForceLanguagePriority Prefer Fallback
> >>
> >>     </Directory>
> >>
> >>
> >>
> >> #    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
> >>
> >> #    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
> >>
> >> #    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
> >>
> >> #    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
> >>
> >> #    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
> >>
> >> #    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
> >>
> >> #    ErrorDocument 410 /error/HTTP_GONE.html.var
> >>
> >> #    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
> >>
> >> #    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
> >>
> >> #    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
> >>
> >> #    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
> >>
> >> #    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
> >>
> >> #    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
> >>
> >> #    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
> >>
> >> #    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
> >>
> >> #    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
> >>
> >> #    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
> >>
> >>
> >>
> >> </IfModule>
> >>
> >> </IfModule>
> >>
> >>
> >>
> >> #
> >>
> >> # The following directives modify normal HTTP response behavior to
> >>
> >> # handle known problems with browser implementations.
> >>
> >> #
> >>
> >> BrowserMatch "Mozilla/2" nokeepalive
> >>
> >> BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
> >>
> >> BrowserMatch "RealPlayer 4\.0" force-response-1.0
> >>
> >> BrowserMatch "Java/1\.0" force-response-1.0
> >>
> >> BrowserMatch "JDK/1\.0" force-response-1.0
> >>
> >>
> >>
> >> #
> >>
> >> # The following directive disables redirects on non-GET requests for
> >>
> >> # a directory that does not include the trailing slash.  This fixes a
> >>
> >> # problem with Microsoft WebFolders which does not appropriately handle
> >>
> >> # redirects for folders with DAV methods.
> >>
> >> # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
> >>
> >> #
> >>
> >> BrowserMatch "Microsoft Data Access Internet Publishing Provider"
> >> redirect-carefully
> >>
> >> BrowserMatch "MS FrontPage" redirect-carefully
> >>
> >> BrowserMatch "^WebDrive" redirect-carefully
> >>
> >> BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
> >>
> >> BrowserMatch "^gnome-vfs/1.0" redirect-carefully
> >>
> >> BrowserMatch "^XML Spy" redirect-carefully
> >>
> >> BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
> >>
> >>
> >>
> >> #
> >>
> >> # Allow server status reports generated by mod_status,
> >>
> >> # with the URL of http://servername/server-status
> >>
> >> # Change the ".example.com" to match your domain to enable.
> >>
> >> #
> >>
> >> #<Location /server-status>
> >>
> >> #    SetHandler server-status
> >>
> >> #    Order deny,allow
> >>
> >> #    Deny from all
> >>
> >> #    Allow from .example.com
> >>
> >> #</Location>
> >>
> >>
> >>
> >> #
> >>
> >> # Allow remote server configuration reports, with the URL of
> >>
> >> #  http://servername/server-info (requires that mod_info.c be loaded).
> >>
> >> # Change the ".example.com" to match your domain to enable.
> >>
> >> #
> >>
> >> #<Location /server-info>
> >>
> >> #    SetHandler server-info
> >>
> >> #    Order deny,allow
> >>
> >> #    Deny from all
> >>
> >> #    Allow from .example.com
> >>
> >> #</Location>
> >>
> >>
> >>
> >> #
> >>
> >> # Proxy Server directives. Uncomment the following lines to
> >>
> >> # enable the proxy server:
> >>
> >> #
> >>
> >> #<IfModule mod_proxy.c>
> >>
> >> #ProxyRequests On
> >>
> >> #
> >>
> >> #<Proxy *>
> >>
> >> #    Order deny,allow
> >>
> >> #    Deny from all
> >>
> >> #    Allow from .example.com
> >>
> >> #</Proxy>
> >>
> >>
> >>
> >> #
> >>
> >> # Enable/disable the handling of HTTP/1.1 "Via:" headers.
> >>
> >> # ("Full" adds the server version; "Block" removes all outgoing Via:
> >> headers)
> >>
> >> # Set to one of: Off | On | Full | Block
> >>
> >> #
> >>
> >> #ProxyVia On
> >>
> >>
> >>
> >> #
> >>
> >> # To enable a cache of proxied content, uncomment the following lines.
> >>
> >> # See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more
> >> details.
> >>
> >> #
> >>
> >> #<IfModule mod_disk_cache.c>
> >>
> >> #   CacheEnable disk /
> >>
> >> #   CacheRoot "/var/cache/mod_proxy"
> >>
> >> #</IfModule>
> >>
> >> #
> >>
> >>
> >>
> >> #</IfModule>
> >>
> >> # End of proxy directives.
> >>
> >>
> >>
> >> ### Section 3: Virtual Hosts
> >>
> >> #
> >>
> >> # VirtualHost: If you want to maintain multiple domains/hostnames on
> your
> >>
> >> # machine you can setup VirtualHost containers for them. Most
> >> configurations
> >>
> >> # use only name-based virtual hosts so the server doesn't need to worry
> >> about
> >>
> >> # IP addresses. This is indicated by the asterisks in the directives
> >> below.
> >>
> >> #
> >>
> >> # Please see the documentation at
> >>
> >> # <URL:http://httpd.apache.org/docs/2.2/vhosts/>
> >>
> >> # for further details before you try to setup virtual hosts.
> >>
> >> #
> >>
> >> # You may use the command line option '-S' to verify your virtual host
> >>
> >> # configuration.
> >>
> >>
> >>
> >> #
> >>
> >> # Use name-based virtual hosting.
> >>
> >> #
> >>
> >> NameVirtualHost *:80
> >>
> >>
> >>
> >> # NOTE: NameVirtualHost cannot be used without a port specifier
> >>
> >> # (e.g. :80) if mod_ssl is being used, due to the nature of the
> >>
> >> # SSL protocol.
> >>
> >> #
> >>
> >>
> >>
> >> #
> >>
> >> <VirtualHost *:80>
> >>
> >> ServerName policy-machine.com
> >>
> >> DocumentRoot "/html/itsecuritypolicy"
> >>
> >> ServerAdmin webmaster@policy-machine.com
> >>
> >> <Directory "/html/itsecuritypolicy">
> >>
> >>   Allow from all
> >>
> >>   Options +Indexes
> >>
> >> </Directory>
> >>
> >> </VirtualHost>
> >>
> >> #
> >>
> >> <VirtualHost *:80>
> >>
> >> ServerName itsecuritypolicy.com
> >>
> >> DocumentRoot "/html/itsecuritypolicy"
> >>
> >> ServerAdmin webmaster@policy-machine.com
> >>
> >> <Directory "/html/itsecuritypolicy">
> >>
> >>   Allow from all
> >>
> >>   Options +Indexes
> >>
> >> </Directory>
> >>
> >> </VirtualHost>
> >>
> >> #
> >>
> >> <VirtualHost *:80>
> >>
> >> ServerName michaelpeters.org
> >>
> >> DocumentRoot "/html/eccentricstudios"
> >>
> >> ServerAdmin webmaster@michaelpeters.org
> >>
> >> <Directory "/html/eccentricstudios">
> >>
> >>   Allow from all
> >>
> >>   Options +Indexes
> >>
> >> </Directory>
> >>
> >> </VirtualHost>
> >>
> >> #
> >>
> >> <VirtualHost *:80>
> >>
> >> ServerName lazarusalliance.com
> >>
> >> DocumentRoot "/html/lazarusalliance"
> >>
> >> ServerAdmin webmaster@lazarusalliance.com
> >>
> >> <Directory "/html/lazarusalliance">
> >>
> >>   Allow from all
> >>
> >>   Options +Indexes
> >>
> >> </Directory>
> >>
> >> </VirtualHost>
> >>
> >> #
> >>
> >> <VirtualHost *:80>
> >>
> >> ServerName fedramp.us
> >>
> >> DocumentRoot "/html/lazarusalliance"
> >>
> >> ServerAdmin webmaster@lazarusalliance.com
> >>
> >> <Directory "/html/lazarusalliance">
> >>
> >>   Allow from all
> >>
> >>   Options +Indexes
> >>
> >> </Directory>
> >>
> >> </VirtualHost>
> >>
> >> #
> >>
> >> <VirtualHost *:80>
> >>
> >> ServerName ssae-16.us
> >>
> >> DocumentRoot "/html/lazarusalliance"
> >>
> >> ServerAdmin webmaster@lazarusalliance.com
> >>
> >> <Directory "/html/lazarusalliance">
> >>
> >>   Allow from all
> >>
> >>   Options +Indexes
> >>
> >> </Directory>
> >>
> >> </VirtualHost>
> >>
> >> #
> >>
> >> <VirtualHost *:80>
> >>
> >> ServerName yourpersonalcxo.com
> >>
> >> DocumentRoot "/html/lazarusalliance"
> >>
> >> ServerAdmin webmaster@lazarusalliance.com
> >>
> >> <Directory "/html/lazarusalliance">
> >>
> >>   Allow from all
> >>
> >>   Options +Indexes
> >>
> >> </Directory>
> >>
> >> </VirtualHost>
> >>
> >> #
> >>
> >> <VirtualHost *:80>
> >>
> >> ServerName securitytrifecta.com
> >>
> >> DocumentRoot "/html"
> >>
> >> ServerAdmin webmaster@securitytrifecta.com
> >>
> >> <Directory "/html">
> >>
> >>   Allow from all
> >>
> >>   Options +Indexes
> >>
> >> </Directory>
> >>
> >> <Directory "/html/menu">
> >>
> >>   Allow from all
> >>
> >>   Options +Indexes
> >>
> >> </Directory>
> >>
> >> </VirtualHost>
> >>
> >> #
> >>
> >> +++++++++++++++ This is the ssl.conf  +++++++++++++++++++++++++++++++++
> >>
> >> #
> >>
> >> LoadModule ssl_module modules/mod_ssl.so
> >>
> >>
> >>
> >> #
> >>
> >> # When we also provide SSL we have to listen to the
> >>
> >> # the HTTPS port in addition.
> >>
> >> #
> >>
> >> Listen 443
> >>
> >>
> >>
> >> # Listen for virtual host requests on all IP addresses
> >>
> >> NameVirtualHost *:443
> >>
> >>
> >>
> >> ##
> >>
> >> ##  SSL Global Context
> >>
> >> ##
> >>
> >> ##  All SSL configuration in this context applies both to
> >>
> >> ##  the main server and all SSL-enabled virtual hosts.
> >>
> >> ##
> >>
> >>
> >>
> >> #   Pass Phrase Dialog:
> >>
> >> #   Configure the pass phrase gathering process.
> >>
> >> #   The filtering dialog program (`builtin' is a internal
> >>
> >> #   terminal dialog) has to provide the pass phrase on stdout.
> >>
> >> SSLPassPhraseDialog  builtin
> >>
> >>
> >>
> >> #   Inter-Process Session Cache:
> >>
> >> #   Configure the SSL Session Cache: First the mechanism
> >>
> >> #   to use and second the expiring timeout (in seconds).
> >>
> >> SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
> >>
> >> SSLSessionCacheTimeout  300
> >>
> >>
> >>
> >> #   Semaphore:
> >>
> >> #   Configure the path to the mutual exclusion semaphore the
> >>
> >> #   SSL engine uses internally for inter-process synchronization.
> >>
> >> SSLMutex default
> >>
> >>
> >>
> >> #   Pseudo Random Number Generator (PRNG):
> >>
> >> #   Configure one or more sources to seed the PRNG of the
> >>
> >> #   SSL library. The seed data should be of good random quality.
> >>
> >> #   WARNING! On some platforms /dev/random blocks if not enough entropy
> >>
> >> #   is available. This means you then cannot use the /dev/random device
> >>
> >> #   because it would lead to very long connection times (as long as
> >>
> >> #   it requires to make more entropy available). But usually those
> >>
> >> #   platforms additionally provide a /dev/urandom device which doesn't
> >>
> >> #   block. So, if available, use this one instead. Read the mod_ssl User
> >>
> >> #   Manual for more details.
> >>
> >> SSLRandomSeed startup file:/dev/urandom  256
> >>
> >> SSLRandomSeed connect builtin
> >>
> >> #SSLRandomSeed startup file:/dev/random  512
> >>
> >> #SSLRandomSeed connect file:/dev/random  512
> >>
> >> #SSLRandomSeed connect file:/dev/urandom 512
> >>
> >>
> >>
> >> #
> >>
> >> # Use "SSLCryptoDevice" to enable any supported hardware
> >>
> >> # accelerators. Use "openssl engine -v" to list supported
> >>
> >> # engine names.  NOTE: If you enable an accelerator and the
> >>
> >> # server does not start, consult the error logs and ensure
> >>
> >> # your accelerator is functioning properly.
> >>
> >> #
> >>
> >> SSLCryptoDevice builtin
> >>
> >> #SSLCryptoDevice ubsec
> >>
> >>
> >>
> >> ##
> >>
> >> ## SSL Virtual Host Context
> >>
> >> ##
> >>
> >> <VirtualHost *:443>
> >>
> >> ServerName securitytrifecta.com
> >>
> >> DocumentRoot "/html"
> >>
> >> ServerAdmin webmaster@securitytrifecta.com
> >>
> >> SSLEngine on
> >>
> >> SSLProtocol all -SSLv2 -SSLv3
> >>
> >> SSLHonorCipherOrder on
> >>
> >> SSLCipherSuite
> >>
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
> >>
> >>
> :ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:A
> >>
> >>
> ES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
> >>
> >> SSLCertificateFile /etc/pki/tls/certs/7e5320f68904.crt
> >>
> >> SSLCertificateKeyFile /etc/pki/tls/private/securitytrifecta.key
> >>
> >> SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle-g2-g1.crt
> >>
> >> <Directory "/html">
> >>
> >>   Allow from all
> >>
> >>   Options +Indexes
> >>
> >> </Directory>
> >>
> >> <Directory "/html/menu">
> >>
> >>   Options Indexes FollowSymLinks
> >>
> >>   AllowOverride None
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >> </Directory>
> >>
> >> <Directory "/html/auditprotocol">
> >>
> >>   Options Indexes FollowSymLinks
> >>
> >>   AllowOverride None
> >>
> >>   Order allow,deny
> >>
> >>   Allow from all
> >>
> >>   SSLRenegBufferSize 26214400
> >>
> >>   LimitRequestBody 2044430000
> >>
> >> </Directory>
> >>
> >> <Directory "/html/skipfish">
> >>
> >>   AuthType Basic
> >>
> >>   AuthName "Restricted Files"
> >>
> >>   AuthBasicProvider file
> >>
> >>   AuthUserFile /www/html/passwd/passwords
> >>
> >>   Require user mdpeters67
> >>
> >> </Directory>
> >>
> >> <Directory "/html/skipfish-2.10b">
> >>
> >>   AuthType Basic
> >>
> >>   AuthName "Restricted Files"
> >>
> >>   AuthBasicProvider file
> >>
> >>   AuthUserFile /www/html/passwd/passwords
> >>
> >>   Require user mdpeters67
> >>
> >> </Directory>
> >>
> >> <Directory "/html/phpMyAdmin">
> >>
> >>   AuthType Basic
> >>
> >>   AuthName "Restricted Files"
> >>
> >>   AuthBasicProvider file
> >>
> >>   AuthUserFile /www/html/passwd/passwords
> >>
> >>   Require user mdpeters67
> >>
> >> </Directory>
> >>
> >> <Directory "/html/phpMyAdmin-4.1.6-all-languages">
> >>
> >>   AuthType Basic
> >>
> >>   AuthName "Restricted Files"
> >>
> >>   AuthBasicProvider file
> >>
> >>   AuthUserFile /www/html/passwd/passwords
> >>
> >>   Require user mdpeters67
> >>
> >> </Directory>
> >>
> >> <Directory "/html/munin">
> >>
> >>   AuthType Basic
> >>
> >>   AuthName "Restricted Files"
> >>
> >>   AuthBasicProvider file
> >>
> >>   AuthUserFile /www/html/passwd/passwords
> >>
> >>   Require user mdpeters67
> >>
> >> </Directory>
> >>
> >> <Directory "/usr/lib/munin/cgi">
> >>
> >>   Options +ExecCGI
> >>
> >>   <IfModule mod_fcgid.c>
> >>
> >>   SetHandler fcgid-script
> >>
> >>   </IfModule>
> >>
> >>   <IfModule !mod_fcgid.c>
> >>
> >>   SetHandler cgi-script
> >>
> >>   </IfModule>
> >>
> >> </Directory>
> >>
> >> </VirtualHost>
> >>
> >> #
> >>
> >> #<VirtualHost _default_:443>
> >>
> >> #<VirtualHost *:443>
> >>
> >> # General setup for the virtual host, inherited from global
> configuration
> >>
> >> #DocumentRoot /html
> >>
> >> #ServerName securitytrifecta.com
> >>
> >>
> >>
> >> # Use separate log files for the SSL virtual host; note that LogLevel
> >>
> >> # is not inherited from httpd.conf.
> >>
> >> #ErrorLog logs/ssl_error_log
> >>
> >> #TransferLog logs/ssl_access_log
> >>
> >> #LogLevel warn
> >>
> >>
> >>
> >> #   SSL Engine Switch:
> >>
> >> #   Enable/Disable SSL for this virtual host.
> >>
> >> #SSLEngine on
> >>
> >>
> >>
> >> #   SSL Protocol support:
> >>
> >> # List the enable protocol levels with which clients will be able to
> >>
> >> # connect.  Disable SSLv2 access by default:
> >>
> >> #SSLProtocol all -SSLv2
> >>
> >>
> >>
> >> #   SSL Cipher Suite:
> >>
> >> # List the ciphers that the client is permitted to negotiate.
> >>
> >> # See the mod_ssl documentation for a complete list.
> >>
> >> #SSLProtocol all -SSLv2 -SSLv3
> >>
> >> #SSLHonorCipherOrder on
> >>
> >> #SSLCipherSuite
> >>
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA25
> >>
> >>
> 6:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:
> >>
> >>
> AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
> >>
> >> #   Server Certificate:
> >>
> >> # Point SSLCertificateFile at a PEM encoded certificate.  If
> >>
> >> # the certificate is encrypted, then you will be prompted for a
> >>
> >> # pass phrase.  Note that a kill -HUP will prompt again.  A new
> >>
> >> # certificate can be generated using the genkey(1) command.
> >>
> >> #SSLCertificateFile /etc/pki/tls/certs/7ce3320f68904.crt
> >>
> >>
> >>
> >> #   Server Private Key:
> >>
> >> #   If the key is not combined with the certificate, use this
> >>
> >> #   directive to point at the key file.  Keep in mind that if
> >>
> >> #   you've both a RSA and a DSA private key you can configure
> >>
> >> #   both in parallel (to also allow the use of DSA ciphers, etc.)
> >>
> >> #SSLCertificateKeyFile /etc/pki/tls/private/securitytrifecta.key
> >>
> >>
> >>
> >> #   Server Certificate Chain:
> >>
> >> #   Point SSLCertificateChainFile at a file containing the
> >>
> >> #   concatenation of PEM encoded CA certificates which form the
> >>
> >> #   certificate chain for the server certificate. Alternatively
> >>
> >> #   the referenced file can be the same as SSLCertificateFile
> >>
> >> #   when the CA certificates are directly appended to the server
> >>
> >> #   certificate for convinience.
> >>
> >> #SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle-g2-g1.crt
> >>
> >>
> >>
> >> #   Certificate Authority (CA):
> >>
> >> #   Set the CA certificate verification path where to find CA
> >>
> >> #   certificates for client authentication or alternatively one
> >>
> >> #   huge file containing all of them (file must be PEM encoded)
> >>
> >> #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
> >>
> >>
> >>
> >> #   Client Authentication (Type):
> >>
> >> #   Client certificate verification type and depth.  Types are
> >>
> >> #   none, optional, require and optional_no_ca.  Depth is a
> >>
> >> #   number which specifies how deeply to verify the certificate
> >>
> >> #   issuer chain before deciding the certificate is not valid.
> >>
> >> #SSLVerifyClient require
> >>
> >> #SSLVerifyDepth  10
> >>
> >>
> >>
> >> #   Access Control:
> >>
> >> #   With SSLRequire you can do per-directory access control based
> >>
> >> #   on arbitrary complex boolean expressions containing server
> >>
> >> #   variable checks and other lookup directives.  The syntax is a
> >>
> >> #   mixture between C and Perl.  See the mod_ssl documentation
> >>
> >> #   for more details.
> >>
> >> #<Location />
> >>
> >> #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> >>
> >> #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> >>
> >> #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> >>
> >> #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> >>
> >> #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
> >>
> >> #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> >>
> >> #</Location>
> >>
> >>
> >>
> >> #   SSL Engine Options:
> >>
> >> #   Set various options for the SSL engine.
> >>
> >> #   o FakeBasicAuth:
> >>
> >> #     Translate the client X.509 into a Basic Authorisation.  This means
> >> that
> >>
> >> #     the standard Auth/DBMAuth methods can be used for access control.
> >> The
> >>
> >> #     user name is the `one line' version of the client's X.509
> >> certificate.
> >>
> >> #     Note that no password is obtained from the user. Every entry in
> the
> >> user
> >>
> >> #     file needs this password: `xxj31ZMTZzkVA'.
> >>
> >> #   o ExportCertData:
> >>
> >> #     This exports two additional environment variables: SSL_CLIENT_CERT
> >> and
> >>
> >> #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
> >>
> >> #     server (always existing) and the client (only existing when client
> >>
> >> #     authentication is used). This can be used to import the
> >> certificates
> >>
> >> #     into CGI scripts.
> >>
> >> #   o StdEnvVars:
> >>
> >> #     This exports the standard SSL/TLS related `SSL_*' environment
> >> variables.
> >>
> >> #     Per default this exportation is switched off for performance
> >> reasons,
> >>
> >> #     because the extraction step is an expensive operation and is
> >> usually
> >>
> >> #     useless for serving static content. So one usually enables the
> >>
> >> #     exportation for CGI and SSI requests only.
> >>
> >> #   o StrictRequire:
> >>
> >> #     This denies access when "SSLRequireSSL" or "SSLRequire" applied
> >> even
> >>
> >> #     under a "Satisfy any" situation, i.e. when it applies access is
> >> denied
> >>
> >> #     and no other module can change it.
> >>
> >> #   o OptRenegotiate:
> >>
> >> #     This enables optimized SSL connection renegotiation handling when
> >> SSL
> >>
> >> #     directives are used in per-directory context.
> >>
> >> #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
> >>
> >> #<Files ~ "\.(cgi|shtml|phtml|php3?)$">
> >>
> >> #    SSLOptions +StdEnvVars
> >>
> >> #</Files>
> >>
> >> #<Directory "/www/cgi-bin">
> >>
> >> #    SSLOptions +StdEnvVars
> >>
> >> #</Directory>
> >>
> >>
> >>
> >> #   SSL Protocol Adjustments:
> >>
> >> #   The safe and default but still SSL/TLS standard compliant shutdown
> >>
> >> #   approach is that mod_ssl sends the close notify alert but doesn't
> >> wait
> >> for
> >>
> >> #   the close notify alert from client. When you need a different
> >> shutdown
> >>
> >> #   approach you can use one of the following variables:
> >>
> >> #   o ssl-unclean-shutdown:
> >>
> >> #     This forces an unclean shutdown when the connection is closed,
> i.e.
> >> no
> >>
> >> #     SSL close notify alert is send or allowed to received.  This
> >> violates
> >>
> >> #     the SSL/TLS standard but is needed for some brain-dead browsers.
> >> Use
> >>
> >> #     this when you receive I/O errors because of the standard approach
> >> where
> >>
> >> #     mod_ssl sends the close notify alert.
> >>
> >> #   o ssl-accurate-shutdown:
> >>
> >> #     This forces an accurate shutdown when the connection is closed,
> >> i.e.
> >> a
> >>
> >> #     SSL close notify alert is send and mod_ssl waits for the close
> >> notify
> >>
> >> #     alert of the client. This is 100% SSL/TLS standard compliant, but
> >> in
> >>
> >> #     practice often causes hanging connections with brain-dead
> browsers.
> >> Use
> >>
> >> #     this only for browsers where you know that their SSL
> implementation
> >>
> >> #     works correctly.
> >>
> >> #   Notice: Most problems of broken clients are also related to the HTTP
> >>
> >> #   keep-alive facility, so you usually additionally want to disable
> >>
> >> #   keep-alive for those clients, too. Use variable "nokeepalive" for
> >> this.
> >>
> >> #   Similarly, one has to force some clients to use HTTP/1.0 to
> >> workaround
> >>
> >> #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0"
> >> and
> >>
> >> #   "force-response-1.0" for this.
> >>
> >> #SetEnvIf User-Agent ".*MSIE.*" \
> >>
> >> #         nokeepalive ssl-unclean-shutdown \
> >>
> >> #         downgrade-1.0 force-response-1.0
> >>
> >>
> >>
> >> #   Per-Server Logging:
> >>
> >> #   The home of a custom SSL log file. Use this when you want a
> >>
> >> #   compact non-error SSL logfile on a virtual host basis.
> >>
> >> #CustomLog logs/ssl_request_log \
> >>
> >> #          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >>
> >> #</VirtualHost>
> >>
> >> #
> >>
> >>
> >>
> >> Best regards,
> >>
> >>
> >>
> >> Michael D. Peters
> >>
> >>
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message