diff options
Diffstat (limited to 'debian/config-dir/conf-available')
5 files changed, 163 insertions, 0 deletions
diff --git a/debian/config-dir/conf-available/charset.conf b/debian/config-dir/conf-available/charset.conf new file mode 100644 index 0000000..40d7198 --- /dev/null +++ b/debian/config-dir/conf-available/charset.conf @@ -0,0 +1,6 @@ +# Read the documentation before enabling AddDefaultCharset. +# In general, it is only a good idea if you know that all your files +# have this encoding. It will override any encoding given in the files +# in meta http-equiv or xml encoding tags. + +#AddDefaultCharset UTF-8 diff --git a/debian/config-dir/conf-available/localized-error-pages.conf b/debian/config-dir/conf-available/localized-error-pages.conf new file mode 100644 index 0000000..a3a198a --- /dev/null +++ b/debian/config-dir/conf-available/localized-error-pages.conf @@ -0,0 +1,79 @@ +# Customizable error responses come in three flavors: +# 1) plain text +# 2) local redirects +# 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# Putting this all together, we can internationalize error responses. +# +# We use Alias to redirect any /error/HTTP_<error>.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# +# You can modify the messages' appearance without changing any of the +# default HTTP_<error>.html.var files by adding the line: +# +#Alias /error/include/ "/your/include/path/" +# +# which allows you to create your own set of files by starting with the +# /usr/share/apache2/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. If you include the Alias in the global server +# context, is has to come _before_ the 'Alias /error/ ...' line. +# +# The default include files will display your Apache version number and your +# ServerAdmin email address regardless of the setting of ServerSignature. +# +# WARNING: The configuration below will NOT work out of the box if you have a +# SetHandler directive in a <Location /> context somewhere. Adding +# the following three lines AFTER the <Location /> context should +# make it work in most cases: +# <Location /error/> +# SetHandler none +# </Location> +# +# The internationalized error documents require mod_alias, mod_include +# and mod_negotiation. To activate them, uncomment the following 37 lines. + +#<IfModule mod_negotiation.c> +# <IfModule mod_include.c> +# <IfModule mod_alias.c> +# +# Alias /error/ "/usr/share/apache2/error/" +# +# <Directory "/usr/share/apache2/error"> +# Options IncludesNoExec +# AddOutputFilter Includes html +# AddHandler type-map var +# Order allow,deny +# Allow from all +# LanguagePriority en cs de es fr it nl sv pt-br ro +# ForceLanguagePriority Prefer Fallback +# </Directory> +# +# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +# ErrorDocument 410 /error/HTTP_GONE.html.var +# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var +# </IfModule> +# </IfModule> +#</IfModule> diff --git a/debian/config-dir/conf-available/other-vhosts-access-log.conf b/debian/config-dir/conf-available/other-vhosts-access-log.conf new file mode 100644 index 0000000..9f7aecd --- /dev/null +++ b/debian/config-dir/conf-available/other-vhosts-access-log.conf @@ -0,0 +1,2 @@ +# Define an access log for VirtualHosts that don't define their own logfile +CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined diff --git a/debian/config-dir/conf-available/security.conf b/debian/config-dir/conf-available/security.conf new file mode 100644 index 0000000..cad7dc1 --- /dev/null +++ b/debian/config-dir/conf-available/security.conf @@ -0,0 +1,58 @@ +# Changing the following options will not really affect the security of the +# server, but might make attacks slightly more difficult in some cases. + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minimal | Minor | Major | Prod +# where Full conveys the most information, and Prod the least. +#ServerTokens Minimal +ServerTokens OS +#ServerTokens Full + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +#ServerSignature Off +ServerSignature On + +# +# Allow TRACE method +# +# Set to "extended" to also reflect the request body (only for testing and +# diagnostic purposes). +# +# Set to one of: On | Off | extended +TraceEnable Off +#TraceEnable On + +# +# Forbid access to version control directories +# +# If you use version control systems in your document root, you should +# probably deny access to their directories. +# +# Examples: +# +#RedirectMatch 404 /\.git +#RedirectMatch 404 /\.svn + +# +# Setting this header will prevent MSIE from interpreting files as something +# else than declared by the content type in the HTTP headers. +# Requires mod_headers to be enabled. +# +#Header set X-Content-Type-Options: "nosniff" + +# +# Setting this header will prevent other sites from embedding pages from this +# site as frames. This defends against clickjacking attacks. +# Requires mod_headers to be enabled. +# +#Header set Content-Security-Policy "frame-ancestors 'self';" diff --git a/debian/config-dir/conf-available/serve-cgi-bin.conf b/debian/config-dir/conf-available/serve-cgi-bin.conf new file mode 100644 index 0000000..ae660b1 --- /dev/null +++ b/debian/config-dir/conf-available/serve-cgi-bin.conf @@ -0,0 +1,18 @@ +<IfModule mod_alias.c> + <IfModule mod_cgi.c> + Define ENABLE_USR_LIB_CGI_BIN + </IfModule> + + <IfModule mod_cgid.c> + Define ENABLE_USR_LIB_CGI_BIN + </IfModule> + + <IfDefine ENABLE_USR_LIB_CGI_BIN> + ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ + <Directory "/usr/lib/cgi-bin"> + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + Require all granted + </Directory> + </IfDefine> +</IfModule> |