-#
-# Based upon the NCSA server configuration files originally by Rob McCool.
-#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
-# See http://httpd.apache.org/docs/2.2/ for detailed information about
-# the directives.
+# See http://httpd.apache.org/docs/2.4/ for detailed information about
+# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
+# hints.
#
-# Do NOT simply read the instructions in here without understanding
-# what they do. They're here only as hints or reminders. If you are unsure
-# consult the online docs. You have been warned.
#
-# The configuration directives are grouped into three basic sections:
-# 1. Directives that control the operation of the Apache server process as a
-# whole (the 'global environment').
-# 2. Directives that define the parameters of the 'main' or 'default' server,
-# which responds to requests that aren't handled by a virtual host.
-# These directives also provide default values for the settings
-# of all virtual hosts.
-# 3. Settings for virtual hosts, which allow Web requests to be sent to
-# different IP addresses or hostnames and have them handled by the
-# same Apache server process.
+# Summary of how the Apache 2 configuration works in Debian:
+# The Apache 2 web server configuration in Debian is quite different to
+# upstream's suggested way to configure the web server. This is because Debian's
+# default Apache2 installation attempts to make adding and removing modules,
+# virtual hosts, and extra configuration directives as flexible as possible, in
+# order to make automating the changes and administering the server as easy as
+# possible.
+
+# It is split into several files forming the configuration hierarchy outlined
+# below, all located in the /etc/apache2/ directory:
#
-# Configuration and logfile names: If the filenames you specify for many
-# of the server's control files begin with "/" (or "drive:/" for Win32), the
-# server will use that explicit path. If the filenames do *not* begin
-# with "/", the value of ServerRoot is prepended -- so "foo.log"
-# with ServerRoot set to "/etc/apache2" will be interpreted by the
-# server as "/etc/apache2/foo.log".
+# /etc/apache2/
+# |-- apache2.conf
+# | `-- ports.conf
+# |-- mods-enabled
+# | |-- *.load
+# | `-- *.conf
+# |-- conf-enabled
+# | `-- *.conf
+# `-- sites-enabled
+# `-- *.conf
#
-
-### Section 1: Global Environment
#
-# The directives in this section affect the overall operation of Apache,
-# such as the number of concurrent requests it can handle or where it
-# can find its configuration files.
+# * apache2.conf is the main configuration file (this file). It puts the pieces
+# together by including all remaining configuration files when starting up the
+# web server.
+#
+# * ports.conf is always included from the main configuration file. It is
+# supposed to determine listening ports for incoming connections which can be
+# customized anytime.
+#
+# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
+# directories contain particular configuration snippets which manage modules,
+# global configuration fragments, or virtual host configurations,
+# respectively.
+#
+# They are activated by symlinking available configuration files from their
+# respective *-available/ counterparts. These should be managed by using our
+# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
+# their respective man pages for detailed information.
+#
+# * The binary is called apache2. Due to the use of environment variables, in
+# the default configuration, apache2 needs to be started/stopped with
+# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
+# work with the default configuration.
+
+
+# Global configuration
#
#
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
-# mounted filesystem then please read the LockFile documentation (available
-# at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
+# mounted filesystem then please read the Mutex documentation (available
+# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
-LockFile ${APACHE_LOCK_DIR}/accept.lock
+Mutex file:${APACHE_LOCK_DIR} default
#
# PidFile: The file in which the server should record its process
#
KeepAliveTimeout 5
-##
-## Server-Pool Size Regulation (MPM specific)
-##
-
-# prefork MPM
-# StartServers: number of server processes to start
-# MinSpareServers: minimum number of server processes which are kept spare
-# MaxSpareServers: maximum number of server processes which are kept spare
-# MaxClients: maximum number of server processes allowed to start
-# MaxRequestsPerChild: maximum number of requests a server process serves
-<IfModule mpm_prefork_module>
- StartServers 2
- MinSpareServers 1
- MaxSpareServers 5
- MaxClients 10
- MaxRequestsPerChild 0
-</IfModule>
-
-# worker MPM
-# StartServers: initial number of server processes to start
-# MinSpareThreads: minimum number of worker threads which are kept spare
-# MaxSpareThreads: maximum number of worker threads which are kept spare
-# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
-# graceful restart. ThreadLimit can only be changed by stopping
-# and starting Apache.
-# ThreadsPerChild: constant number of worker threads in each server process
-# MaxClients: maximum number of simultaneous client connections
-# MaxRequestsPerChild: maximum number of requests a server process serves
-<IfModule mpm_worker_module>
- StartServers 2
- MinSpareThreads 25
- MaxSpareThreads 75
- ThreadLimit 64
- ThreadsPerChild 25
- MaxClients 150
- MaxRequestsPerChild 0
-</IfModule>
-
-# event MPM
-# StartServers: initial number of server processes to start
-# MinSpareThreads: minimum number of worker threads which are kept spare
-# MaxSpareThreads: maximum number of worker threads which are kept spare
-# ThreadsPerChild: constant number of worker threads in each server process
-# MaxClients: maximum number of simultaneous client connections
-# MaxRequestsPerChild: maximum number of requests a server process serves
-<IfModule mpm_event_module>
- StartServers 2
- MinSpareThreads 25
- MaxSpareThreads 75
- ThreadLimit 64
- ThreadsPerChild 25
- MaxClients 150
- MaxRequestsPerChild 0
-</IfModule>
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
-#
-# AccessFileName: The name of the file to look for in each directory
-# for additional configuration directives. See also the AllowOverride
-# directive.
-#
-
-AccessFileName .htaccess
-
-#
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
-#
-<Files ~ "^\.ht">
- Order allow,deny
- Deny from all
- Satisfy all
-</Files>
-
-#
-# DefaultType is the default MIME type the server will use for a document
-# if it cannot otherwise determine one, such as from filename extensions.
-# If your server contains mostly text or HTML documents, "text/plain" is
-# a good value. If most of your content is binary, such as applications
-# or images, you may want to use "application/octet-stream" instead to
-# keep browsers from trying to display binary files as though they are
-# text.
-#
-# It is also possible to omit any default MIME type and let the
-# client's browser guess an appropriate action instead. Typically the
-# browser will decide based on the file's extension then. In cases
-# where no good assumption can be made, letting the default MIME type
-# unset is suggested instead of forcing the browser to accept
-# incorrect metadata.
-#
-DefaultType None
-
-
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
ErrorLog ${APACHE_LOG_DIR}/error.log
#
-# LogLevel: Control the number of messages logged to the error_log.
-# Possible values include: debug, info, notice, warn, error, crit,
-# alert, emerg.
+# LogLevel: Control the severity of messages logged to the error_log.
+# Available values: trace8, ..., trace1, debug, info, notice, warn,
+# error, crit, alert, emerg.
+# It is also possible to configure the log level for particular modules, e.g.
+# "LogLevel info ssl:warn"
#
LogLevel warn
# Include module configuration:
-Include mods-enabled/*.load
-Include mods-enabled/*.conf
-
-# Include all the user configurations:
-Include httpd.conf
+IncludeOptional mods-enabled/*.load
+IncludeOptional mods-enabled/*.conf
-# Include ports listing
+# Include list of ports to listen on
Include ports.conf
+
+# Sets the default security model of the Apache2 HTTPD server. It does
+# not allow access to the root filesystem outside of /usr/share and /var/www.
+# The former is used by web applications packaged in Debian,
+# the latter may be used for local directories served by the web server. If
+# your system is serving content from a sub-directory in /srv you must allow
+# access here, or in any related virtual host.
+<Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ Require all denied
+</Directory>
+
+<Directory /usr/share>
+ AllowOverride None
+ Require all granted
+</Directory>
+
+<Directory /var/www/>
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+</Directory>
+
+#<Directory /srv/>
+# Options Indexes FollowSymLinks
+# AllowOverride None
+# Require all granted
+#</Directory>
+
+
+
+
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives. See also the AllowOverride
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<FilesMatch "^\.ht">
+ Require all denied
+</FilesMatch>
+
+
#
# The following directives define some format nicknames for use with
-# a CustomLog directive (see below).
-# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i
+# a CustomLog directive.
+#
+# These deviate from the Common Log Format definitions in that they use %O
+# (the actual bytes sent including headers) instead of %b (the size of the
+# requested file), because the latter makes it impossible to detect partial
+# requests.
+#
+# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
+# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
-
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
-Include conf.d/
+IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
-Include sites-enabled/
+IncludeOptional sites-enabled/*.conf
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Read the documentation before enabling AddDefaultCharset.
+# In general, it is only a good idea if you know that all your files
+# have this encoding. It will override any encoding given in the files
+# in meta http-equiv or xml encoding tags.
+
+#AddDefaultCharset UTF-8
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+Alias /javascript /usr/share/javascript/
+
+<Directory "/usr/share/javascript/">
+ Options FollowSymLinks MultiViews
+</Directory>
--- /dev/null
+# Customizable error responses come in three flavors:
+# 1) plain text
+# 2) local redirects
+# 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# Putting this all together, we can internationalize error responses.
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections. We use
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+#Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
+# even on a per-VirtualHost basis. If you include the Alias in the global server
+# context, is has to come _before_ the 'Alias /error/ ...' line.
+#
+# The default include files will display your Apache version number and your
+# ServerAdmin email address regardless of the setting of ServerSignature.
+#
+# WARNING: The configuration below will NOT work out of the box if you have a
+# SetHandler directive in a <Location /> context somewhere. Adding
+# the following three lines AFTER the <Location /> context should
+# make it work in most cases:
+# <Location /error/>
+# SetHandler none
+# </Location>
+#
+# The internationalized error documents require mod_alias, mod_include
+# and mod_negotiation. To activate them, uncomment the following 37 lines.
+
+#<IfModule mod_negotiation.c>
+# <IfModule mod_include.c>
+# <IfModule mod_alias.c>
+#
+# Alias /error/ "/usr/share/apache2/error/"
+#
+# <Directory "/usr/share/apache2/error">
+# Options IncludesNoExec
+# AddOutputFilter Includes html
+# AddHandler type-map var
+# Order allow,deny
+# Allow from all
+# LanguagePriority en cs de es fr it nl sv pt-br ro
+# ForceLanguagePriority Prefer Fallback
+# </Directory>
+#
+# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+# ErrorDocument 410 /error/HTTP_GONE.html.var
+# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+# </IfModule>
+# </IfModule>
+#</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+../../nagios3/apache2.conf
\ No newline at end of file
--- /dev/null
+# Define an access log for VirtualHosts that don't define their own logfile
+CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+#
+# Disable access to the entire file system except for the directories that
+# are explicitly allowed later.
+#
+# This currently breaks the configurations that come with some web application
+# Debian packages.
+#
+#<Directory />
+# AllowOverride None
+# Order Deny,Allow
+# Deny from all
+#</Directory>
+
+
+# Changing the following options will not really affect the security of the
+# server, but might make attacks slightly more difficult in some cases.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of: Full | OS | Minimal | Minor | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#ServerTokens Minimal
+ServerTokens OS
+#ServerTokens Full
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of: On | Off | EMail
+#ServerSignature Off
+ServerSignature On
+
+#
+# Allow TRACE method
+#
+# Set to "extended" to also reflect the request body (only for testing and
+# diagnostic purposes).
+#
+# Set to one of: On | Off | extended
+TraceEnable Off
+#TraceEnable On
+
+#
+# Forbid access to version control directories
+#
+# If you use version control systems in your document root, you should
+# probably deny access to their directories. For example, for subversion:
+#
+#<DirectoryMatch "/\.svn">
+# Require all denied
+#</DirectoryMatch>
+
+#
+# Setting this header will prevent MSIE from interpreting files as something
+# else than declared by the content type in the HTTP headers.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Content-Type-Options: "nosniff"
+
+#
+# Setting this header will prevent other sites from embedding pages from this
+# site as frames. This defends against clickjacking attacks.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Frame-Options: "sameorigin"
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+<IfModule mod_alias.c>
+ <IfModule mod_cgi.c>
+ Define ENABLE_USR_LIB_CGI_BIN
+ </IfModule>
+
+ <IfModule mod_cgid.c>
+ Define ENABLE_USR_LIB_CGI_BIN
+ </IfModule>
+
+ <IfDefine ENABLE_USR_LIB_CGI_BIN>
+ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+ <Directory "/usr/lib/cgi-bin">
+ AllowOverride None
+ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+ Require all granted
+ </Directory>
+ </IfDefine>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+../conf-available/charset.conf
\ No newline at end of file
--- /dev/null
+../conf-available/javascript-common.conf
\ No newline at end of file
--- /dev/null
+../conf-available/localized-error-pages.conf
\ No newline at end of file
--- /dev/null
+../conf-available/nagios3.conf
\ No newline at end of file
--- /dev/null
+../conf-available/other-vhosts-access-log.conf
\ No newline at end of file
--- /dev/null
+../conf-available/security.conf
\ No newline at end of file
--- /dev/null
+../conf-available/serve-cgi-bin.conf
\ No newline at end of file
+++ /dev/null
-# Read the documentation before enabling AddDefaultCharset.
-# In general, it is only a good idea if you know that all your files
-# have this encoding. It will override any encoding given in the files
-# in meta http-equiv or xml encoding tags.
-
-#AddDefaultCharset UTF-8
+++ /dev/null
-/etc/javascript-common/javascript-common.conf
\ No newline at end of file
+++ /dev/null
-#
-# Customizable error responses come in three flavors:
-# 1) plain text 2) local redirects 3) external redirects
-#
-# Some examples:
-#ErrorDocument 500 "The server made a boo boo."
-#ErrorDocument 404 /missing.html
-#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
-#ErrorDocument 402 http://www.example.com/subscription_info.html
-#
-
-#
-# Putting this all together, we can internationalize error responses.
-#
-# We use Alias to redirect any /error/HTTP_<error>.html.var response to
-# our collection of by-error message multi-language collections. We use
-# includes to substitute the appropriate text.
-#
-# You can modify the messages' appearance without changing any of the
-# default HTTP_<error>.html.var files by adding the line:
-#
-# Alias /error/include/ "/your/include/path/"
-#
-# which allows you to create your own set of files by starting with the
-# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
-# even on a per-VirtualHost basis. If you include the Alias in the global server
-# context, is has to come _before_ the 'Alias /error/ ...' line.
-#
-# The default include files will display your Apache version number and your
-# ServerAdmin email address regardless of the setting of ServerSignature.
-#
-# WARNING: The configuration below will NOT work out of the box if you have a
-# SetHandler directive in a <Location /> context somewhere. Adding
-# the following three lines AFTER the <Location /> context should
-# make it work in most cases:
-# <Location /error/>
-# SetHandler none
-# </Location>
-#
-# The internationalized error documents require mod_alias, mod_include
-# and mod_negotiation. To activate them, uncomment the following 37 lines.
-
-#<IfModule mod_negotiation.c>
-# <IfModule mod_include.c>
-# <IfModule mod_alias.c>
-#
-# Alias /error/ "/usr/share/apache2/error/"
-#
-# <Directory "/usr/share/apache2/error">
-# AllowOverride None
-# Options IncludesNoExec
-# AddOutputFilter Includes html
-# AddHandler type-map var
-# Order allow,deny
-# Allow from all
-# LanguagePriority en cs de es fr it nl sv pt-br ro
-# ForceLanguagePriority Prefer Fallback
-# </Directory>
-#
-# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
-# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
-# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
-# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
-# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
-# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
-# ErrorDocument 410 /error/HTTP_GONE.html.var
-# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
-# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
-# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
-# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
-# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
-# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
-# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
-# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
-# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
-# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
-# </IfModule>
-# </IfModule>
-#</IfModule>
+++ /dev/null
-/etc/nagios3/apache2.conf
\ No newline at end of file
+++ /dev/null
-# Define an access log for VirtualHosts that don't define their own logfile
-CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
+++ /dev/null
-#
-# Disable access to the entire file system except for the directories that
-# are explicitly allowed later.
-#
-# This currently breaks the configurations that come with some web application
-# Debian packages.
-#
-#<Directory />
-# AllowOverride None
-# Order Deny,Allow
-# Deny from all
-#</Directory>
-
-
-# Changing the following options will not really affect the security of the
-# server, but might make attacks slightly more difficult in some cases.
-
-#
-# ServerTokens
-# This directive configures what you return as the Server HTTP response
-# Header. The default is 'Full' which sends information about the OS-Type
-# and compiled in modules.
-# Set to one of: Full | OS | Minimal | Minor | Major | Prod
-# where Full conveys the most information, and Prod the least.
-#
-#ServerTokens Minimal
-ServerTokens OS
-#ServerTokens Full
-
-#
-# Optionally add a line containing the server version and virtual host
-# name to server-generated pages (internal error documents, FTP directory
-# listings, mod_status and mod_info output etc., but not CGI generated
-# documents or custom error documents).
-# Set to "EMail" to also include a mailto: link to the ServerAdmin.
-# Set to one of: On | Off | EMail
-#
-#ServerSignature Off
-ServerSignature On
-
-#
-# Allow TRACE method
-#
-# Set to "extended" to also reflect the request body (only for testing and
-# diagnostic purposes).
-#
-# Set to one of: On | Off | extended
-#
-TraceEnable Off
-#TraceEnable On
-
# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
-export APACHE_PID_FILE=/var/run/apache2$SUFFIX.pid
+# temporary state file location. This might be changed to /run in Wheezy+1
+export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
## If you need a higher file descriptor limit, uncomment and adjust the
## following line (default is 8192):
#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536'
+
+## If you would like to pass arguments to the web server, add them below
+## to the APACHE_ARGUMENTS environment.
+#export APACHE_ARGUMENTS=''
+
+## Enable the debug mode for maintainer scripts.
+## This will produce a verbose output on package installations of web server modules and web application
+## installations which interact with Apache
+#export APACHE2_MAINTSCRIPT_DEBUG=1
--- /dev/null
+# Depends: authn_core
+LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so
# Format: Action handler-name /cgi-script/location
#
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
<IfModule alias_module>
-#
-# Aliases: Add here as many aliases as you need (with no limit). The format is
-# Alias fakename realname
-#
-# Note that if you include a trailing / on fakename then the server will
-# require it to be present in the URL. So "/icons" isn't aliased in this
-# example, only "/icons/". If the fakename is slash-terminated, then the
-# realname must also be slash terminated, and if the fakename omits the
-# trailing slash, the realname must also omit it.
-#
-# We include the /icons/ alias for FancyIndexed directory listings. If
-# you do not use FancyIndexing, you may comment this out.
-#
-Alias /icons/ "/usr/share/apache2/icons/"
+ # Aliases: Add here as many aliases as you need (with no limit). The format is
+ # Alias fakename realname
+ #
+ # Note that if you include a trailing / on fakename then the server will
+ # require it to be present in the URL. So "/icons" isn't aliased in this
+ # example, only "/icons/". If the fakename is slash-terminated, then the
+ # realname must also be slash terminated, and if the fakename omits the
+ # trailing slash, the realname must also omit it.
+ #
+ # We include the /icons/ alias for FancyIndexed directory listings. If
+ # you do not use FancyIndexing, you may comment this out.
-<Directory "/usr/share/apache2/icons">
- Options FollowSymlinks
- AllowOverride None
- Order allow,deny
- Allow from all
-</Directory>
+ Alias /icons/ "/usr/share/apache2/icons/"
+
+ <Directory "/usr/share/apache2/icons">
+ Options FollowSymlinks
+ AllowOverride None
+ Require all granted
+ </Directory>
</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule allowmethods_module /usr/lib/apache2/modules/mod_allowmethods.so
+# Depends: mime
LoadModule asis_module /usr/lib/apache2/modules/mod_asis.so
+# Depends: authn_core
LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so
+# Depends: authn_core
LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so
--- /dev/null
+# Depends: session authn_core
+LoadModule auth_form_module /usr/lib/apache2/modules/mod_auth_form.so
+++ /dev/null
-LoadModule authn_alias_module /usr/lib/apache2/modules/mod_authn_alias.so
--- /dev/null
+LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so
+++ /dev/null
-LoadModule authn_default_module /usr/lib/apache2/modules/mod_authn_default.so
--- /dev/null
+LoadModule authn_socache_module /usr/lib/apache2/modules/mod_authn_socache.so
--- /dev/null
+LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
--- /dev/null
+# Depends: dbd authz_core
+LoadModule authz_dbd_module /usr/lib/apache2/modules/mod_authz_dbd.so
+# Depends: authz_core
LoadModule authz_dbm_module /usr/lib/apache2/modules/mod_authz_dbm.so
+++ /dev/null
-LoadModule authz_default_module /usr/lib/apache2/modules/mod_authz_default.so
+# Depends: authz_core
LoadModule authz_groupfile_module /usr/lib/apache2/modules/mod_authz_groupfile.so
+# Depends: authz_core
LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
+# Depends: authz_core
LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so
<IfModule mod_autoindex.c>
-#
-# Directives controlling the display of server-generated directory listings.
-#
+ # Directives controlling the display of server-generated directory listings.
-#
-# IndexOptions: Controls the appearance of server-generated directory
-# listings.
-# Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
-#
-IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
+ #
+ # IndexOptions: Controls the appearance of server-generated directory
+ # listings.
+ # Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
+ IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
-#
-# AddIcon* directives tell the server which icon to show for different
-# files or filename extensions. These are only displayed for
-# FancyIndexed directories.
-#
-AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
+ #
+ # AddIcon* directives tell the server which icon to show for different
+ # files or filename extensions. These are only displayed for
+ # FancyIndexed directories.
+ AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
-AddIconByType (TXT,/icons/text.gif) text/*
-AddIconByType (IMG,/icons/image2.gif) image/*
-AddIconByType (SND,/icons/sound2.gif) audio/*
-AddIconByType (VID,/icons/movie.gif) video/*
+ AddIconByType (TXT,/icons/text.gif) text/*
+ AddIconByType (IMG,/icons/image2.gif) image/*
+ AddIconByType (SND,/icons/sound2.gif) audio/*
+ AddIconByType (VID,/icons/movie.gif) video/*
-AddIcon /icons/binary.gif .bin .exe
-AddIcon /icons/binhex.gif .hqx
-AddIcon /icons/tar.gif .tar
-AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
-AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
-AddIcon /icons/a.gif .ps .ai .eps
-AddIcon /icons/layout.gif .html .shtml .htm .pdf
-AddIcon /icons/text.gif .txt
-AddIcon /icons/c.gif .c
-AddIcon /icons/p.gif .pl .py
-AddIcon /icons/f.gif .for
-AddIcon /icons/dvi.gif .dvi
-AddIcon /icons/uuencoded.gif .uu
-AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
-AddIcon /icons/tex.gif .tex
-# It's a suffix rule, so simply matching "core" matches "score" as well !
-AddIcon /icons/bomb.gif /core
-AddIcon (SND,/icons/sound2.gif) .ogg
-AddIcon (VID,/icons/movie.gif) .ogm
+ AddIcon /icons/binary.gif .bin .exe
+ AddIcon /icons/binhex.gif .hqx
+ AddIcon /icons/tar.gif .tar
+ AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+ AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+ AddIcon /icons/a.gif .ps .ai .eps
+ AddIcon /icons/layout.gif .html .shtml .htm .pdf
+ AddIcon /icons/text.gif .txt
+ AddIcon /icons/c.gif .c
+ AddIcon /icons/p.gif .pl .py
+ AddIcon /icons/f.gif .for
+ AddIcon /icons/dvi.gif .dvi
+ AddIcon /icons/uuencoded.gif .uu
+ AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+ AddIcon /icons/tex.gif .tex
+ # It's a suffix rule, so simply matching "core" matches "score" as well !
+ AddIcon /icons/bomb.gif /core
+ AddIcon (SND,/icons/sound2.gif) .ogg
+ AddIcon (VID,/icons/movie.gif) .ogm
-AddIcon /icons/back.gif ..
-AddIcon /icons/hand.right.gif README
-AddIcon /icons/folder.gif ^^DIRECTORY^^
-AddIcon /icons/blank.gif ^^BLANKICON^^
+ AddIcon /icons/back.gif ..
+ AddIcon /icons/hand.right.gif README
+ AddIcon /icons/folder.gif ^^DIRECTORY^^
+ AddIcon /icons/blank.gif ^^BLANKICON^^
-# Default icons for OpenDocument format
-AddIcon /icons/odf6odt-20x22.png .odt
-AddIcon /icons/odf6ods-20x22.png .ods
-AddIcon /icons/odf6odp-20x22.png .odp
-AddIcon /icons/odf6odg-20x22.png .odg
-AddIcon /icons/odf6odc-20x22.png .odc
-AddIcon /icons/odf6odf-20x22.png .odf
-AddIcon /icons/odf6odb-20x22.png .odb
-AddIcon /icons/odf6odi-20x22.png .odi
-AddIcon /icons/odf6odm-20x22.png .odm
+ # Default icons for OpenDocument format
+ AddIcon /icons/odf6odt-20x22.png .odt
+ AddIcon /icons/odf6ods-20x22.png .ods
+ AddIcon /icons/odf6odp-20x22.png .odp
+ AddIcon /icons/odf6odg-20x22.png .odg
+ AddIcon /icons/odf6odc-20x22.png .odc
+ AddIcon /icons/odf6odf-20x22.png .odf
+ AddIcon /icons/odf6odb-20x22.png .odb
+ AddIcon /icons/odf6odi-20x22.png .odi
+ AddIcon /icons/odf6odm-20x22.png .odm
-AddIcon /icons/odf6ott-20x22.png .ott
-AddIcon /icons/odf6ots-20x22.png .ots
-AddIcon /icons/odf6otp-20x22.png .otp
-AddIcon /icons/odf6otg-20x22.png .otg
-AddIcon /icons/odf6otc-20x22.png .otc
-AddIcon /icons/odf6otf-20x22.png .otf
-AddIcon /icons/odf6oti-20x22.png .oti
-AddIcon /icons/odf6oth-20x22.png .oth
+ AddIcon /icons/odf6ott-20x22.png .ott
+ AddIcon /icons/odf6ots-20x22.png .ots
+ AddIcon /icons/odf6otp-20x22.png .otp
+ AddIcon /icons/odf6otg-20x22.png .otg
+ AddIcon /icons/odf6otc-20x22.png .otc
+ AddIcon /icons/odf6otf-20x22.png .otf
+ AddIcon /icons/odf6oti-20x22.png .oti
+ AddIcon /icons/odf6oth-20x22.png .oth
-#
-# DefaultIcon is which icon to show for files which do not have an icon
-# explicitly set.
-#
-DefaultIcon /icons/unknown.gif
+ #
+ # DefaultIcon is which icon to show for files which do not have an icon
+ # explicitly set.
+ DefaultIcon /icons/unknown.gif
-#
-# AddDescription allows you to place a short description after a file in
-# server-generated indexes. These are only displayed for FancyIndexed
-# directories.
-# Format: AddDescription "description" filename
-#
-#AddDescription "GZIP compressed document" .gz
-#AddDescription "tar archive" .tar
-#AddDescription "GZIP compressed tar archive" .tgz
+ #
+ # AddDescription allows you to place a short description after a file in
+ # server-generated indexes. These are only displayed for FancyIndexed
+ # directories.
+ # Format: AddDescription "description" filename
+ #AddDescription "GZIP compressed document" .gz
+ #AddDescription "tar archive" .tar
+ #AddDescription "GZIP compressed tar archive" .tgz
-#
-# ReadmeName is the name of the README file the server will look for by
-# default, and append to directory listings.
-#
-# HeaderName is the name of a file which should be prepended to
-# directory indexes.
-ReadmeName README.html
-HeaderName HEADER.html
+ #
+ # ReadmeName is the name of the README file the server will look for by
+ # default, and append to directory listings.
+ #
+ # HeaderName is the name of a file which should be prepended to
+ # directory indexes
+ ReadmeName README.html
+ HeaderName HEADER.html
-#
-# IndexIgnore is a set of filenames which directory indexing should ignore
-# and not include in the listing. Shell-style wildcarding is permitted.
-#
-IndexIgnore .??* *~ *# RCS CVS *,v *,t
+ #
+ # IndexIgnore is a set of filenames which directory indexing should ignore
+ # and not include in the listing. Shell-style wildcarding is permitted.
+ IndexIgnore .??* *~ *# RCS CVS *,v *,t
</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule buffer_module /usr/lib/apache2/modules/mod_buffer.so
--- /dev/null
+<IfModule mod_cache_disk.c>
+
+ # cache cleaning is done by htcacheclean, which can be configured in
+ # /etc/default/apache2
+ #
+ # For further information, see the comments in that file,
+ # /usr/share/doc/apache2/README.Debian, and the htcacheclean(8)
+ # man page.
+
+ # This path must be the same as the one in /etc/default/apache2
+ CacheRoot /var/cache/apache2/mod_cache_disk
+
+ # This will also cache local documents. It usually makes more sense to
+ # put this into the configuration for just one virtual host.
+ #CacheEnable disk /
+
+
+ # The result of CacheDirLevels * CacheDirLength must not be higher than
+ # 20. Moreover, pay attention on file system limits. Some file systems
+ # do not support more than a certain number of inodes and
+ # subdirectories (e.g. 32000 for ext3)
+ CacheDirLevels 2
+ CacheDirLength 1
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Depends: cache
+LoadModule cache_disk_module /usr/lib/apache2/modules/mod_cache_disk.so
--- /dev/null
+# Depends: cache
+LoadModule cache_socache_module /usr/lib/apache2/modules/mod_cache_socache.so
+++ /dev/null
-LoadModule cern_meta_module /usr/lib/apache2/modules/mod_cern_meta.so
# Socket for cgid communication
ScriptSock ${APACHE_RUN_DIR}/cgisock
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule data_module /usr/lib/apache2/modules/mod_data.so
DAVLockDB ${APACHE_LOCK_DIR}/DAVLock
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
<IfModule mod_deflate.c>
- # these are known to be safe with MSIE 6
- AddOutputFilterByType DEFLATE text/html text/plain text/xml
+ <IfModule mod_filter.c>
+ # these are known to be safe with MSIE 6
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml
- # everything else may cause problems with MSIE 6
- AddOutputFilterByType DEFLATE text/css
- AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
- AddOutputFilterByType DEFLATE application/rss+xml
+ # everything else may cause problems with MSIE 6
+ AddOutputFilterByType DEFLATE text/css
+ AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
+ AddOutputFilterByType DEFLATE application/rss+xml
+ AddOutputFilterByType DEFLATE application/xml
+ </IfModule>
</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+# Depends: filter
LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so
--- /dev/null
+LoadModule dialup_module /usr/lib/apache2/modules/mod_dialup.so
<IfModule mod_dir.c>
-
- DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
-
+ DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+++ /dev/null
-<IfModule mod_disk_cache.c>
-# cache cleaning is done by htcacheclean, which can be configured in
-# /etc/default/apache2
-#
-# For further information, see the comments in that file,
-# /usr/share/doc/apache2.2-common/README.Debian, and the htcacheclean(8)
-# man page.
-
- # This path must be the same as the one in /etc/default/apache2
- CacheRoot /var/cache/apache2/mod_disk_cache
-
- # This will also cache local documents. It usually makes more sense to
- # put this into the configuration for just one virtual host.
-
- #CacheEnable disk /
-
- CacheDirLevels 5
- CacheDirLength 3
-</IfModule>
+++ /dev/null
-# Depends: cache
-LoadModule disk_cache_module /usr/lib/apache2/modules/mod_disk_cache.so
--- /dev/null
+LoadModule echo_module /usr/lib/apache2/modules/mod_echo.so
<IfModule mod_fcgid.c>
- AddHandler fcgid-script .fcgi
FcgidConnectTimeout 20
+
+ <IfModule mod_mime.c>
+ AddHandler fcgid-script .fcgi
+ </IfModule>
</IfModule>
--- /dev/null
+# This module depends on mod_watchdog to be loaded before. In Debian, this
+# module is statically linked.
+LoadModule heartbeat_module /usr/lib/apache2/modules/mod_heartbeat.so
--- /dev/null
+# This module depends on mod_watchdog to be loaded before. In Debian, this
+# module is statically linked.
+LoadModule heartmonitor_module /usr/lib/apache2/modules/mod_heartmonitor.so
+++ /dev/null
-LoadModule ident_module /usr/lib/apache2/modules/mod_ident.so
+++ /dev/null
-LoadModule imagemap_module /usr/lib/apache2/modules/mod_imagemap.so
+# Depends: mime
LoadModule include_module /usr/lib/apache2/modules/mod_include.so
<IfModule mod_info.c>
-#
-# Allow remote server configuration reports, with the URL of
-# http://servername/server-info (requires that mod_info.c be loaded).
-# Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
-#
-<Location /server-info>
- SetHandler server-info
- Order deny,allow
- Deny from all
- Allow from 127.0.0.1 ::1
-# Allow from 192.0.2.0/24
-</Location>
+
+ # Allow remote server configuration reports, with the URL of
+ # http://servername/server-info (requires that mod_info.c be loaded).
+ # Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
+ #
+ <Location /server-info>
+ SetHandler server-info
+ Require local
+ #Require ip 192.0.2.0/24
+ </Location>
</IfModule>
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Depends: proxy_balancer
+LoadModule lbmethod_bybusyness_module /usr/lib/apache2/modules/mod_lbmethod_bybusyness.so
--- /dev/null
+# Depends: proxy_balancer
+LoadModule lbmethod_byrequests_module /usr/lib/apache2/modules/mod_lbmethod_byrequests.so
--- /dev/null
+# Depends: proxy_balancer
+LoadModule lbmethod_bytraffic_module /usr/lib/apache2/modules/mod_lbmethod_bytraffic.so
--- /dev/null
+# Depends: proxy_balancer
+LoadModule lbmethod_heartbeat_module /usr/lib/apache2/modules/mod_lbmethod_heartbeat.so
<Location /ldap-status>
- SetHandler ldap-status
- Order deny,allow
- Deny from all
- Allow from 127.0.0.1 ::1
-# Allow from 192.0.2.0/24
- Satisfy all
+ SetHandler ldap-status
+ Require local
</Location>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule log_debug_module /usr/lib/apache2/modules/mod_log_debug.so
--- /dev/null
+LoadModule lua_module /usr/lib/apache2/modules/mod_lua.so
--- /dev/null
+LoadModule macro_module /usr/lib/apache2/modules/mod_macro.so
+++ /dev/null
-<IfModule mod_mem_cache.c>
- CacheEnable mem /
- MCacheSize 4096
- MCacheMaxObjectCount 100
- MCacheMinObjectSize 1
- MCacheMaxObjectSize 2048
-</IfModule>
+++ /dev/null
-# Depends: cache
-LoadModule mem_cache_module /usr/lib/apache2/modules/mod_mem_cache.so
<IfModule mod_mime.c>
-#
-# TypesConfig points to the file containing the list of mappings from
-# filename extension to MIME-type.
-#
-TypesConfig /etc/mime.types
+ #
+ # TypesConfig points to the file containing the list of mappings from
+ # filename extension to MIME-type.
+ #
+ TypesConfig /etc/mime.types
-#
-# AddType allows you to add to or override the MIME configuration
-# file mime.types for specific file types.
-#
-#AddType application/x-gzip .tgz
-#
-# AddEncoding allows you to have certain browsers uncompress
-# information on the fly. Note: Not all browsers support this.
-# Despite the name similarity, the following Add* directives have
-# nothing to do with the FancyIndexing customization directives above.
-#
-#AddEncoding x-compress .Z
-#AddEncoding x-gzip .gz .tgz
-#AddEncoding x-bzip2 .bz2
-#
-# If the AddEncoding directives above are commented-out, then you
-# probably should define those extensions to indicate media types:
-#
-AddType application/x-compress .Z
-AddType application/x-gzip .gz .tgz
-AddType application/x-bzip2 .bz2
+ #
+ # AddType allows you to add to or override the MIME configuration
+ # file mime.types for specific file types.
+ #
+ #AddType application/x-gzip .tgz
+ #
+ # AddEncoding allows you to have certain browsers uncompress
+ # information on the fly. Note: Not all browsers support this.
+ # Despite the name similarity, the following Add* directives have
+ # nothing to do with the FancyIndexing customization directives above.
+ #
+ #AddEncoding x-compress .Z
+ #AddEncoding x-gzip .gz .tgz
+ #AddEncoding x-bzip2 .bz2
+ #
+ # If the AddEncoding directives above are commented-out, then you
+ # probably should define those extensions to indicate media types:
+ #
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+ AddType application/x-bzip2 .bz2
-#
-# DefaultLanguage and AddLanguage allows you to specify the language of
-# a document. You can then use content negotiation to give a browser a
-# file in a language the user can understand.
-#
-# Specify a default language. This means that all data
-# going out without a specific language tag (see below) will
-# be marked with this one. You probably do NOT want to set
-# this unless you are sure it is correct for all cases.
-#
-# * It is generally better to not mark a page as
-# * being a certain language than marking it with the wrong
-# * language!
-#
-# DefaultLanguage nl
-#
-# Note 1: The suffix does not have to be the same as the language
-# keyword --- those with documents in Polish (whose net-standard
-# language code is pl) may wish to use "AddLanguage pl .po" to
-# avoid the ambiguity with the common suffix for perl scripts.
-#
-# Note 2: The example entries below illustrate that in some cases
-# the two character 'Language' abbreviation is not identical to
-# the two character 'Country' code for its country,
-# E.g. 'Danmark/dk' versus 'Danish/da'.
-#
-# Note 3: In the case of 'ltz' we violate the RFC by using a three char
-# specifier. There is 'work in progress' to fix this and get
-# the reference data for rfc1766 cleaned up.
-#
-# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
-# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
-# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
-# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
-# Norwegian (no) - Polish (pl) - Portugese (pt)
-# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
-# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
-#
-AddLanguage am .amh
-AddLanguage ar .ara
-AddLanguage be .be
-AddLanguage bg .bg
-AddLanguage bn .bn
-AddLanguage br .br
-AddLanguage bs .bs
-AddLanguage ca .ca
-AddLanguage cs .cz .cs
-AddLanguage cy .cy
-AddLanguage da .dk
-AddLanguage de .de
-AddLanguage dz .dz
-AddLanguage el .el
-AddLanguage en .en
-AddLanguage eo .eo
-# es is ecmascript in /etc/mime.types
-RemoveType es
-AddLanguage es .es
-AddLanguage et .et
-AddLanguage eu .eu
-AddLanguage fa .fa
-AddLanguage fi .fi
-AddLanguage fr .fr
-AddLanguage ga .ga
-AddLanguage gl .glg
-AddLanguage gu .gu
-AddLanguage he .he
-AddLanguage hi .hi
-AddLanguage hr .hr
-AddLanguage hu .hu
-AddLanguage hy .hy
-AddLanguage id .id
-AddLanguage is .is
-AddLanguage it .it
-AddLanguage ja .ja
-AddLanguage ka .ka
-AddLanguage kk .kk
-AddLanguage km .km
-AddLanguage kn .kn
-AddLanguage ko .ko
-AddLanguage ku .ku
-AddLanguage lo .lo
-AddLanguage lt .lt
-AddLanguage ltz .ltz
-AddLanguage lv .lv
-AddLanguage mg .mg
-AddLanguage mk .mk
-AddLanguage ml .ml
-AddLanguage mr .mr
-AddLanguage ms .msa
-AddLanguage nb .nob
-AddLanguage ne .ne
-AddLanguage nl .nl
-AddLanguage nn .nn
-AddLanguage no .no
-AddLanguage pa .pa
-AddLanguage pl .po
-AddLanguage pt-BR .pt-br
-AddLanguage pt .pt
-AddLanguage ro .ro
-AddLanguage ru .ru
-AddLanguage sa .sa
-AddLanguage se .se
-AddLanguage si .si
-AddLanguage sk .sk
-AddLanguage sl .sl
-AddLanguage sq .sq
-AddLanguage sr .sr
-AddLanguage sv .sv
-AddLanguage ta .ta
-AddLanguage te .te
-AddLanguage th .th
-AddLanguage tl .tl
-RemoveType tr
-# tr is troff in /etc/mime.types
-AddLanguage tr .tr
-AddLanguage uk .uk
-AddLanguage ur .ur
-AddLanguage vi .vi
-AddLanguage wo .wo
-AddLanguage xh .xh
-AddLanguage zh-CN .zh-cn
-AddLanguage zh-TW .zh-tw
+ #
+ # DefaultLanguage and AddLanguage allows you to specify the language of
+ # a document. You can then use content negotiation to give a browser a
+ # file in a language the user can understand.
+ #
+ # Specify a default language. This means that all data
+ # going out without a specific language tag (see below) will
+ # be marked with this one. You probably do NOT want to set
+ # this unless you are sure it is correct for all cases.
+ #
+ # * It is generally better to not mark a page as
+ # * being a certain language than marking it with the wrong
+ # * language!
+ #
+ # DefaultLanguage nl
+ #
+ # Note 1: The suffix does not have to be the same as the language
+ # keyword --- those with documents in Polish (whose net-standard
+ # language code is pl) may wish to use "AddLanguage pl .po" to
+ # avoid the ambiguity with the common suffix for perl scripts.
+ #
+ # Note 2: The example entries below illustrate that in some cases
+ # the two character 'Language' abbreviation is not identical to
+ # the two character 'Country' code for its country,
+ # E.g. 'Danmark/dk' versus 'Danish/da'.
+ #
+ # Note 3: In the case of 'ltz' we violate the RFC by using a three char
+ # specifier. There is 'work in progress' to fix this and get
+ # the reference data for rfc1766 cleaned up.
+ #
+ # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+ # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+ # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+ # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+ # Norwegian (no) - Polish (pl) - Portugese (pt)
+ # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+ # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+ #
+ AddLanguage am .amh
+ AddLanguage ar .ara
+ AddLanguage be .be
+ AddLanguage bg .bg
+ AddLanguage bn .bn
+ AddLanguage br .br
+ AddLanguage bs .bs
+ AddLanguage ca .ca
+ AddLanguage cs .cz .cs
+ AddLanguage cy .cy
+ AddLanguage da .dk
+ AddLanguage de .de
+ AddLanguage dz .dz
+ AddLanguage el .el
+ AddLanguage en .en
+ AddLanguage eo .eo
+ # es is ecmascript in /etc/mime.types
+ RemoveType es
+ AddLanguage es .es
+ AddLanguage et .et
+ AddLanguage eu .eu
+ AddLanguage fa .fa
+ AddLanguage fi .fi
+ AddLanguage fr .fr
+ AddLanguage ga .ga
+ AddLanguage gl .glg
+ AddLanguage gu .gu
+ AddLanguage he .he
+ AddLanguage hi .hi
+ AddLanguage hr .hr
+ AddLanguage hu .hu
+ AddLanguage hy .hy
+ AddLanguage id .id
+ AddLanguage is .is
+ AddLanguage it .it
+ AddLanguage ja .ja
+ AddLanguage ka .ka
+ AddLanguage kk .kk
+ AddLanguage km .km
+ AddLanguage kn .kn
+ AddLanguage ko .ko
+ AddLanguage ku .ku
+ AddLanguage lo .lo
+ AddLanguage lt .lt
+ AddLanguage ltz .ltz
+ AddLanguage lv .lv
+ AddLanguage mg .mg
+ AddLanguage mk .mk
+ AddLanguage ml .ml
+ AddLanguage mr .mr
+ AddLanguage ms .msa
+ AddLanguage nb .nob
+ AddLanguage ne .ne
+ AddLanguage nl .nl
+ AddLanguage nn .nn
+ AddLanguage no .no
+ AddLanguage pa .pa
+ AddLanguage pl .po
+ AddLanguage pt-BR .pt-br
+ AddLanguage pt .pt
+ AddLanguage ro .ro
+ AddLanguage ru .ru
+ AddLanguage sa .sa
+ AddLanguage se .se
+ AddLanguage si .si
+ AddLanguage sk .sk
+ AddLanguage sl .sl
+ AddLanguage sq .sq
+ AddLanguage sr .sr
+ AddLanguage sv .sv
+ AddLanguage ta .ta
+ AddLanguage te .te
+ AddLanguage th .th
+ AddLanguage tl .tl
+ RemoveType tr
+ # tr is troff in /etc/mime.types
+ AddLanguage tr .tr
+ AddLanguage uk .uk
+ AddLanguage ur .ur
+ AddLanguage vi .vi
+ AddLanguage wo .wo
+ AddLanguage xh .xh
+ AddLanguage zh-CN .zh-cn
+ AddLanguage zh-TW .zh-tw
-#
-# Commonly used filename extensions to character sets. You probably
-# want to avoid clashes with the language extensions, unless you
-# are good at carefully testing your setup after each change.
-# See http://www.iana.org/assignments/character-sets for the
-# official list of charset names and their respective RFCs.
-#
-AddCharset us-ascii .ascii .us-ascii
-AddCharset ISO-8859-1 .iso8859-1 .latin1
-AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
-AddCharset ISO-8859-3 .iso8859-3 .latin3
-AddCharset ISO-8859-4 .iso8859-4 .latin4
-AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
-AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
-AddCharset ISO-8859-7 .iso8859-7 .grk .greek
-AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
-AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
-AddCharset ISO-8859-10 .iso8859-10 .latin6
-AddCharset ISO-8859-13 .iso8859-13
-AddCharset ISO-8859-14 .iso8859-14 .latin8
-AddCharset ISO-8859-15 .iso8859-15 .latin9
-AddCharset ISO-8859-16 .iso8859-16 .latin10
-AddCharset ISO-2022-JP .iso2022-jp .jis
-AddCharset ISO-2022-KR .iso2022-kr .kis
-AddCharset ISO-2022-CN .iso2022-cn .cis
-AddCharset Big5 .Big5 .big5 .b5
-AddCharset cn-Big5 .cn-big5
-# For russian, more than one charset is used (depends on client, mostly):
-AddCharset WINDOWS-1251 .cp-1251 .win-1251
-AddCharset CP866 .cp866
-AddCharset KOI8 .koi8
-AddCharset KOI8-E .koi8-e
-AddCharset KOI8-r .koi8-r .koi8-ru
-AddCharset KOI8-U .koi8-u
-AddCharset KOI8-ru .koi8-uk .ua
-AddCharset ISO-10646-UCS-2 .ucs2
-AddCharset ISO-10646-UCS-4 .ucs4
-AddCharset UTF-7 .utf7
-AddCharset UTF-8 .utf8
-AddCharset UTF-16 .utf16
-AddCharset UTF-16BE .utf16be
-AddCharset UTF-16LE .utf16le
-AddCharset UTF-32 .utf32
-AddCharset UTF-32BE .utf32be
-AddCharset UTF-32LE .utf32le
-AddCharset euc-cn .euc-cn
-AddCharset euc-gb .euc-gb
-AddCharset euc-jp .euc-jp
-AddCharset euc-kr .euc-kr
-#Not sure how euc-tw got in - IANA doesn't list it???
-AddCharset EUC-TW .euc-tw
-AddCharset gb2312 .gb2312 .gb
-AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
-AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
-AddCharset shift_jis .shift_jis .sjis
+ #
+ # Commonly used filename extensions to character sets. You probably
+ # want to avoid clashes with the language extensions, unless you
+ # are good at carefully testing your setup after each change.
+ # See http://www.iana.org/assignments/character-sets for the
+ # official list of charset names and their respective RFCs.
+ #
+ AddCharset us-ascii .ascii .us-ascii
+ AddCharset ISO-8859-1 .iso8859-1 .latin1
+ AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
+ AddCharset ISO-8859-3 .iso8859-3 .latin3
+ AddCharset ISO-8859-4 .iso8859-4 .latin4
+ AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
+ AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
+ AddCharset ISO-8859-7 .iso8859-7 .grk .greek
+ AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
+ AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
+ AddCharset ISO-8859-10 .iso8859-10 .latin6
+ AddCharset ISO-8859-13 .iso8859-13
+ AddCharset ISO-8859-14 .iso8859-14 .latin8
+ AddCharset ISO-8859-15 .iso8859-15 .latin9
+ AddCharset ISO-8859-16 .iso8859-16 .latin10
+ AddCharset ISO-2022-JP .iso2022-jp .jis
+ AddCharset ISO-2022-KR .iso2022-kr .kis
+ AddCharset ISO-2022-CN .iso2022-cn .cis
+ AddCharset Big5 .Big5 .big5 .b5
+ AddCharset cn-Big5 .cn-big5
+ # For russian, more than one charset is used (depends on client, mostly):
+ AddCharset WINDOWS-1251 .cp-1251 .win-1251
+ AddCharset CP866 .cp866
+ AddCharset KOI8 .koi8
+ AddCharset KOI8-E .koi8-e
+ AddCharset KOI8-r .koi8-r .koi8-ru
+ AddCharset KOI8-U .koi8-u
+ AddCharset KOI8-ru .koi8-uk .ua
+ AddCharset ISO-10646-UCS-2 .ucs2
+ AddCharset ISO-10646-UCS-4 .ucs4
+ AddCharset UTF-7 .utf7
+ AddCharset UTF-8 .utf8
+ AddCharset UTF-16 .utf16
+ AddCharset UTF-16BE .utf16be
+ AddCharset UTF-16LE .utf16le
+ AddCharset UTF-32 .utf32
+ AddCharset UTF-32BE .utf32be
+ AddCharset UTF-32LE .utf32le
+ AddCharset euc-cn .euc-cn
+ AddCharset euc-gb .euc-gb
+ AddCharset euc-jp .euc-jp
+ AddCharset euc-kr .euc-kr
+ #Not sure how euc-tw got in - IANA doesn't list it???
+ AddCharset EUC-TW .euc-tw
+ AddCharset gb2312 .gb2312 .gb
+ AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
+ AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
+ AddCharset shift_jis .shift_jis .sjis
+ AddCharset BRF .brf
-#
-# AddHandler allows you to map certain file extensions to "handlers":
-# actions unrelated to filetype. These can be either built into the server
-# or added with the Action directive (see below)
-#
-# To use CGI scripts outside of ScriptAliased directories:
-# (You will also need to add "ExecCGI" to the "Options" directive.)
-#
-#AddHandler cgi-script .cgi
+ #
+ # AddHandler allows you to map certain file extensions to "handlers":
+ # actions unrelated to filetype. These can be either built into the server
+ # or added with the Action directive (see below)
+ #
+ # To use CGI scripts outside of ScriptAliased directories:
+ # (You will also need to add "ExecCGI" to the "Options" directive.)
+ #
+ #AddHandler cgi-script .cgi
-#
-# For files that include their own HTTP headers:
-#
-#AddHandler send-as-is asis
+ #
+ # For files that include their own HTTP headers:
+ #
+ #AddHandler send-as-is asis
-#
-# For server-parsed imagemap files:
-#
-#AddHandler imap-file map
+ #
+ # For server-parsed imagemap files:
+ #
+ #AddHandler imap-file map
-#
-# For type maps (negotiated resources):
-# (This is enabled by default to allow the Apache "It Worked" page
-# to be distributed in multiple languages.)
-#
-AddHandler type-map var
+ #
+ # For type maps (negotiated resources):
+ # (This is enabled by default to allow the Apache "It Worked" page
+ # to be distributed in multiple languages.)
+ #
+ AddHandler type-map var
-#
-# Filters allow you to process content before it is sent to the client.
-#
-# To parse .shtml files for server-side includes (SSI):
-# (You will also need to add "Includes" to the "Options" directive.)
-#
-AddType text/html .shtml
-AddOutputFilter INCLUDES .shtml
+ #
+ # Filters allow you to process content before it is sent to the client.
+ #
+ # To parse .shtml files for server-side includes (SSI):
+ # (You will also need to add "Includes" to the "Options" directive.)
+ #
+ AddType text/html .shtml
+ AddOutputFilter INCLUDES .shtml
</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
<IfModule mod_mime_magic.c>
- MIMEMagicFile /etc/apache2/magic
+ MIMEMagicFile /etc/apache2/magic
</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# event MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestWorkers: maximum number of worker threads
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+<IfModule mpm_event_module>
+ StartServers 2
+ MinSpareThreads 25
+ MaxSpareThreads 75
+ ThreadLimit 64
+ ThreadsPerChild 25
+ MaxRequestWorkers 150
+ MaxConnectionsPerChild 0
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Conflicts: mpm_worker mpm_prefork mpm_itk
+LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
--- /dev/null
+# prefork MPM
+# StartServers: number of server processes to start
+# MinSpareServers: minimum number of server processes which are kept spare
+# MaxSpareServers: maximum number of server processes which are kept spare
+# MaxRequestWorkers: maximum number of server processes allowed to start
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+
+<IfModule mpm_prefork_module>
+ StartServers 5
+ MinSpareServers 5
+ MaxSpareServers 10
+ MaxRequestWorkers 150
+ MaxConnectionsPerChild 0
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Conflicts: mpm_event mpm_worker mpm_itk
+LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so
--- /dev/null
+# worker MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
+# graceful restart. ThreadLimit can only be changed by stopping
+# and starting Apache.
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestWorkers: maximum number of threads
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+
+<IfModule mpm_worker_module>
+ StartServers 2
+ MinSpareThreads 25
+ MaxSpareThreads 75
+ ThreadLimit 64
+ ThreadsPerChild 25
+ MaxRequestWorkers 150
+ MaxConnectionsPerChild 0
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Conflicts: mpm_event mpm_prefork mpm_itk
+LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so
<IfModule mod_negotiation.c>
-#
-# LanguagePriority allows you to give precedence to some languages
-# in case of a tie during content negotiation.
-#
-# Just list the languages in decreasing order of preference. We have
-# more or less alphabetized them here. You probably want to change this.
-#
-LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
-#
-# ForceLanguagePriority allows you to serve a result page rather than
-# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
-# [in case no accepted languages matched the available variants]
-#
-ForceLanguagePriority Prefer Fallback
+ # LanguagePriority allows you to give precedence to some languages
+ # in case of a tie during content negotiation.
+ #
+ # Just list the languages in decreasing order of preference. We have
+ # more or less alphabetized them here. You probably want to change this.
+ #
+ LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
+
+ #
+ # ForceLanguagePriority allows you to serve a result page rather than
+ # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+ # [in case no accepted languages matched the available variants]
+ #
+ ForceLanguagePriority Prefer Fallback
</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-<IfModule mod_php5.c>
- <FilesMatch "\.ph(p3?|tml)$">
- SetHandler application/x-httpd-php
- </FilesMatch>
- <FilesMatch "\.phps$">
- SetHandler application/x-httpd-php-source
- </FilesMatch>
- # To re-enable php in user directories comment the following lines
- # (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
- # prevents .htaccess files from disabling it.
- #<IfModule mod_userdir.c>
- # <Directory /home/*/public_html>
- # php_admin_value engine Off
- # </Directory>
- #</IfModule>
-</IfModule>
+<FilesMatch ".+\.ph(p[345]?|t|tml)$">
+ SetHandler application/x-httpd-php
+</FilesMatch>
+<FilesMatch ".+\.phps$">
+ SetHandler application/x-httpd-php-source
+ # Deny access to raw php sources by default
+ # To re-enable it's recommended to enable access to the files
+ # only in specific virtual host or directory
+ Order Deny,Allow
+ Deny from all
+</FilesMatch>
+# Deny access to files without filename (e.g. '.php')
+<FilesMatch "^\.ph(p[345]?|t|tml|ps)$">
+ Order Deny,Allow
+ Deny from all
+</FilesMatch>
+
+# Running PHP scripts in user directories is disabled by default
+#
+# To re-enable PHP in user directories comment the following lines
+# (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
+# prevents .htaccess files from disabling it.
+#<IfModule mod_userdir.c>
+# <Directory /home/*/public_html>
+# php_admin_flag engine Off
+# </Directory>
+#</IfModule>
<IfModule mod_proxy.c>
-# If you want to use apache2 as a forward proxy, uncomment the
-# 'ProxyRequests On' line and the <Proxy *> block below.
-# WARNING: Be careful to restrict access inside the <Proxy *> block.
-# Open proxy servers are dangerous both to your network and to the
-# Internet at large.
-#
-# If you only want to use apache2 as a reverse proxy/gateway in
-# front of some web application server, you DON'T need
-# 'ProxyRequests On'.
+ # If you want to use apache2 as a forward proxy, uncomment the
+
# 'ProxyRequests On' line and the <Proxy *> block below.
+
# WARNING: Be careful to restrict access inside the <Proxy *> block.
+ # Open proxy servers are dangerous both to your network and to the
+ # Internet at large.
+ #
+ # If you only want to use apache2 as a reverse proxy/gateway in
+ # front of some web application server, you DON'T need
+ # 'ProxyRequests On'.
-#ProxyRequests On
-#<Proxy *>
-# AddDefaultCharset off
-# Order deny,allow
-# Deny from all
-# #Allow from .example.com
-#</Proxy>
+ #ProxyRequests On
+ #<Proxy *>
+ # AddDefaultCharset off
+ # Require all denied
+ # #Require local
+ #</Proxy>
-# Enable/disable the handling of HTTP/1.1 "Via:" headers.
-# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
-# Set to one of: Off | On | Full | Block
-#ProxyVia Off
+ # Enable/disable the handling of HTTP/1.1 "Via:" headers.
+ # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+ # Set to one of: Off | On | Full | Block
+ #ProxyVia Off
</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
<IfModule mod_proxy_balancer.c>
-# Balancer manager enables dynamic update of balancer members
-# (needs mod_status). Uncomment to enable.
-#
-#<IfModule mod_status.c>
-#<Location /balancer-manager>
-# SetHandler balancer-manager
-# Order deny,allow
-# Deny from all
-# Allow from 127.0.0.1 ::1
-# Satisfy all
-#</Location>
-#</IfModule>
+ # Balancer manager enables dynamic update of balancer members
+ # (needs mod_status). Uncomment to enable.
+ #
+ #<IfModule mod_status.c>
+ # <Location /balancer-manager>
+ # SetHandler balancer-manager
+ # Require local
+ # </Location>
+ #</IfModule>
</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-# Depends: proxy
+# Depends: proxy alias slotmem_shm
LoadModule proxy_balancer_module /usr/lib/apache2/modules/mod_proxy_balancer.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_express_module /usr/lib/apache2/modules/mod_proxy_express.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_fdpass_module /usr/lib/apache2/modules/mod_proxy_fdpass.so
<IfModule mod_proxy_ftp.c>
-# Define the character set for proxied FTP listings. Default is ISO-8859-1
-ProxyFtpDirCharset UTF-8
+ # Define the character set for proxied FTP listings. Default is ISO-8859-1
+ ProxyFtpDirCharset UTF-8
</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Depends: proxy
+LoadModule proxy_html_module /usr/lib/apache2/modules/mod_proxy_html.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
--- /dev/null
+# Depends: env
+LoadModule ratelimit_module /usr/lib/apache2/modules/mod_ratelimit.so
--- /dev/null
+LoadModule reflector_module /usr/lib/apache2/modules/mod_reflector.so
--- /dev/null
+LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so
<IfModule reqtimeout_module>
-# mod_reqtimeout limits the time waiting on the client to prevent an
-# attacker from causing a denial of service by opening many connections
-# but not sending requests. This file tries to give a sensible default
-# configuration, but it may be necessary to tune the timeout values to
-# the actual situation. Note that it is also possible to configure
-# mod_reqtimeout per virtual host.
+ # mod_reqtimeout limits the time waiting on the client to prevent an
+ # attacker from causing a denial of service by opening many connections
+ # but not sending requests. This file tries to give a sensible default
+ # configuration, but it may be necessary to tune the timeout values to
+ # the actual situation. Note that it is also possible to configure
+ # mod_reqtimeout per virtual host.
-# Wait max 20 seconds for the first byte of the request line+headers
-# From then, require a minimum data rate of 500 bytes/s, but don't
-# wait longer than 40 seconds in total.
-# Note: Lower timeouts may make sense on non-ssl virtual hosts but can
-# cause problem with ssl enabled virtual hosts: This timeout includes
-# the time a browser may need to fetch the CRL for the certificate. If
-# the CRL server is not reachable, it may take more than 10 seconds
-# until the browser gives up.
-RequestReadTimeout header=20-40,minrate=500
+ # Wait max 20 seconds for the first byte of the request line+headers
+ # From then, require a minimum data rate of 500 bytes/s, but don't
+ # wait longer than 40 seconds in total.
+ # Note: Lower timeouts may make sense on non-ssl virtual hosts but can
+ # cause problem with ssl enabled virtual hosts: This timeout includes
+ # the time a browser may need to fetch the CRL for the certificate. If
+ # the CRL server is not reachable, it may take more than 10 seconds
+ # until the browser gives up.
+ RequestReadTimeout header=20-40,minrate=500
-# Wait max 10 seconds for the first byte of the request body (if any)
-# From then, require a minimum data rate of 500 bytes/s
-RequestReadTimeout body=10,minrate=500
+ # Wait max 10 seconds for the first byte of the request body (if any)
+ # From then, require a minimum data rate of 500 bytes/s
+ RequestReadTimeout body=10,minrate=500
</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule request_module /usr/lib/apache2/modules/mod_request.so
--- /dev/null
+LoadModule sed_module /usr/lib/apache2/modules/mod_sed.so
--- /dev/null
+LoadModule session_module /usr/lib/apache2/modules/mod_session.so
--- /dev/null
+# Depends: session
+LoadModule session_cookie_module /usr/lib/apache2/modules/mod_session_cookie.so
--- /dev/null
+# Depends: session
+LoadModule session_crypto_module /usr/lib/apache2/modules/mod_session_crypto.so
--- /dev/null
+# Depends: session
+LoadModule session_dbd_module /usr/lib/apache2/modules/mod_session_dbd.so
<IfModule mod_setenvif.c>
-#
-# The following directives modify normal HTTP response behavior to
-# handle known problems with browser implementations.
-#
-BrowserMatch "Mozilla/2" nokeepalive
-BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
-BrowserMatch "RealPlayer 4\.0" force-response-1.0
-BrowserMatch "Java/1\.0" force-response-1.0
-BrowserMatch "JDK/1\.0" force-response-1.0
+ #
+ # The following directives modify normal HTTP response behavior to
+ # handle known problems with browser implementations.
+ #
+ BrowserMatch "Mozilla/2" nokeepalive
+ BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+ BrowserMatch "RealPlayer 4\.0" force-response-1.0
+ BrowserMatch "Java/1\.0" force-response-1.0
+ BrowserMatch "JDK/1\.0" force-response-1.0
-#
-# The following directive disables redirects on non-GET requests for
-# a directory that does not include the trailing slash. This fixes a
-# problem with Microsoft WebFolders which does not appropriately handle
-# redirects for folders with DAV methods.
-# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
-#
-BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
-BrowserMatch "MS FrontPage" redirect-carefully
-BrowserMatch "^WebDrive" redirect-carefully
-BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
-BrowserMatch "^gnome-vfs/1.0" redirect-carefully
-BrowserMatch "^gvfs/1" redirect-carefully
-BrowserMatch "^XML Spy" redirect-carefully
-BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
-BrowserMatch " Konqueror/4" redirect-carefully
+ #
+ # The following directive disables redirects on non-GET requests for
+ # a directory that does not include the trailing slash. This fixes a
+ # problem with Microsoft WebFolders which does not appropriately handle
+ # redirects for folders with DAV methods.
+ # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+ #
+ BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+ BrowserMatch "MS FrontPage" redirect-carefully
+ BrowserMatch "^WebDrive" redirect-carefully
+ BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
+ BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+ BrowserMatch "^gvfs/1" redirect-carefully
+ BrowserMatch "^XML Spy" redirect-carefully
+ BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+ BrowserMatch " Konqueror/4" redirect-carefully
</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule slotmem_plain_module /usr/lib/apache2/modules/mod_slotmem_plain.so
--- /dev/null
+LoadModule slotmem_shm_module /usr/lib/apache2/modules/mod_slotmem_shm.so
--- /dev/null
+LoadModule socache_dbm_module /usr/lib/apache2/modules/mod_socache_dbm.so
--- /dev/null
+LoadModule socache_memcache_module /usr/lib/apache2/modules/mod_socache_memcache.so
--- /dev/null
+LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
-SSLMutex file:${APACHE_RUN_DIR}/ssl_mutex
+# (Disabled by default, the global Mutex directive consolidates by default
+# this)
+#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
+# Depends: setenvif mime socache_shmcb
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
<IfModule mod_status.c>
-#
-# Allow server status reports generated by mod_status,
-# with the URL of http://servername/server-status
-# Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
-#
-<Location /server-status>
- SetHandler server-status
- Order deny,allow
- Deny from all
- Allow from 127.0.0.1 ::1
-# Allow from 192.0.2.0/24
-</Location>
-
-# Keep track of extended status information for each request
-ExtendedStatus On
-
-# Determine if mod_status displays the first 63 characters of a request or
-# the last 63, assuming the request itself is greater than 63 chars.
-# Default: Off
-#SeeRequestTail On
-
-
-<IfModule mod_proxy.c>
- # Show Proxy LoadBalancer status in mod_status
- ProxyStatus On
-</IfModule>
+ # Allow server status reports generated by mod_status,
+ # with the URL of http://servername/server-status
+ # Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
+
+ <Location /server-status>
+ SetHandler server-status
+ Require local
+ #Require ip 192.0.2.0/24
+ </Location>
+
+ # Keep track of extended status information for each request
+ ExtendedStatus On
+
+ # Determine if mod_status displays the first 63 characters of a request or
+ # the last 63, assuming the request itself is greater than 63 chars.
+ # Default: Off
+ #SeeRequestTail On
+
+
+ <IfModule mod_proxy.c>
+ # Show Proxy LoadBalancer status in mod_status
+ ProxyStatus On
+ </IfModule>
</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
<IfModule mod_userdir.c>
- UserDir public_html
- UserDir disabled root
+ UserDir public_html
+ UserDir disabled root
- <Directory /home/*/public_html>
- AllowOverride FileInfo AuthConfig Limit Indexes Options
- Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
- <Limit GET POST OPTIONS>
- Order allow,deny
- Allow from all
- </Limit>
- <LimitExcept GET POST OPTIONS>
- Order deny,allow
- Deny from all
- </LimitExcept>
- </Directory>
+ <Directory /home/*/public_html>
+ AllowOverride FileInfo AuthConfig Limit Indexes Options
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ <Limit GET POST OPTIONS>
+ Require all granted
+ </Limit>
+ <LimitExcept GET POST OPTIONS>
+ Require all denied
+ </LimitExcept>
+ </Directory>
</IfModule>
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+++ /dev/null
-LoadModule version_module /usr/lib/apache2/modules/mod_version.so
--- /dev/null
+LoadModule xml2enc_module /usr/lib/apache2/modules/mod_xml2enc.so
--- /dev/null
+../mods-available/access_compat.load
\ No newline at end of file
+++ /dev/null
-/etc/apache2/mods-available/actions.load
\ No newline at end of file
--- /dev/null
+../mods-available/authn_core.load
\ No newline at end of file
--- /dev/null
+../mods-available/authz_core.load
\ No newline at end of file
+++ /dev/null
-../mods-available/authz_default.load
\ No newline at end of file
--- /dev/null
+../mods-available/filter.load
\ No newline at end of file
--- /dev/null
+../mods-available/mpm_prefork.conf
\ No newline at end of file
--- /dev/null
+../mods-available/mpm_prefork.load
\ No newline at end of file
--- /dev/null
+../mods-available/socache_shmcb.load
\ No newline at end of file
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
-NameVirtualHost *:80
Listen 80
-<IfModule mod_ssl.c>
- # SSL name based virtual hosts are not yet supported, therefore no
- # NameVirtualHost statement here
- # Alex: ... SNI supposedly works?
- NameVirtualHost *:443
+<IfModule ssl_module>
# olinda -- main IP
Listen 18.208.0.204:443
# acc-858-test -- 6.858 project
--- /dev/null
+<VirtualHost *:80>
+ Include sites-common/default
+</VirtualHost>
+++ /dev/null
-<VirtualHost *:80>
- Include sites-common/default
-</VirtualHost>
+++ /dev/null
-<IfModule mod_ssl.c>
-<VirtualHost *:443>
- Include sites-common/default
-
- # SSL Engine Switch:
- # Enable/Disable SSL for this virtual host.
- SSLEngine on
-
- # A self-signed (snakeoil) certificate can be created by installing
- # the ssl-cert package. See
- # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
- # If both key and certificate are stored in the same file, only the
- # SSLCertificateFile directive is needed.
- SSLCertificateFile /etc/ssl/certs/dehnerts-web.startssl.chain.crt
- SSLCertificateChainFile /etc/ssl/certs/dehnerts-web.startssl.chain.crt
- #SSLCertificateFile /etc/ssl/certs/general-web.crt
- SSLCertificateKeyFile /etc/ssl/private/general-web.key
-
- # Server Certificate Chain:
- # Point SSLCertificateChainFile at a file containing the
- # concatenation of PEM encoded CA certificates which form the
- # certificate chain for the server certificate. Alternatively
- # the referenced file can be the same as SSLCertificateFile
- # when the CA certificates are directly appended to the server
- # certificate for convinience.
- #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
-
- # Certificate Authority (CA):
- # Set the CA certificate verification path where to find CA
- # certificates for client authentication or alternatively one
- # huge file containing all of them (file must be PEM encoded)
- # Note: Inside SSLCACertificatePath you need hash symlinks
- # to point to the certificate files. Use the provided
- # Makefile to update the hash symlinks after changes.
- #SSLCACertificatePath /etc/ssl/certs/
- #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
-
- # Certificate Revocation Lists (CRL):
- # Set the CA revocation path where to find CA CRLs for client
- # authentication or alternatively one huge file containing all
- # of them (file must be PEM encoded)
- # Note: Inside SSLCARevocationPath you need hash symlinks
- # to point to the certificate files. Use the provided
- # Makefile to update the hash symlinks after changes.
- #SSLCARevocationPath /etc/apache2/ssl.crl/
- #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
-
- # Client Authentication (Type):
- # Client certificate verification type and depth. Types are
- # none, optional, require and optional_no_ca. Depth is a
- # number which specifies how deeply to verify the certificate
- # issuer chain before deciding the certificate is not valid.
- #SSLVerifyClient require
- #SSLVerifyDepth 10
-
- # Access Control:
- # With SSLRequire you can do per-directory access control based
- # on arbitrary complex boolean expressions containing server
- # variable checks and other lookup directives. The syntax is a
- # mixture between C and Perl. See the mod_ssl documentation
- # for more details.
- #<Location />
- #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
- # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
- # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
- # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
- # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
- # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
- #</Location>
-
- # SSL Engine Options:
- # Set various options for the SSL engine.
- # o FakeBasicAuth:
- # Translate the client X.509 into a Basic Authorisation. This means that
- # the standard Auth/DBMAuth methods can be used for access control. The
- # user name is the `one line' version of the client's X.509 certificate.
- # Note that no password is obtained from the user. Every entry in the user
- # file needs this password: `xxj31ZMTZzkVA'.
- # o ExportCertData:
- # This exports two additional environment variables: SSL_CLIENT_CERT and
- # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
- # server (always existing) and the client (only existing when client
- # authentication is used). This can be used to import the certificates
- # into CGI scripts.
- # o StdEnvVars:
- # This exports the standard SSL/TLS related `SSL_*' environment variables.
- # Per default this exportation is switched off for performance reasons,
- # because the extraction step is an expensive operation and is usually
- # useless for serving static content. So one usually enables the
- # exportation for CGI and SSI requests only.
- # o StrictRequire:
- # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
- # under a "Satisfy any" situation, i.e. when it applies access is denied
- # and no other module can change it.
- # o OptRenegotiate:
- # This enables optimized SSL connection renegotiation handling when SSL
- # directives are used in per-directory context.
- #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
- <FilesMatch "\.(cgi|shtml|phtml|php)$">
- SSLOptions +StdEnvVars
- </FilesMatch>
- <Directory /usr/lib/cgi-bin>
- SSLOptions +StdEnvVars
- </Directory>
-
- # SSL Protocol Adjustments:
- # The safe and default but still SSL/TLS standard compliant shutdown
- # approach is that mod_ssl sends the close notify alert but doesn't wait for
- # the close notify alert from client. When you need a different shutdown
- # approach you can use one of the following variables:
- # o ssl-unclean-shutdown:
- # This forces an unclean shutdown when the connection is closed, i.e. no
- # SSL close notify alert is send or allowed to received. This violates
- # the SSL/TLS standard but is needed for some brain-dead browsers. Use
- # this when you receive I/O errors because of the standard approach where
- # mod_ssl sends the close notify alert.
- # o ssl-accurate-shutdown:
- # This forces an accurate shutdown when the connection is closed, i.e. a
- # SSL close notify alert is send and mod_ssl waits for the close notify
- # alert of the client. This is 100% SSL/TLS standard compliant, but in
- # practice often causes hanging connections with brain-dead browsers. Use
- # this only for browsers where you know that their SSL implementation
- # works correctly.
- # Notice: Most problems of broken clients are also related to the HTTP
- # keep-alive facility, so you usually additionally want to disable
- # keep-alive for those clients, too. Use variable "nokeepalive" for this.
- # Similarly, one has to force some clients to use HTTP/1.0 to workaround
- # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
- # "force-response-1.0" for this.
- BrowserMatch "MSIE [2-6]" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
- # MSIE 7 and newer should be able to use keepalive
- BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
-
-</VirtualHost>
-</IfModule>
--- /dev/null
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+ Include sites-common/default
+
+ # SSL Engine Switch:
+ # Enable/Disable SSL for this virtual host.
+ SSLEngine on
+
+ # A self-signed (snakeoil) certificate can be created by installing
+ # the ssl-cert package. See
+ # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
+ # If both key and certificate are stored in the same file, only the
+ # SSLCertificateFile directive is needed.
+ SSLCertificateFile /etc/ssl/local-certs/dehnerts-web.chain.crt
+ SSLCertificateChainFile /etc/ssl/local-certs/dehnerts-web.chain.crt
+ #SSLCertificateFile /etc/ssl/certs/general-web.crt
+ SSLCertificateKeyFile /etc/ssl/private/general-web.key
+
+ # Server Certificate Chain:
+ # Point SSLCertificateChainFile at a file containing the
+ # concatenation of PEM encoded CA certificates which form the
+ # certificate chain for the server certificate. Alternatively
+ # the referenced file can be the same as SSLCertificateFile
+ # when the CA certificates are directly appended to the server
+ # certificate for convinience.
+ #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+ # Certificate Authority (CA):
+ # Set the CA certificate verification path where to find CA
+ # certificates for client authentication or alternatively one
+ # huge file containing all of them (file must be PEM encoded)
+ # Note: Inside SSLCACertificatePath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCACertificatePath /etc/ssl/certs/
+ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+ # Certificate Revocation Lists (CRL):
+ # Set the CA revocation path where to find CA CRLs for client
+ # authentication or alternatively one huge file containing all
+ # of them (file must be PEM encoded)
+ # Note: Inside SSLCARevocationPath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCARevocationPath /etc/apache2/ssl.crl/
+ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+ # Client Authentication (Type):
+ # Client certificate verification type and depth. Types are
+ # none, optional, require and optional_no_ca. Depth is a
+ # number which specifies how deeply to verify the certificate
+ # issuer chain before deciding the certificate is not valid.
+ #SSLVerifyClient require
+ #SSLVerifyDepth 10
+
+ # Access Control:
+ # With SSLRequire you can do per-directory access control based
+ # on arbitrary complex boolean expressions containing server
+ # variable checks and other lookup directives. The syntax is a
+ # mixture between C and Perl. See the mod_ssl documentation
+ # for more details.
+ #<Location />
+ #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+ #</Location>
+
+ # SSL Engine Options:
+ # Set various options for the SSL engine.
+ # o FakeBasicAuth:
+ # Translate the client X.509 into a Basic Authorisation. This means that
+ # the standard Auth/DBMAuth methods can be used for access control. The
+ # user name is the `one line' version of the client's X.509 certificate.
+ # Note that no password is obtained from the user. Every entry in the user
+ # file needs this password: `xxj31ZMTZzkVA'.
+ # o ExportCertData:
+ # This exports two additional environment variables: SSL_CLIENT_CERT and
+ # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+ # server (always existing) and the client (only existing when client
+ # authentication is used). This can be used to import the certificates
+ # into CGI scripts.
+ # o StdEnvVars:
+ # This exports the standard SSL/TLS related `SSL_*' environment variables.
+ # Per default this exportation is switched off for performance reasons,
+ # because the extraction step is an expensive operation and is usually
+ # useless for serving static content. So one usually enables the
+ # exportation for CGI and SSI requests only.
+ # o StrictRequire:
+ # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+ # under a "Satisfy any" situation, i.e. when it applies access is denied
+ # and no other module can change it.
+ # o OptRenegotiate:
+ # This enables optimized SSL connection renegotiation handling when SSL
+ # directives are used in per-directory context.
+ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+ <FilesMatch "\.(cgi|shtml|phtml|php)$">
+ SSLOptions +StdEnvVars
+ </FilesMatch>
+ <Directory /usr/lib/cgi-bin>
+ SSLOptions +StdEnvVars
+ </Directory>
+
+ # SSL Protocol Adjustments:
+ # The safe and default but still SSL/TLS standard compliant shutdown
+ # approach is that mod_ssl sends the close notify alert but doesn't wait for
+ # the close notify alert from client. When you need a different shutdown
+ # approach you can use one of the following variables:
+ # o ssl-unclean-shutdown:
+ # This forces an unclean shutdown when the connection is closed, i.e. no
+ # SSL close notify alert is send or allowed to received. This violates
+ # the SSL/TLS standard but is needed for some brain-dead browsers. Use
+ # this when you receive I/O errors because of the standard approach where
+ # mod_ssl sends the close notify alert.
+ # o ssl-accurate-shutdown:
+ # This forces an accurate shutdown when the connection is closed, i.e. a
+ # SSL close notify alert is send and mod_ssl waits for the close notify
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in
+ # practice often causes hanging connections with brain-dead browsers. Use
+ # this only for browsers where you know that their SSL implementation
+ # works correctly.
+ # Notice: Most problems of broken clients are also related to the HTTP
+ # keep-alive facility, so you usually additionally want to disable
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this.
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+ # "force-response-1.0" for this.
+ BrowserMatch "MSIE [2-6]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ # MSIE 7 and newer should be able to use keepalive
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+</VirtualHost>
+</IfModule>
+++ /dev/null
-../sites-available/default
\ No newline at end of file
+++ /dev/null
-../sites-available/default-ssl
\ No newline at end of file
--- /dev/null
+../sites-available/000-default.conf
\ No newline at end of file
--- /dev/null
+../sites-available/default-ssl.conf
\ No newline at end of file
projects / sysconfig / apache2.git / commitdiff