httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Peters <michael.pet...@lazarusalliance.com>
Subject RE: [users@httpd] One IP, Many Domains - One Headache
Date Fri, 02 May 2014 14:24:56 GMT
I assume this looks proper?

VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80                   is a NameVirtualHost
         default server policymachine.com (/etc/httpd/conf/httpd.conf:290)
         port 80 namevhost policymachine.com
(/etc/httpd/conf/httpd.conf:290)
         port 80 namevhost michaelpeters.org
(/etc/httpd/conf/httpd.conf:304)
         port 80 namevhost yourpersonalcxo.com
(/etc/httpd/conf/httpd.conf:316)
         port 80 namevhost securitytrifecta.com
(/etc/httpd/conf/httpd.conf:331)
*:443                  is a NameVirtualHost
         default server securitytrifecta.com (/etc/httpd/conf.d/ssl.conf:13)
         port 443 namevhost securitytrifecta.com
(/etc/httpd/conf.d/ssl.conf:13)
         port 443 namevhost michaelpeters.org
(/etc/httpd/conf.d/ssl.conf:92)
         port 443 namevhost yourpsersonalcxo.com
(/etc/httpd/conf.d/ssl.conf:109)
         port 443 namevhost policymachine.com
(/etc/httpd/conf.d/ssl.conf:129)
Syntax OK



-----Original Message-----
From: Yehuda Katz [mailto:yehuda@ymkatz.net]
Sent: Friday, May 2, 2014 7:11 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] One IP, Many Domains - One Headache

Run httpd -S to see all vhosts that apache is listening for and compare
that to what you expect to see.

- Y


On Fri, May 2, 2014 at 9:59 AM, Michael Peters
<michael.peters@lazarusalliance.com> wrote:
>
> This is the httpd.conf file now. Some things I’ve made progress on are:
>
>
>
> 1.       Michaelpeters.org works fine now (this is a wordpress site)
>
> 2.       Policy-Machine.com and Itsecuritypolicy.org work fine now (A
> combination wordpress and php site)
>
> 3.       Lazarusalliance.com, Fedramp.us, ssae-16.us and
> yourpersonalcxo.com are still broken. They all redirect to
> Policy-Machine.com. This is a regular php and html site.
>
> 4.       Securitytrifecta.com is still broken. It redirects to
> Policy-machine.com too. This is a regular php and html site.
>
>
>
> Is it possible that I need .htaccess files in each directory? If so, how
> should I write those?
>
>
>
> ++++++++++++++++++++
>
>
>
> ServerTokens OS
>
> ServerRoot "/etc/httpd"
>
> PidFile run/httpd.pid
>
> #
>
> Timeout 120
>
> KeepAlive Off
>
> MaxKeepAliveRequests 100
>
> KeepAliveTimeout 15
>
> #
>
> <IfModule itk.c>
>
> StartServers       8
>
> MinSpareServers    5
>
> MaxSpareServers   20
>
> ServerLimit      256
>
> MaxClients       256
>
> MaxRequestsPerChild  4000
>
> </IfModule>
>
> #
>
> <IfModule prefork.c>
>
> StartServers       8
>
> MinSpareServers    5
>
> MaxSpareServers   20
>
> ServerLimit      256
>
> MaxClients       256
>
> MaxRequestsPerChild  4000
>
> </IfModule>
>
> #
>
> <IfModule worker.c>
>
> StartServers         2
>
> MaxClients         150
>
> MinSpareThreads     25
>
> MaxSpareThreads     75
>
> ThreadsPerChild     25
>
> MaxRequestsPerChild  0
>
> </IfModule>
>
> #
>
> Listen 208.109.171.169:80
>
> #
>
> LoadModule auth_basic_module modules/mod_auth_basic.so
>
> LoadModule auth_digest_module modules/mod_auth_digest.so
>
> LoadModule authn_file_module modules/mod_authn_file.so
>
> LoadModule authn_alias_module modules/mod_authn_alias.so
>
> LoadModule authn_anon_module modules/mod_authn_anon.so
>
> LoadModule authn_dbm_module modules/mod_authn_dbm.so
>
> LoadModule authn_default_module modules/mod_authn_default.so
>
> LoadModule authz_host_module modules/mod_authz_host.so
>
> LoadModule authz_user_module modules/mod_authz_user.so
>
> LoadModule authz_owner_module modules/mod_authz_owner.so
>
> LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
>
> LoadModule authz_dbm_module modules/mod_authz_dbm.so
>
> LoadModule authz_default_module modules/mod_authz_default.so
>
> LoadModule ldap_module modules/mod_ldap.so
>
> LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
>
> LoadModule include_module modules/mod_include.so
>
> LoadModule log_config_module modules/mod_log_config.so
>
> LoadModule logio_module modules/mod_logio.so
>
> LoadModule env_module modules/mod_env.so
>
> LoadModule ext_filter_module modules/mod_ext_filter.so
>
> LoadModule mime_magic_module modules/mod_mime_magic.so
>
> LoadModule expires_module modules/mod_expires.so
>
> LoadModule deflate_module modules/mod_deflate.so
>
> LoadModule headers_module modules/mod_headers.so
>
> LoadModule usertrack_module modules/mod_usertrack.so
>
> LoadModule setenvif_module modules/mod_setenvif.so
>
> LoadModule mime_module modules/mod_mime.so
>
> LoadModule dav_module modules/mod_dav.so
>
> LoadModule status_module modules/mod_status.so
>
> LoadModule autoindex_module modules/mod_autoindex.so
>
> LoadModule info_module modules/mod_info.so
>
> LoadModule dav_fs_module modules/mod_dav_fs.so
>
> LoadModule vhost_alias_module modules/mod_vhost_alias.so
>
> LoadModule negotiation_module modules/mod_negotiation.so
>
> LoadModule dir_module modules/mod_dir.so
>
> LoadModule actions_module modules/mod_actions.so
>
> LoadModule speling_module modules/mod_speling.so
>
> LoadModule userdir_module modules/mod_userdir.so
>
> LoadModule alias_module modules/mod_alias.so
>
> LoadModule rewrite_module modules/mod_rewrite.so
>
> LoadModule proxy_module modules/mod_proxy.so
>
> LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
>
> LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
>
> LoadModule proxy_http_module modules/mod_proxy_http.so
>
> LoadModule proxy_connect_module modules/mod_proxy_connect.so
>
> LoadModule cache_module modules/mod_cache.so
>
> LoadModule suexec_module modules/mod_suexec.so
>
> LoadModule disk_cache_module modules/mod_disk_cache.so
>
> LoadModule file_cache_module modules/mod_file_cache.so
>
> LoadModule mem_cache_module modules/mod_mem_cache.so
>
> LoadModule cgi_module modules/mod_cgi.so
>
> #
>
> Include conf.d/*.conf
>
> #
>
> User apache
>
> Group apache
>
> #
>
> ServerAdmin webmaster@securitytrifecta.com
>
> ServerName 208.109.171.169:80
>
> UseCanonicalName Off
>
> DocumentRoot "/html"
>
> #
>
> <Directory />
>
>   Options FollowSymLinks
>
>   AllowOverride None
>
> </Directory>
>
> #
>
> <Directory "/html">
>
>   Options Indexes FollowSymLinks
>
>   AllowOverride All
>
>   Order allow,deny
>
>   Allow from all
>
> </Directory>
>
> #
>
> <IfModule mod_userdir.c>
>
>   UserDir disabled
>
> </IfModule>
>
> #
>
> DirectoryIndex index.html index.html.var index.php
>
> AccessFileName .htaccess
>
> #
>
> <Files ~ "^\.ht">
>
>   Order allow,deny
>
>   Deny from all
>
> </Files>
>
> #
>
> TypesConfig /etc/mime.types
>
> DefaultType text/plain
>
> #
>
> <IfModule mod_mime_magic.c>
>
>   MIMEMagicFile conf/magic
>
> </IfModule>
>
> #
>
> HostnameLookups Off
>
> #
>
> ErrorLog logs/error_log
>
> LogLevel warn
>
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
> combined
>
> LogFormat "%h %l %u %t \"%r\" %>s %b" common
>
> LogFormat "%{Referer}i -> %U" referer
>
> LogFormat "%{User-agent}i" agent
>
> CustomLog logs/access_log common
>
> CustomLog logs/access_log combined
>
> #
>
> ServerSignature On
>
> #
>
> Alias /icons/ "/www/icons/"
>
> #
>
> <Directory "/www/icons">
>
>   Options Indexes MultiViews FollowSymLinks
>
>   AllowOverride None
>
>   Order allow,deny
>
>   Allow from all
>
> </Directory>
>
> #
>
> <IfModule mod_dav_fs.c>
>
>   DAVLockDB /var/lib/dav/lockdb
>
> </IfModule>
>
> #
>
> ScriptAlias /cgi-bin/ "/www/cgi-bin/"
>
> #
>
> <Directory "/www/cgi-bin">
>
>   AllowOverride None
>
>   Options None
>
>   Order allow,deny
>
>   Allow from all
>
> </Directory>
>
> #
>
> IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
>
> AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
>
> AddIconByType (TXT,/icons/text.gif) text/*
>
> AddIconByType (IMG,/icons/image2.gif) image/*
>
> AddIconByType (SND,/icons/sound2.gif) audio/*
>
> AddIconByType (VID,/icons/movie.gif) video/*
>
> AddIcon /icons/binary.gif .bin .exe
>
> AddIcon /icons/binhex.gif .hqx
>
> AddIcon /icons/tar.gif .tar
>
> AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
>
> AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
>
> AddIcon /icons/a.gif .ps .ai .eps
>
> AddIcon /icons/layout.gif .html .shtml .htm .pdf
>
> AddIcon /icons/text.gif .txt
>
> AddIcon /icons/c.gif .c
>
> AddIcon /icons/p.gif .pl .py
>
> AddIcon /icons/f.gif .for
>
> AddIcon /icons/dvi.gif .dvi
>
> AddIcon /icons/uuencoded.gif .uu
>
> AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
>
> AddIcon /icons/tex.gif .tex
>
> AddIcon /icons/bomb.gif core
>
> AddIcon /icons/back.gif ..
>
> AddIcon /icons/hand.right.gif README
>
> AddIcon /icons/folder.gif ^^DIRECTORY^^
>
> AddIcon /icons/blank.gif ^^BLANKICON^^
>
> DefaultIcon /icons/unknown.gif
>
> #
>
> ReadmeName README.html
>
> HeaderName HEADER.html
>
> #
>
> IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
>
> #
>
> AddLanguage ca .ca
>
> AddLanguage cs .cz .cs
>
> AddLanguage da .dk
>
> AddLanguage de .de
>
> AddLanguage el .el
>
> AddLanguage en .en
>
> AddLanguage eo .eo
>
> AddLanguage es .es
>
> AddLanguage et .et
>
> AddLanguage fr .fr
>
> AddLanguage he .he
>
> AddLanguage hr .hr
>
> AddLanguage it .it
>
> AddLanguage ja .ja
>
> AddLanguage ko .ko
>
> AddLanguage ltz .ltz
>
> AddLanguage nl .nl
>
> AddLanguage nn .nn
>
> AddLanguage no .no
>
> AddLanguage pl .po
>
> AddLanguage pt .pt
>
> AddLanguage pt-BR .pt-br
>
> AddLanguage ru .ru
>
> AddLanguage sv .sv
>
> AddLanguage zh-CN .zh-cn
>
> AddLanguage zh-TW .zh-tw
>
> #
>
> LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no
> pl pt pt-BR ru sv zh-CN zh-TW
>
> ForceLanguagePriority Prefer Fallback
>
> AddDefaultCharset UTF-8
>
> #
>
> AddType application/x-compress .Z
>
> AddType application/x-gzip .gz .tgz
>
> AddType application/x-x509-ca-cert .crt
>
> AddType application/x-pkcs7-crl    .crl
>
> AddHandler type-map var
>
> AddType text/html .shtml
>
> AddOutputFilter INCLUDES .shtml
>
> #
>
> Alias /error/ "/www/error/"
>
> #
>
> <IfModule mod_negotiation.c>
>
> <IfModule mod_include.c>
>
> <Directory "/www/error">
>
>   AllowOverride None
>
>   Options IncludesNoExec
>
>   AddOutputFilter Includes html
>
>   AddHandler type-map var
>
>   Order allow,deny
>
>   Allow from all
>
>   LanguagePriority en es de fr
>
>   ForceLanguagePriority Prefer Fallback
>
> </Directory>
>
> #
>
> #ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
>
> #ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
>
> #ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
>
> #ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
>
> #ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
>
> #ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
>
> #ErrorDocument 410 /error/HTTP_GONE.html.var
>
> #ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
>
> #ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
>
> #ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
>
> #ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
>
> #ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
>
> #ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
>
> #ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
>
> #ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
>
> #ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
>
> #ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
>
> #
>
> </IfModule>
>
> </IfModule>
>
> #
>
> BrowserMatch "Mozilla/2" nokeepalive
>
> BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
>
> BrowserMatch "RealPlayer 4\.0" force-response-1.0
>
> BrowserMatch "Java/1\.0" force-response-1.0
>
> BrowserMatch "JDK/1\.0" force-response-1.0
>
> BrowserMatch "Microsoft Data Access Internet Publishing Provider"
> redirect-carefully
>
> BrowserMatch "MS FrontPage" redirect-carefully
>
> BrowserMatch "^WebDrive" redirect-carefully
>
> BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
>
> BrowserMatch "^gnome-vfs/1.0" redirect-carefully
>
> BrowserMatch "^XML Spy" redirect-carefully
>
> BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
>
> #
>
> NameVirtualHost *:80
>
> #
>
> <VirtualHost *:80>
>
> ServerName policy-machine.com
>
> ServerName itsecuritypolicy.org
>
> ServerName policymachine.com
>
> DocumentRoot "/html/itsecuritypolicy"
>
> ServerAdmin webmaster@policy-machine.com
>
> <Directory "/html/itsecuritypolicy">
>
>   Options Indexes FollowSymLinks
>
>   AllowOverride All
>
>   Order allow,deny
>
>   Allow from all
>
> </Directory>
>
> </VirtualHost>
>
> #
>
> <VirtualHost *:80>
>
> ServerName michaelpeters.org
>
> DocumentRoot "/html/michaelpeters"
>
> ServerAdmin webmaster@michaelpeters.org
>
> <Directory "/html/michaelpeters">
>
>   Options Indexes FollowSymLinks
>
>   AllowOverride All
>
>   Order allow,deny
>
>   Allow from all
>
> </Directory>
>
> </VirtualHost>
>
> #
>
> <VirtualHost *:80>
>
> ServerName lazarusalliance.com
>
> ServerName fedramp.us
>
> ServerName ssae-16.us
>
> ServerName yourpersonalcxo.com
>
> DocumentRoot "/html/lazarusalliance"
>
> ServerAdmin webmaster@lazarusalliance.com
>
> <Directory "/html/lazarusalliance">
>
>   Options Indexes FollowSymLinks
>
>   AllowOverride All
>
>   Order allow,deny
>
>   Allow from all
>
> </Directory>
>
> </VirtualHost>
>
> #
>
> <VirtualHost *:80>
>
> ServerName securitytrifecta.com
>
> DocumentRoot "/html"
>
> ServerAdmin webmaster@securitytrifecta.com
>
> <Directory "/html">
>
>   Options Indexes FollowSymLinks
>
>   AllowOverride All
>
>   Order allow,deny
>
>   Allow from all
>
> </Directory>
>
> <Directory "/html/menu">
>
>   Options Indexes FollowSymLinks
>
>   AllowOverride All
>
>   Order allow,deny
>
>   Allow from all
>
> </Directory>
>
> <Directory "/html/auditprotocol">
>
>   Options Indexes FollowSymLinks
>
>   AllowOverride All
>
>   Order allow,deny
>
>   Allow from all
>
>   SSLRenegBufferSize 26214400
>
>   LimitRequestBody 2044430000
>
> </Directory>
>
> <Directory "/html/skipfish">
>
>   Options Indexes FollowSymLinks
>
>   AllowOverride All
>
>   Order allow,deny
>
>   Allow from all
>
>   AuthType Basic
>
>   AuthName "Restricted Files"
>
>   AuthBasicProvider file
>
>   AuthUserFile /www/html/passwd/passwords
>
>   Require user mdpeters67
>
> </Directory>
>
> <Directory "/html/skipfish-2.10b">
>
>   Options Indexes FollowSymLinks
>
>   AllowOverride All
>
>   Order allow,deny
>
>   Allow from all
>
>   AuthType Basic
>
>   AuthName "Restricted Files"
>
>   AuthBasicProvider file
>
>   AuthUserFile /www/html/passwd/passwords
>
>   Require user mdpeters67
>
> </Directory>
>
> <Directory "/html/phpMyAdmin">
>
>   Options Indexes FollowSymLinks
>
>   AllowOverride All
>
>   Order allow,deny
>
>   Allow from all
>
>   AuthType Basic
>
>   AuthName "Restricted Files"
>
>   AuthBasicProvider file
>
>   AuthUserFile /www/html/passwd/passwords
>
>   Require user mdpeters67
>
> </Directory>
>
> <Directory "/html/phpMyAdmin-4.1.6-all-languages">
>
>   Options Indexes FollowSymLinks
>
>   AllowOverride All
>
>   Order allow,deny
>
>   Allow from all
>
>   AuthType Basic
>
>   AuthName "Restricted Files"
>
>   AuthBasicProvider file
>
>   AuthUserFile /www/html/passwd/passwords
>
>   Require user mdpeters67
>
> </Directory>
>
> <Directory "/html/munin">
>
>   Options Indexes FollowSymLinks
>
>   AllowOverride All
>
>   Order allow,deny
>
>   Allow from all
>
>   AuthType Basic
>
>   AuthName "Restricted Files"
>
>   AuthBasicProvider file
>
>   AuthUserFile /www/html/passwd/passwords
>
>   Require user mdpeters67
>
> </Directory>
>
> <Directory "/usr/lib/munin/cgi">
>
>   Options +ExecCGI
>
>   <IfModule mod_fcgid.c>
>
>   SetHandler fcgid-script
>
>   </IfModule>
>
>   <IfModule !mod_fcgid.c>
>
>   SetHandler cgi-script
>
>   </IfModule>
>
> </Directory>
>
> </VirtualHost>
>
> #
>
>
>
>
>
>
>
> From: John Hudak [mailto:jjhudak@gmail.com]
> Sent: Friday, May 2, 2014 6:44 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] One IP, Many Domains - One Headache
>
>
>
> I cant pick out any errors.  It does appear you are using name-based
> virtual hosting.  For testing you can put the domain names in your host
> table...maybe you did and forgot to remove them?
>
> Perhaps start with one site and get that reliably working, and then add a
> second site and get both reliabily working, then extend the Virtual Hosts
> section to accomodate the other sites.
>
>
>
> J
>
>
>
>
>
> On Fri, May 2, 2014 at 12:57 AM, Michael Peters
> <michael.peters@lazarusalliance.com> wrote:
>
> I have one IP and many domains. My problem is that when I request one
> site, a different one displays sometimes, sometimes not. Also, nearly all
> sub-pages do not display with 404 errors. I’ve tried so many httpd.conf
> and ssl.conf combinations, my head hurts. I’ve ready many examples and
> help files. I’ve looked at error logs and nothing makes sense to me.
>
>
>
> Would someone please help? It’s probably something simple but this has
> been a real bugger for me.
>
>
>
> Here is my current httpd.conf:
>
>
>
> ### Section 1: Global Environment
>
> #
>
> # The directives in this section affect the overall operation of Apache,
>
> # such as the number of concurrent requests it can handle or where it
>
> # can find its configuration files.
>
> #
>
>
>
> #
>
> # Don't give away too much information about all the subcomponents
>
> # we are running.  Comment out this line if you don't mind remote sites
>
> # finding out what major optional modules you are running
>
> ServerTokens OS
>
>
>
> #
>
> # ServerRoot: The top of the directory tree under which the server's
>
> # configuration, error, and log files are kept.
>
> #
>
> # NOTE!  If you intend to place this on an NFS (or otherwise network)
>
> # mounted filesystem then please read the LockFile documentation
>
> # (available at
> <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
>
> # you will save yourself a lot of trouble.
>
> #
>
> # Do NOT add a slash at the end of the directory path.
>
> #
>
> ServerRoot "/etc/httpd"
>
>
>
> #
>
> # PidFile: The file in which the server should record its process
>
> # identification number when it starts.
>
> #
>
> PidFile run/httpd.pid
>
>
>
> #
>
> # Timeout: The number of seconds before receives and sends time out.
>
> #
>
> Timeout 120
>
>
>
> #
>
> # KeepAlive: Whether or not to allow persistent connections (more than
>
> # one request per connection). Set to "Off" to deactivate.
>
> #
>
> KeepAlive Off
>
>
>
> #
>
> # MaxKeepAliveRequests: The maximum number of requests to allow
>
> # during a persistent connection. Set to 0 to allow an unlimited amount.
>
> # We recommend you leave this number high, for maximum performance.
>
> #
>
> MaxKeepAliveRequests 100
>
>
>
> #
>
> # KeepAliveTimeout: Number of seconds to wait for the next request from
> the
>
> # same client on the same connection.
>
> #
>
> KeepAliveTimeout 15
>
>
>
> ##
>
> ## Server-Pool Size Regulation (MPM specific)
>
> ##
>
>
>
> # prefork ITK
>
>
>
> # AssignUserID: Takes two parameters, uid and gid (or really, user name
> and
>
> #  group name); specifies what uid and gid the vhost will run as
>
> #  (after parsing the request etc., of course). Note that if you do not
> assign
>
> #  a user ID, the default one from Apache will be used.
>
>
>
> # MaxClientsVHost: A separate MaxClients for the vhost. This can be useful
> if,
>
> #  say, half of your vhosts depend on some NFS server (like on our setup);
>
> #  if the NFS server goes down, you do not want the children waiting
> forever
>
> #  on NFS to take the non-NFS-dependent hosts down. This can thus act as a
>
> #  safety measure, giving "server too busy" on the NFS-dependent vhosts
>
> #  while keeping the other ones happily running. (Of course, you could use
>
> #  it to simply keep one site from eating way too much resources, but
> there
>
> #  are probably better ways of doing that.)
>
>
>
> # NiceValue: Lets you nice some requests down, to give them less CPU time.
>
>
>
> <IfModule itk.c>
>
> StartServers       8
>
> MinSpareServers    5
>
> MaxSpareServers   20
>
> ServerLimit      256
>
> MaxClients       256
>
> MaxRequestsPerChild  4000
>
> </IfModule>
>
>
>
> # prefork MPM
>
> # StartServers: number of server processes to start
>
> # MinSpareServers: minimum number of server processes which are kept spare
>
> # MaxSpareServers: maximum number of server processes which are kept spare
>
> # ServerLimit: maximum value for MaxClients for the lifetime of the server
>
> # MaxClients: maximum number of server processes allowed to start
>
> # MaxRequestsPerChild: maximum number of requests a server process serves
>
> <IfModule prefork.c>
>
> StartServers       8
>
> MinSpareServers    5
>
> MaxSpareServers   20
>
> ServerLimit      256
>
> MaxClients       256
>
> MaxRequestsPerChild  4000
>
> </IfModule>
>
>
>
> # worker MPM
>
> # StartServers: initial number of server processes to start
>
> # MaxClients: maximum number of simultaneous client connections
>
> # MinSpareThreads: minimum number of worker threads which are kept spare
>
> # MaxSpareThreads: maximum number of worker threads which are kept spare
>
> # ThreadsPerChild: constant number of worker threads in each server
> process
>
> # MaxRequestsPerChild: maximum number of requests a server process serves
>
> <IfModule worker.c>
>
> StartServers         2
>
> MaxClients         150
>
> MinSpareThreads     25
>
> MaxSpareThreads     75
>
> ThreadsPerChild     25
>
> MaxRequestsPerChild  0
>
> </IfModule>
>
>
>
> #
>
> # Listen: Allows you to bind Apache to specific IP addresses and/or
>
> # ports, in addition to the default. See also the <VirtualHost>
>
> # directive.
>
> #
>
> # Change this to Listen on specific IP addresses as shown below to
>
> # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
>
> #
>
> #Listen 12.34.56.78:80
>
> Listen 208.109.171.169:80
>
>
>
> #
>
> # Dynamic Shared Object (DSO) Support
>
> #
>
> # To be able to use the functionality of a module which was built as a DSO
> you
>
> # have to place corresponding `LoadModule' lines at this location so the
>
> # directives contained in it are actually available _before_ they are
> used.
>
> # Statically compiled modules (those listed by `httpd -l') do not need
>
> # to be loaded here.
>
> #
>
> # Example:
>
> # LoadModule foo_module modules/mod_foo.so
>
> #
>
> LoadModule auth_basic_module modules/mod_auth_basic.so
>
> LoadModule auth_digest_module modules/mod_auth_digest.so
>
> LoadModule authn_file_module modules/mod_authn_file.so
>
> LoadModule authn_alias_module modules/mod_authn_alias.so
>
> LoadModule authn_anon_module modules/mod_authn_anon.so
>
> LoadModule authn_dbm_module modules/mod_authn_dbm.so
>
> LoadModule authn_default_module modules/mod_authn_default.so
>
> LoadModule authz_host_module modules/mod_authz_host.so
>
> LoadModule authz_user_module modules/mod_authz_user.so
>
> LoadModule authz_owner_module modules/mod_authz_owner.so
>
> LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
>
> LoadModule authz_dbm_module modules/mod_authz_dbm.so
>
> LoadModule authz_default_module modules/mod_authz_default.so
>
> LoadModule ldap_module modules/mod_ldap.so
>
> LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
>
> LoadModule include_module modules/mod_include.so
>
> LoadModule log_config_module modules/mod_log_config.so
>
> LoadModule logio_module modules/mod_logio.so
>
> LoadModule env_module modules/mod_env.so
>
> LoadModule ext_filter_module modules/mod_ext_filter.so
>
> LoadModule mime_magic_module modules/mod_mime_magic.so
>
> LoadModule expires_module modules/mod_expires.so
>
> LoadModule deflate_module modules/mod_deflate.so
>
> LoadModule headers_module modules/mod_headers.so
>
> LoadModule usertrack_module modules/mod_usertrack.so
>
> LoadModule setenvif_module modules/mod_setenvif.so
>
> LoadModule mime_module modules/mod_mime.so
>
> LoadModule dav_module modules/mod_dav.so
>
> LoadModule status_module modules/mod_status.so
>
> LoadModule autoindex_module modules/mod_autoindex.so
>
> LoadModule info_module modules/mod_info.so
>
> LoadModule dav_fs_module modules/mod_dav_fs.so
>
> LoadModule vhost_alias_module modules/mod_vhost_alias.so
>
> LoadModule negotiation_module modules/mod_negotiation.so
>
> LoadModule dir_module modules/mod_dir.so
>
> LoadModule actions_module modules/mod_actions.so
>
> LoadModule speling_module modules/mod_speling.so
>
> LoadModule userdir_module modules/mod_userdir.so
>
> LoadModule alias_module modules/mod_alias.so
>
> LoadModule rewrite_module modules/mod_rewrite.so
>
> LoadModule proxy_module modules/mod_proxy.so
>
> LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
>
> LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
>
> LoadModule proxy_http_module modules/mod_proxy_http.so
>
> LoadModule proxy_connect_module modules/mod_proxy_connect.so
>
> LoadModule cache_module modules/mod_cache.so
>
> LoadModule suexec_module modules/mod_suexec.so
>
> LoadModule disk_cache_module modules/mod_disk_cache.so
>
> LoadModule file_cache_module modules/mod_file_cache.so
>
> LoadModule mem_cache_module modules/mod_mem_cache.so
>
> LoadModule cgi_module modules/mod_cgi.so
>
>
>
> #
>
> # The following modules are not loaded by default:
>
> #
>
> #LoadModule cern_meta_module modules/mod_cern_meta.so
>
> #LoadModule asis_module modules/mod_asis.so
>
>
>
> #
>
> # Load config files from the config directory "/etc/httpd/conf.d".
>
> #
>
> Include conf.d/*.conf
>
>
>
> #
>
> # ExtendedStatus controls whether Apache will generate "full" status
>
> # information (ExtendedStatus On) or just basic information
> (ExtendedStatus
>
> # Off) when the "server-status" handler is called. The default is Off.
>
> #
>
> #ExtendedStatus On
>
>
>
> #
>
> # If you wish httpd to run as a different user or group, you must run
>
> # httpd as root initially and it will switch.
>
> #
>
> # User/Group: The name (or #number) of the user/group to run httpd as.
>
> #  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
>
> #  . On HPUX you may not be able to use shared memory as nobody, and the
>
> #    suggested workaround is to create a user www and use that user.
>
> #  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
>
> #  when the value of (unsigned)Group is above 60000;
>
> #  don't use Group #-1 on these systems!
>
> #
>
> User apache
>
> Group apache
>
>
>
> ### Section 2: 'Main' server configuration
>
> #
>
> # The directives in this section set up the values used by the 'main'
>
> # server, which responds to any requests that aren't handled by a
>
> # <VirtualHost> definition.  These values also provide defaults for
>
> # any <VirtualHost> containers you may define later in the file.
>
> #
>
> # All of these directives may appear inside <VirtualHost> containers,
>
> # in which case these default settings will be overridden for the
>
> # virtual host being defined.
>
> #
>
>
>
> #
>
> # ServerAdmin: Your address, where problems with the server should be
>
> # e-mailed.  This address appears on some server-generated pages, such
>
> # as error documents.  e.g. admin@your-domain.com
>
> #
>
> ServerAdmin webmaster@securitytrifecta.com
>
>
>
> #
>
> # ServerName gives the name and port that the server uses to identify
> itself.
>
> # This can often be determined automatically, but we recommend you specify
>
> # it explicitly to prevent problems during startup.
>
> #
>
> # If this is not set to valid DNS name for your host, server-generated
>
> # redirections will not work.  See also the UseCanonicalName directive.
>
> #
>
> # If your host doesn't have a registered DNS name, enter its IP address
> here.
>
> # You will have to access it by its address anyway, and this will make
>
> # redirections work in a sensible way.
>
> #
>
> ServerName 208.109.171.169:80
>
>
>
> #
>
> # UseCanonicalName: Determines how Apache constructs self-referencing
>
> # URLs and the SERVER_NAME and SERVER_PORT variables.
>
> # When set "Off", Apache will use the Hostname and Port supplied
>
> # by the client.  When set "On", Apache will use the value of the
>
> # ServerName directive.
>
> #
>
> UseCanonicalName Off
>
>
>
> #
>
> # DocumentRoot: The directory out of which you will serve your
>
> # documents. By default, all requests are taken from this directory, but
>
> # symbolic links and aliases may be used to point to other locations.
>
> #
>
> DocumentRoot "/html"
>
>
>
> #
>
> # Each directory to which Apache has access can be configured with respect
>
> # to which services and features are allowed and/or disabled in that
>
> # directory (and its subdirectories).
>
> #
>
> # First, we configure the "default" to be a very restrictive set of
>
> # features.
>
> #
>
> <Directory />
>
>     Options FollowSymLinks
>
>     AllowOverride None
>
> </Directory>
>
>
>
> #
>
> # Note that from this point forward you must specifically allow
>
> # particular features to be enabled - so if something's not working as
>
> # you might expect, make sure that you have specifically enabled it
>
> # below.
>
> #
>
>
>
> #
>
> # This should be changed to whatever you set DocumentRoot to.
>
> #
>
> <Directory "/html">
>
>
>
> #
>
> # Possible values for the Options directive are "None", "All",
>
> # or any combination of:
>
> #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI
> MultiViews
>
> #
>
> # Note that "MultiViews" must be named *explicitly* --- "Options All"
>
> # doesn't give it to you.
>
> #
>
> # The Options directive is both complicated and important.  Please see
>
> # http://httpd.apache.org/docs/2.2/mod/core.html#options
>
> # for more information.
>
> #
>
>     Options Indexes FollowSymLinks
>
>
>
> #
>
> # AllowOverride controls what directives may be placed in .htaccess files.
>
> # It can be "All", "None", or any combination of the keywords:
>
> #   Options FileInfo AuthConfig Limit
>
> #
>
>     AllowOverride None
>
>
>
> #
>
> # Controls who can get stuff from this server.
>
> #
>
>     Order allow,deny
>
>     Allow from all
>
>
>
> </Directory>
>
>
>
> #
>
> # UserDir: The name of the directory that is appended onto a user's home
>
> # directory if a ~user request is received.
>
> #
>
> # The path to the end user account 'public_html' directory must be
>
> # accessible to the webserver userid.  This usually means that ~userid
>
> # must have permissions of 711, ~userid/public_html must have permissions
>
> # of 755, and documents contained therein must be world-readable.
>
> # Otherwise, the client will only receive a "403 Forbidden" message.
>
> #
>
> # See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
>
> #
>
> <IfModule mod_userdir.c>
>
>     #
>
>     # UserDir is disabled by default since it can confirm the presence
>
>     # of a username on the system (depending on home directory
>
>     # permissions).
>
>     #
>
>     UserDir disabled
>
>
>
>     #
>
>     # To enable requests to /~user/ to serve the user's public_html
>
>     # directory, remove the "UserDir disabled" line above, and uncomment
>
>     # the following line instead:
>
>     #
>
>     #UserDir public_html
>
>
>
> </IfModule>
>
>
>
> #
>
> # Control access to UserDir directories.  The following is an example
>
> # for a site where these directories are restricted to read-only.
>
> #
>
> #<Directory /home/*/public_html>
>
> #    AllowOverride FileInfo AuthConfig Limit
>
> #    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
>
> #    <Limit GET POST OPTIONS>
>
> #        Order allow,deny
>
> #        Allow from all
>
> #    </Limit>
>
> #    <LimitExcept GET POST OPTIONS>
>
> #        Order deny,allow
>
> #        Deny from all
>
> #    </LimitExcept>
>
> #</Directory>
>
>
>
> #
>
> # DirectoryIndex: sets the file that Apache will serve if a directory
>
> # is requested.
>
> #
>
> # The index.html.var file (a type-map) is used to deliver content-
>
> # negotiated documents.  The MultiViews Option can be used for the
>
> # same purpose, but it is much slower.
>
> #
>
> DirectoryIndex index.html index.html.var index.php
>
>
>
> #
>
> # AccessFileName: The name of the file to look for in each directory
>
> # for additional configuration directives.  See also the AllowOverride
>
> # directive.
>
> #
>
> AccessFileName .htaccess
>
>
>
> #
>
> # The following lines prevent .htaccess and .htpasswd files from being
>
> # viewed by Web clients.
>
> #
>
> <Files ~ "^\.ht">
>
>     Order allow,deny
>
>     Deny from all
>
> </Files>
>
>
>
> #
>
> # TypesConfig describes where the mime.types file (or equivalent) is
>
> # to be found.
>
> #
>
> TypesConfig /etc/mime.types
>
>
>
> #
>
> # DefaultType is the default MIME type the server will use for a document
>
> # if it cannot otherwise determine one, such as from filename extensions.
>
> # If your server contains mostly text or HTML documents, "text/plain" is
>
> # a good value.  If most of your content is binary, such as applications
>
> # or images, you may want to use "application/octet-stream" instead to
>
> # keep browsers from trying to display binary files as though they are
>
> # text.
>
> #
>
> DefaultType text/plain
>
>
>
> #
>
> # The mod_mime_magic module allows the server to use various hints from
> the
>
> # contents of the file itself to determine its type.  The MIMEMagicFile
>
> # directive tells the module where the hint definitions are located.
>
> #
>
> <IfModule mod_mime_magic.c>
>
> #   MIMEMagicFile /usr/share/magic.mime
>
>     MIMEMagicFile conf/magic
>
> </IfModule>
>
>
>
> #
>
> # HostnameLookups: Log the names of clients or just their IP addresses
>
> # e.g., www.apache.org (on) or 204.62.129.132 (off).
>
> # The default is off because it'd be overall better for the net if people
>
> # had to knowingly turn this feature on, since enabling it means that
>
> # each client request will result in AT LEAST one lookup request to the
>
> # nameserver.
>
> #
>
> HostnameLookups Off
>
>
>
> #
>
> # EnableMMAP: Control whether memory-mapping is used to deliver
>
> # files (assuming that the underlying OS supports it).
>
> # The default is on; turn this off if you serve from NFS-mounted
>
> # filesystems.  On some systems, turning it off (regardless of
>
> # filesystem) can improve performance; for details, please see
>
> # http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap
>
> #
>
> #EnableMMAP off
>
>
>
> #
>
> # EnableSendfile: Control whether the sendfile kernel support is
>
> # used to deliver files (assuming that the OS supports it).
>
> # The default is on; turn this off if you serve from NFS-mounted
>
> # filesystems.  Please see
>
> # http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
>
> #
>
> #EnableSendfile off
>
>
>
> #
>
> # ErrorLog: The location of the error log file.
>
> # If you do not specify an ErrorLog directive within a <VirtualHost>
>
> # container, error messages relating to that virtual host will be
>
> # logged here.  If you *do* define an error logfile for a <VirtualHost>
>
> # container, that host's errors will be logged there and not here.
>
> #
>
> ErrorLog logs/error_log
>
>
>
> #
>
> # LogLevel: Control the number of messages logged to the error_log.
>
> # Possible values include: debug, info, notice, warn, error, crit,
>
> # alert, emerg.
>
> #
>
> LogLevel warn
>
>
>
> #
>
> # The following directives define some format nicknames for use with
>
> # a CustomLog directive (see below).
>
> #
>
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
> combined
>
> LogFormat "%h %l %u %t \"%r\" %>s %b" common
>
> LogFormat "%{Referer}i -> %U" referer
>
> LogFormat "%{User-agent}i" agent
>
>
>
> # "combinedio" includes actual counts of actual bytes received (%I) and
> sent (%O); this
>
> # requires the mod_logio module to be loaded.
>
> #LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
> %I %O" combinedio
>
>
>
> #
>
> # The location and format of the access logfile (Common Logfile Format).
>
> # If you do not define any access logfiles within a <VirtualHost>
>
> # container, they will be logged here.  Contrariwise, if you *do*
>
> # define per-<VirtualHost> access logfiles, transactions will be
>
> # logged therein and *not* in this file.
>
> #
>
> CustomLog logs/access_log common
>
>
>
> #
>
> # If you would like to have separate agent and referer logfiles, uncomment
>
> # the following directives.
>
> #
>
> #CustomLog logs/referer_log referer
>
> #CustomLog logs/agent_log agent
>
>
>
> #
>
> # For a single logfile with access, agent, and referer information
>
> # (Combined Logfile Format), use the following directive:
>
> #
>
> CustomLog logs/access_log combined
>
>
>
> #
>
> # Optionally add a line containing the server version and virtual host
>
> # name to server-generated pages (internal error documents, FTP directory
>
> # listings, mod_status and mod_info output etc., but not CGI generated
>
> # documents or custom error documents).
>
> # Set to "EMail" to also include a mailto: link to the ServerAdmin.
>
> # Set to one of:  On | Off | EMail
>
> #
>
> ServerSignature On
>
>
>
> #
>
> # Aliases: Add here as many aliases as you need (with no limit). The
> format is
>
> # Alias fakename realname
>
> #
>
> # Note that if you include a trailing / on fakename then the server will
>
> # require it to be present in the URL.  So "/icons" isn't aliased in this
>
> # example, only "/icons/".  If the fakename is slash-terminated, then the
>
> # realname must also be slash terminated, and if the fakename omits the
>
> # trailing slash, the realname must also omit it.
>
> #
>
> # We include the /icons/ alias for FancyIndexed directory listings.  If
> you
>
> # do not use FancyIndexing, you may comment this out.
>
> #
>
> Alias /icons/ "/www/icons/"
>
>
>
> <Directory "/www/icons">
>
>     Options Indexes MultiViews FollowSymLinks
>
>     AllowOverride None
>
>     Order allow,deny
>
>     Allow from all
>
> </Directory>
>
>
>
> #
>
> # WebDAV module configuration section.
>
> #
>
> <IfModule mod_dav_fs.c>
>
>     # Location of the WebDAV lock database.
>
>     DAVLockDB /var/lib/dav/lockdb
>
> </IfModule>
>
>
>
> #
>
> # ScriptAlias: This controls which directories contain server scripts.
>
> # ScriptAliases are essentially the same as Aliases, except that
>
> # documents in the realname directory are treated as applications and
>
> # run by the server when requested rather than as documents sent to the
> client.
>
> # The same rules about trailing "/" apply to ScriptAlias directives as to
>
> # Alias.
>
> #
>
> ScriptAlias /cgi-bin/ "/www/cgi-bin/"
>
>
>
> #
>
> # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
>
> # CGI directory exists, if you have that configured.
>
> #
>
> <Directory "/www/cgi-bin">
>
>     AllowOverride None
>
>     Options None
>
>     Order allow,deny
>
>     Allow from all
>
> </Directory>
>
>
>
> #
>
> # Redirect allows you to tell clients about documents which used to exist
> in
>
> # your server's namespace, but do not anymore. This allows you to tell the
>
> # clients where to look for the relocated document.
>
> # Example:
>
> # Redirect permanent /foo http://www.example.com/bar
>
>
>
> #
>
> # Directives controlling the display of server-generated directory
> listings.
>
> #
>
>
>
> #
>
> # IndexOptions: Controls the appearance of server-generated directory
>
> # listings.
>
> #
>
> IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
>
>
>
> #
>
> # AddIcon* directives tell the server which icon to show for different
>
> # files or filename extensions.  These are only displayed for
>
> # FancyIndexed directories.
>
> #
>
> AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
>
>
>
> AddIconByType (TXT,/icons/text.gif) text/*
>
> AddIconByType (IMG,/icons/image2.gif) image/*
>
> AddIconByType (SND,/icons/sound2.gif) audio/*
>
> AddIconByType (VID,/icons/movie.gif) video/*
>
>
>
> AddIcon /icons/binary.gif .bin .exe
>
> AddIcon /icons/binhex.gif .hqx
>
> AddIcon /icons/tar.gif .tar
>
> AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
>
> AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
>
> AddIcon /icons/a.gif .ps .ai .eps
>
> AddIcon /icons/layout.gif .html .shtml .htm .pdf
>
> AddIcon /icons/text.gif .txt
>
> AddIcon /icons/c.gif .c
>
> AddIcon /icons/p.gif .pl .py
>
> AddIcon /icons/f.gif .for
>
> AddIcon /icons/dvi.gif .dvi
>
> AddIcon /icons/uuencoded.gif .uu
>
> AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
>
> AddIcon /icons/tex.gif .tex
>
> AddIcon /icons/bomb.gif core
>
>
>
> AddIcon /icons/back.gif ..
>
> AddIcon /icons/hand.right.gif README
>
> AddIcon /icons/folder.gif ^^DIRECTORY^^
>
> AddIcon /icons/blank.gif ^^BLANKICON^^
>
>
>
> #
>
> # DefaultIcon is which icon to show for files which do not have an icon
>
> # explicitly set.
>
> #
>
> DefaultIcon /icons/unknown.gif
>
>
>
> #
>
> # AddDescription allows you to place a short description after a file in
>
> # server-generated indexes.  These are only displayed for FancyIndexed
>
> # directories.
>
> # Format: AddDescription "description" filename
>
> #
>
> #AddDescription "GZIP compressed document" .gz
>
> #AddDescription "tar archive" .tar
>
> #AddDescription "GZIP compressed tar archive" .tgz
>
>
>
> #
>
> # ReadmeName is the name of the README file the server will look for by
>
> # default, and append to directory listings.
>
> #
>
> # HeaderName is the name of a file which should be prepended to
>
> # directory indexes.
>
> ReadmeName README.html
>
> HeaderName HEADER.html
>
>
>
> #
>
> # IndexIgnore is a set of filenames which directory indexing should ignore
>
> # and not include in the listing.  Shell-style wildcarding is permitted.
>
> #
>
> IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
>
>
>
> #
>
> # DefaultLanguage and AddLanguage allows you to specify the language of
>
> # a document. You can then use content negotiation to give a browser a
>
> # file in a language the user can understand.
>
> #
>
> # Specify a default language. This means that all data
>
> # going out without a specific language tag (see below) will
>
> # be marked with this one. You probably do NOT want to set
>
> # this unless you are sure it is correct for all cases.
>
> #
>
> # * It is generally better to not mark a page as
>
> # * being a certain language than marking it with the wrong
>
> # * language!
>
> #
>
> # DefaultLanguage nl
>
> #
>
> # Note 1: The suffix does not have to be the same as the language
>
> # keyword --- those with documents in Polish (whose net-standard
>
> # language code is pl) may wish to use "AddLanguage pl .po" to
>
> # avoid the ambiguity with the common suffix for perl scripts.
>
> #
>
> # Note 2: The example entries below illustrate that in some cases
>
> # the two character 'Language' abbreviation is not identical to
>
> # the two character 'Country' code for its country,
>
> # E.g. 'Danmark/dk' versus 'Danish/da'.
>
> #
>
> # Note 3: In the case of 'ltz' we violate the RFC by using a three char
>
> # specifier. There is 'work in progress' to fix this and get
>
> # the reference data for rfc1766 cleaned up.
>
> #
>
> # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
>
> # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German
> (de)
>
> # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
>
> # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
>
> # Norwegian (no) - Polish (pl) - Portugese (pt)
>
> # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
>
> # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
>
> #
>
> AddLanguage ca .ca
>
> AddLanguage cs .cz .cs
>
> AddLanguage da .dk
>
> AddLanguage de .de
>
> AddLanguage el .el
>
> AddLanguage en .en
>
> AddLanguage eo .eo
>
> AddLanguage es .es
>
> AddLanguage et .et
>
> AddLanguage fr .fr
>
> AddLanguage he .he
>
> AddLanguage hr .hr
>
> AddLanguage it .it
>
> AddLanguage ja .ja
>
> AddLanguage ko .ko
>
> AddLanguage ltz .ltz
>
> AddLanguage nl .nl
>
> AddLanguage nn .nn
>
> AddLanguage no .no
>
> AddLanguage pl .po
>
> AddLanguage pt .pt
>
> AddLanguage pt-BR .pt-br
>
> AddLanguage ru .ru
>
> AddLanguage sv .sv
>
> AddLanguage zh-CN .zh-cn
>
> AddLanguage zh-TW .zh-tw
>
>
>
> #
>
> # LanguagePriority allows you to give precedence to some languages
>
> # in case of a tie during content negotiation.
>
> #
>
> # Just list the languages in decreasing order of preference. We have
>
> # more or less alphabetized them here. You probably want to change this.
>
> #
>
> LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no
> pl pt pt-BR ru sv zh-CN zh-TW
>
>
>
> #
>
> # ForceLanguagePriority allows you to serve a result page rather than
>
> # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE
> (Fallback)
>
> # [in case no accepted languages matched the available variants]
>
> #
>
> ForceLanguagePriority Prefer Fallback
>
>
>
> #
>
> # Specify a default charset for all content served; this enables
>
> # interpretation of all content as UTF-8 by default.  To use the
>
> # default browser choice (ISO-8859-1), or to allow the META tags
>
> # in HTML content to override this choice, comment out this
>
> # directive:
>
> #
>
> AddDefaultCharset UTF-8
>
>
>
> #
>
> # AddType allows you to add to or override the MIME configuration
>
> # file mime.types for specific file types.
>
> #
>
> #AddType application/x-tar .tgz
>
>
>
> #
>
> # AddEncoding allows you to have certain browsers uncompress
>
> # information on the fly. Note: Not all browsers support this.
>
> # Despite the name similarity, the following Add* directives have nothing
>
> # to do with the FancyIndexing customization directives above.
>
> #
>
> #AddEncoding x-compress .Z
>
> #AddEncoding x-gzip .gz .tgz
>
>
>
> # If the AddEncoding directives above are commented-out, then you
>
> # probably should define those extensions to indicate media types:
>
> #
>
> AddType application/x-compress .Z
>
> AddType application/x-gzip .gz .tgz
>
>
>
> #
>
> #   MIME-types for downloading Certificates and CRLs
>
> #
>
> AddType application/x-x509-ca-cert .crt
>
> AddType application/x-pkcs7-crl    .crl
>
>
>
> #
>
> # AddHandler allows you to map certain file extensions to "handlers":
>
> # actions unrelated to filetype. These can be either built into the server
>
> # or added with the Action directive (see below)
>
> #
>
> # To use CGI scripts outside of ScriptAliased directories:
>
> # (You will also need to add "ExecCGI" to the "Options" directive.)
>
> #
>
> #AddHandler cgi-script .cgi
>
>
>
> #
>
> # For files that include their own HTTP headers:
>
> #
>
> #AddHandler send-as-is asis
>
>
>
> #
>
> # For type maps (negotiated resources):
>
> # (This is enabled by default to allow the Apache "It Worked" page
>
> #  to be distributed in multiple languages.)
>
> #
>
> AddHandler type-map var
>
>
>
> #
>
> # Filters allow you to process content before it is sent to the client.
>
> #
>
> # To parse .shtml files for server-side includes (SSI):
>
> # (You will also need to add "Includes" to the "Options" directive.)
>
> #
>
> AddType text/html .shtml
>
> AddOutputFilter INCLUDES .shtml
>
>
>
> #
>
> # Action lets you define media types that will execute a script whenever
>
> # a matching file is called. This eliminates the need for repeated URL
>
> # pathnames for oft-used CGI file processors.
>
> # Format: Action media/type /cgi-script/location
>
> # Format: Action handler-name /cgi-script/location
>
> #
>
>
>
> #
>
> # Customizable error responses come in three flavors:
>
> # 1) plain text 2) local redirects 3) external redirects
>
> #
>
> # Some examples:
>
> #ErrorDocument 500 "The server made a boo boo."
>
> #ErrorDocument 404 /missing.html
>
> #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
>
> #ErrorDocument 402 http://www.example.com/subscription_info.html
>
> #
>
>
>
> #
>
> # Putting this all together, we can internationalize error responses.
>
> #
>
> # We use Alias to redirect any /error/HTTP_<error>.html.var response to
>
> # our collection of by-error message multi-language collections.  We use
>
> # includes to substitute the appropriate text.
>
> #
>
> # You can modify the messages' appearance without changing any of the
>
> # default HTTP_<error>.html.var files by adding the line:
>
> #
>
> #   Alias /error/include/ "/your/include/path/"
>
> #
>
> # which allows you to create your own set of files by starting with the
>
> # /var/www/error/include/ files and
>
> # copying them to /your/include/path/, even on a per-VirtualHost basis.
>
> #
>
>
>
> Alias /error/ "/www/error/"
>
>
>
> <IfModule mod_negotiation.c>
>
> <IfModule mod_include.c>
>
>     <Directory "/www/error">
>
>         AllowOverride None
>
>         Options IncludesNoExec
>
>         AddOutputFilter Includes html
>
>         AddHandler type-map var
>
>         Order allow,deny
>
>         Allow from all
>
>         LanguagePriority en es de fr
>
>         ForceLanguagePriority Prefer Fallback
>
>     </Directory>
>
>
>
> #    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
>
> #    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
>
> #    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
>
> #    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
>
> #    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
>
> #    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
>
> #    ErrorDocument 410 /error/HTTP_GONE.html.var
>
> #    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
>
> #    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
>
> #    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
>
> #    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
>
> #    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
>
> #    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
>
> #    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
>
> #    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
>
> #    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
>
> #    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
>
>
>
> </IfModule>
>
> </IfModule>
>
>
>
> #
>
> # The following directives modify normal HTTP response behavior to
>
> # handle known problems with browser implementations.
>
> #
>
> BrowserMatch "Mozilla/2" nokeepalive
>
> BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
>
> BrowserMatch "RealPlayer 4\.0" force-response-1.0
>
> BrowserMatch "Java/1\.0" force-response-1.0
>
> BrowserMatch "JDK/1\.0" force-response-1.0
>
>
>
> #
>
> # The following directive disables redirects on non-GET requests for
>
> # a directory that does not include the trailing slash.  This fixes a
>
> # problem with Microsoft WebFolders which does not appropriately handle
>
> # redirects for folders with DAV methods.
>
> # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
>
> #
>
> BrowserMatch "Microsoft Data Access Internet Publishing Provider"
> redirect-carefully
>
> BrowserMatch "MS FrontPage" redirect-carefully
>
> BrowserMatch "^WebDrive" redirect-carefully
>
> BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
>
> BrowserMatch "^gnome-vfs/1.0" redirect-carefully
>
> BrowserMatch "^XML Spy" redirect-carefully
>
> BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
>
>
>
> #
>
> # Allow server status reports generated by mod_status,
>
> # with the URL of http://servername/server-status
>
> # Change the ".example.com" to match your domain to enable.
>
> #
>
> #<Location /server-status>
>
> #    SetHandler server-status
>
> #    Order deny,allow
>
> #    Deny from all
>
> #    Allow from .example.com
>
> #</Location>
>
>
>
> #
>
> # Allow remote server configuration reports, with the URL of
>
> #  http://servername/server-info (requires that mod_info.c be loaded).
>
> # Change the ".example.com" to match your domain to enable.
>
> #
>
> #<Location /server-info>
>
> #    SetHandler server-info
>
> #    Order deny,allow
>
> #    Deny from all
>
> #    Allow from .example.com
>
> #</Location>
>
>
>
> #
>
> # Proxy Server directives. Uncomment the following lines to
>
> # enable the proxy server:
>
> #
>
> #<IfModule mod_proxy.c>
>
> #ProxyRequests On
>
> #
>
> #<Proxy *>
>
> #    Order deny,allow
>
> #    Deny from all
>
> #    Allow from .example.com
>
> #</Proxy>
>
>
>
> #
>
> # Enable/disable the handling of HTTP/1.1 "Via:" headers.
>
> # ("Full" adds the server version; "Block" removes all outgoing Via:
> headers)
>
> # Set to one of: Off | On | Full | Block
>
> #
>
> #ProxyVia On
>
>
>
> #
>
> # To enable a cache of proxied content, uncomment the following lines.
>
> # See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more
> details.
>
> #
>
> #<IfModule mod_disk_cache.c>
>
> #   CacheEnable disk /
>
> #   CacheRoot "/var/cache/mod_proxy"
>
> #</IfModule>
>
> #
>
>
>
> #</IfModule>
>
> # End of proxy directives.
>
>
>
> ### Section 3: Virtual Hosts
>
> #
>
> # VirtualHost: If you want to maintain multiple domains/hostnames on your
>
> # machine you can setup VirtualHost containers for them. Most
> configurations
>
> # use only name-based virtual hosts so the server doesn't need to worry
> about
>
> # IP addresses. This is indicated by the asterisks in the directives
> below.
>
> #
>
> # Please see the documentation at
>
> # <URL:http://httpd.apache.org/docs/2.2/vhosts/>
>
> # for further details before you try to setup virtual hosts.
>
> #
>
> # You may use the command line option '-S' to verify your virtual host
>
> # configuration.
>
>
>
> #
>
> # Use name-based virtual hosting.
>
> #
>
> NameVirtualHost *:80
>
>
>
> # NOTE: NameVirtualHost cannot be used without a port specifier
>
> # (e.g. :80) if mod_ssl is being used, due to the nature of the
>
> # SSL protocol.
>
> #
>
>
>
> #
>
> <VirtualHost *:80>
>
> ServerName policy-machine.com
>
> DocumentRoot "/html/itsecuritypolicy"
>
> ServerAdmin webmaster@policy-machine.com
>
> <Directory "/html/itsecuritypolicy">
>
>   Allow from all
>
>   Options +Indexes
>
> </Directory>
>
> </VirtualHost>
>
> #
>
> <VirtualHost *:80>
>
> ServerName itsecuritypolicy.com
>
> DocumentRoot "/html/itsecuritypolicy"
>
> ServerAdmin webmaster@policy-machine.com
>
> <Directory "/html/itsecuritypolicy">
>
>   Allow from all
>
>   Options +Indexes
>
> </Directory>
>
> </VirtualHost>
>
> #
>
> <VirtualHost *:80>
>
> ServerName michaelpeters.org
>
> DocumentRoot "/html/eccentricstudios"
>
> ServerAdmin webmaster@michaelpeters.org
>
> <Directory "/html/eccentricstudios">
>
>   Allow from all
>
>   Options +Indexes
>
> </Directory>
>
> </VirtualHost>
>
> #
>
> <VirtualHost *:80>
>
> ServerName lazarusalliance.com
>
> DocumentRoot "/html/lazarusalliance"
>
> ServerAdmin webmaster@lazarusalliance.com
>
> <Directory "/html/lazarusalliance">
>
>   Allow from all
>
>   Options +Indexes
>
> </Directory>
>
> </VirtualHost>
>
> #
>
> <VirtualHost *:80>
>
> ServerName fedramp.us
>
> DocumentRoot "/html/lazarusalliance"
>
> ServerAdmin webmaster@lazarusalliance.com
>
> <Directory "/html/lazarusalliance">
>
>   Allow from all
>
>   Options +Indexes
>
> </Directory>
>
> </VirtualHost>
>
> #
>
> <VirtualHost *:80>
>
> ServerName ssae-16.us
>
> DocumentRoot "/html/lazarusalliance"
>
> ServerAdmin webmaster@lazarusalliance.com
>
> <Directory "/html/lazarusalliance">
>
>   Allow from all
>
>   Options +Indexes
>
> </Directory>
>
> </VirtualHost>
>
> #
>
> <VirtualHost *:80>
>
> ServerName yourpersonalcxo.com
>
> DocumentRoot "/html/lazarusalliance"
>
> ServerAdmin webmaster@lazarusalliance.com
>
> <Directory "/html/lazarusalliance">
>
>   Allow from all
>
>   Options +Indexes
>
> </Directory>
>
> </VirtualHost>
>
> #
>
> <VirtualHost *:80>
>
> ServerName securitytrifecta.com
>
> DocumentRoot "/html"
>
> ServerAdmin webmaster@securitytrifecta.com
>
> <Directory "/html">
>
>   Allow from all
>
>   Options +Indexes
>
> </Directory>
>
> <Directory "/html/menu">
>
>   Allow from all
>
>   Options +Indexes
>
> </Directory>
>
> </VirtualHost>
>
> #
>
> +++++++++++++++ This is the ssl.conf  +++++++++++++++++++++++++++++++++
>
> #
>
> LoadModule ssl_module modules/mod_ssl.so
>
>
>
> #
>
> # When we also provide SSL we have to listen to the
>
> # the HTTPS port in addition.
>
> #
>
> Listen 443
>
>
>
> # Listen for virtual host requests on all IP addresses
>
> NameVirtualHost *:443
>
>
>
> ##
>
> ##  SSL Global Context
>
> ##
>
> ##  All SSL configuration in this context applies both to
>
> ##  the main server and all SSL-enabled virtual hosts.
>
> ##
>
>
>
> #   Pass Phrase Dialog:
>
> #   Configure the pass phrase gathering process.
>
> #   The filtering dialog program (`builtin' is a internal
>
> #   terminal dialog) has to provide the pass phrase on stdout.
>
> SSLPassPhraseDialog  builtin
>
>
>
> #   Inter-Process Session Cache:
>
> #   Configure the SSL Session Cache: First the mechanism
>
> #   to use and second the expiring timeout (in seconds).
>
> SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
>
> SSLSessionCacheTimeout  300
>
>
>
> #   Semaphore:
>
> #   Configure the path to the mutual exclusion semaphore the
>
> #   SSL engine uses internally for inter-process synchronization.
>
> SSLMutex default
>
>
>
> #   Pseudo Random Number Generator (PRNG):
>
> #   Configure one or more sources to seed the PRNG of the
>
> #   SSL library. The seed data should be of good random quality.
>
> #   WARNING! On some platforms /dev/random blocks if not enough entropy
>
> #   is available. This means you then cannot use the /dev/random device
>
> #   because it would lead to very long connection times (as long as
>
> #   it requires to make more entropy available). But usually those
>
> #   platforms additionally provide a /dev/urandom device which doesn't
>
> #   block. So, if available, use this one instead. Read the mod_ssl User
>
> #   Manual for more details.
>
> SSLRandomSeed startup file:/dev/urandom  256
>
> SSLRandomSeed connect builtin
>
> #SSLRandomSeed startup file:/dev/random  512
>
> #SSLRandomSeed connect file:/dev/random  512
>
> #SSLRandomSeed connect file:/dev/urandom 512
>
>
>
> #
>
> # Use "SSLCryptoDevice" to enable any supported hardware
>
> # accelerators. Use "openssl engine -v" to list supported
>
> # engine names.  NOTE: If you enable an accelerator and the
>
> # server does not start, consult the error logs and ensure
>
> # your accelerator is functioning properly.
>
> #
>
> SSLCryptoDevice builtin
>
> #SSLCryptoDevice ubsec
>
>
>
> ##
>
> ## SSL Virtual Host Context
>
> ##
>
> <VirtualHost *:443>
>
> ServerName securitytrifecta.com
>
> DocumentRoot "/html"
>
> ServerAdmin webmaster@securitytrifecta.com
>
> SSLEngine on
>
> SSLProtocol all -SSLv2 -SSLv3
>
> SSLHonorCipherOrder on
>
> SSLCipherSuite
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
>
> :ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:A
>
> ES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
>
> SSLCertificateFile /etc/pki/tls/certs/7e5320f68904.crt
>
> SSLCertificateKeyFile /etc/pki/tls/private/securitytrifecta.key
>
> SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle-g2-g1.crt
>
> <Directory "/html">
>
>   Allow from all
>
>   Options +Indexes
>
> </Directory>
>
> <Directory "/html/menu">
>
>   Options Indexes FollowSymLinks
>
>   AllowOverride None
>
>   Order allow,deny
>
>   Allow from all
>
> </Directory>
>
> <Directory "/html/auditprotocol">
>
>   Options Indexes FollowSymLinks
>
>   AllowOverride None
>
>   Order allow,deny
>
>   Allow from all
>
>   SSLRenegBufferSize 26214400
>
>   LimitRequestBody 2044430000
>
> </Directory>
>
> <Directory "/html/skipfish">
>
>   AuthType Basic
>
>   AuthName "Restricted Files"
>
>   AuthBasicProvider file
>
>   AuthUserFile /www/html/passwd/passwords
>
>   Require user mdpeters67
>
> </Directory>
>
> <Directory "/html/skipfish-2.10b">
>
>   AuthType Basic
>
>   AuthName "Restricted Files"
>
>   AuthBasicProvider file
>
>   AuthUserFile /www/html/passwd/passwords
>
>   Require user mdpeters67
>
> </Directory>
>
> <Directory "/html/phpMyAdmin">
>
>   AuthType Basic
>
>   AuthName "Restricted Files"
>
>   AuthBasicProvider file
>
>   AuthUserFile /www/html/passwd/passwords
>
>   Require user mdpeters67
>
> </Directory>
>
> <Directory "/html/phpMyAdmin-4.1.6-all-languages">
>
>   AuthType Basic
>
>   AuthName "Restricted Files"
>
>   AuthBasicProvider file
>
>   AuthUserFile /www/html/passwd/passwords
>
>   Require user mdpeters67
>
> </Directory>
>
> <Directory "/html/munin">
>
>   AuthType Basic
>
>   AuthName "Restricted Files"
>
>   AuthBasicProvider file
>
>   AuthUserFile /www/html/passwd/passwords
>
>   Require user mdpeters67
>
> </Directory>
>
> <Directory "/usr/lib/munin/cgi">
>
>   Options +ExecCGI
>
>   <IfModule mod_fcgid.c>
>
>   SetHandler fcgid-script
>
>   </IfModule>
>
>   <IfModule !mod_fcgid.c>
>
>   SetHandler cgi-script
>
>   </IfModule>
>
> </Directory>
>
> </VirtualHost>
>
> #
>
> #<VirtualHost _default_:443>
>
> #<VirtualHost *:443>
>
> # General setup for the virtual host, inherited from global configuration
>
> #DocumentRoot /html
>
> #ServerName securitytrifecta.com
>
>
>
> # Use separate log files for the SSL virtual host; note that LogLevel
>
> # is not inherited from httpd.conf.
>
> #ErrorLog logs/ssl_error_log
>
> #TransferLog logs/ssl_access_log
>
> #LogLevel warn
>
>
>
> #   SSL Engine Switch:
>
> #   Enable/Disable SSL for this virtual host.
>
> #SSLEngine on
>
>
>
> #   SSL Protocol support:
>
> # List the enable protocol levels with which clients will be able to
>
> # connect.  Disable SSLv2 access by default:
>
> #SSLProtocol all -SSLv2
>
>
>
> #   SSL Cipher Suite:
>
> # List the ciphers that the client is permitted to negotiate.
>
> # See the mod_ssl documentation for a complete list.
>
> #SSLProtocol all -SSLv2 -SSLv3
>
> #SSLHonorCipherOrder on
>
> #SSLCipherSuite
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA25
>
> 6:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:
>
> AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
>
> #   Server Certificate:
>
> # Point SSLCertificateFile at a PEM encoded certificate.  If
>
> # the certificate is encrypted, then you will be prompted for a
>
> # pass phrase.  Note that a kill -HUP will prompt again.  A new
>
> # certificate can be generated using the genkey(1) command.
>
> #SSLCertificateFile /etc/pki/tls/certs/7ce3320f68904.crt
>
>
>
> #   Server Private Key:
>
> #   If the key is not combined with the certificate, use this
>
> #   directive to point at the key file.  Keep in mind that if
>
> #   you've both a RSA and a DSA private key you can configure
>
> #   both in parallel (to also allow the use of DSA ciphers, etc.)
>
> #SSLCertificateKeyFile /etc/pki/tls/private/securitytrifecta.key
>
>
>
> #   Server Certificate Chain:
>
> #   Point SSLCertificateChainFile at a file containing the
>
> #   concatenation of PEM encoded CA certificates which form the
>
> #   certificate chain for the server certificate. Alternatively
>
> #   the referenced file can be the same as SSLCertificateFile
>
> #   when the CA certificates are directly appended to the server
>
> #   certificate for convinience.
>
> #SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle-g2-g1.crt
>
>
>
> #   Certificate Authority (CA):
>
> #   Set the CA certificate verification path where to find CA
>
> #   certificates for client authentication or alternatively one
>
> #   huge file containing all of them (file must be PEM encoded)
>
> #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
>
>
>
> #   Client Authentication (Type):
>
> #   Client certificate verification type and depth.  Types are
>
> #   none, optional, require and optional_no_ca.  Depth is a
>
> #   number which specifies how deeply to verify the certificate
>
> #   issuer chain before deciding the certificate is not valid.
>
> #SSLVerifyClient require
>
> #SSLVerifyDepth  10
>
>
>
> #   Access Control:
>
> #   With SSLRequire you can do per-directory access control based
>
> #   on arbitrary complex boolean expressions containing server
>
> #   variable checks and other lookup directives.  The syntax is a
>
> #   mixture between C and Perl.  See the mod_ssl documentation
>
> #   for more details.
>
> #<Location />
>
> #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
>
> #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
>
> #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
>
> #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
>
> #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
>
> #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
>
> #</Location>
>
>
>
> #   SSL Engine Options:
>
> #   Set various options for the SSL engine.
>
> #   o FakeBasicAuth:
>
> #     Translate the client X.509 into a Basic Authorisation.  This means
> that
>
> #     the standard Auth/DBMAuth methods can be used for access control.
> The
>
> #     user name is the `one line' version of the client's X.509
> certificate.
>
> #     Note that no password is obtained from the user. Every entry in the
> user
>
> #     file needs this password: `xxj31ZMTZzkVA'.
>
> #   o ExportCertData:
>
> #     This exports two additional environment variables: SSL_CLIENT_CERT
> and
>
> #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
>
> #     server (always existing) and the client (only existing when client
>
> #     authentication is used). This can be used to import the certificates
>
> #     into CGI scripts.
>
> #   o StdEnvVars:
>
> #     This exports the standard SSL/TLS related `SSL_*' environment
> variables.
>
> #     Per default this exportation is switched off for performance
> reasons,
>
> #     because the extraction step is an expensive operation and is usually
>
> #     useless for serving static content. So one usually enables the
>
> #     exportation for CGI and SSI requests only.
>
> #   o StrictRequire:
>
> #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
>
> #     under a "Satisfy any" situation, i.e. when it applies access is
> denied
>
> #     and no other module can change it.
>
> #   o OptRenegotiate:
>
> #     This enables optimized SSL connection renegotiation handling when
> SSL
>
> #     directives are used in per-directory context.
>
> #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
>
> #<Files ~ "\.(cgi|shtml|phtml|php3?)$">
>
> #    SSLOptions +StdEnvVars
>
> #</Files>
>
> #<Directory "/www/cgi-bin">
>
> #    SSLOptions +StdEnvVars
>
> #</Directory>
>
>
>
> #   SSL Protocol Adjustments:
>
> #   The safe and default but still SSL/TLS standard compliant shutdown
>
> #   approach is that mod_ssl sends the close notify alert but doesn't wait
> for
>
> #   the close notify alert from client. When you need a different shutdown
>
> #   approach you can use one of the following variables:
>
> #   o ssl-unclean-shutdown:
>
> #     This forces an unclean shutdown when the connection is closed, i.e.
> no
>
> #     SSL close notify alert is send or allowed to received.  This
> violates
>
> #     the SSL/TLS standard but is needed for some brain-dead browsers. Use
>
> #     this when you receive I/O errors because of the standard approach
> where
>
> #     mod_ssl sends the close notify alert.
>
> #   o ssl-accurate-shutdown:
>
> #     This forces an accurate shutdown when the connection is closed, i.e.
> a
>
> #     SSL close notify alert is send and mod_ssl waits for the close
> notify
>
> #     alert of the client. This is 100% SSL/TLS standard compliant, but in
>
> #     practice often causes hanging connections with brain-dead browsers.
> Use
>
> #     this only for browsers where you know that their SSL implementation
>
> #     works correctly.
>
> #   Notice: Most problems of broken clients are also related to the HTTP
>
> #   keep-alive facility, so you usually additionally want to disable
>
> #   keep-alive for those clients, too. Use variable "nokeepalive" for
> this.
>
> #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
>
> #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0"
> and
>
> #   "force-response-1.0" for this.
>
> #SetEnvIf User-Agent ".*MSIE.*" \
>
> #         nokeepalive ssl-unclean-shutdown \
>
> #         downgrade-1.0 force-response-1.0
>
>
>
> #   Per-Server Logging:
>
> #   The home of a custom SSL log file. Use this when you want a
>
> #   compact non-error SSL logfile on a virtual host basis.
>
> #CustomLog logs/ssl_request_log \
>
> #          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> #</VirtualHost>
>
> #
>
>
>
> Best regards,
>
>
>
> Michael D. Peters
>
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message