17,7 → 17,6 |
ssl.ca-file = "/etc/pki/tls/certs/server-chain.pem" |
ssl.use-sslv2 = "disable" |
ssl.use-sslv3 = "disable" |
ssl.use-compression = "disable" |
ssl.honor-cipher-order = "enable" |
ssl.cipher-list = "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" |
var.server_name = "alcasar.localdomain" |
29,10 → 28,8 |
alias.url = ( |
"/save" => "/var/Save" |
) |
|
# Digest authentication configuration |
auth.backend = "htdigest" |
auth.debug = 1 |
auth.require = ( |
"/acc/" => |
( |
46,30 → 43,23 |
"realm" => "ALCASAR Control Center (ACC)", |
"require" => "valid-user" |
) |
|
) |
|
$HTTP["url"] =~ "^/(acc|save)/" { |
# Setting digest files according access permissions |
$HTTP["url"] =~ "^/acc/" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_all" |
|
$HTTP["url"] =~ "^/acc/admin" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_admin" |
} |
|
$HTTP["url"] =~ "^/acc/manager/" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_manager" |
} |
|
$HTTP["url"] =~ "^/acc/backup/" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup" |
} |
} |
|
$HTTP["url"] =~ "^/save" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup" |
|
# Enabling directory listing |
dir-listing.activate = "enable" |
} |
77,6 → 67,10 |
} |
|
$HTTP["scheme"] == "http" { |
# Force HTTPS on all pages |
url.redirect = ("" => "https://${url.authority}${url.path}${qsa}") |
# Force HTTPS for specific pages |
$HTTP["url"] =~ "^/(acc|save)" { |
$HTTP["host"] =~ ".*" { |
url.redirect = (".*" => "https://%0$0") |
} |
} |
} |