GentooForum.de

Quellcode

79.208.42.27 - - [29/Sep/2012:17:02:44 +0200] "\x16\x03\x01" 400 285
79.208.42.27 - - [29/Sep/2012:17:02:44 +0200] "\x16\x03\x01" 400 285
79.208.42.27 - - [29/Sep/2012:17:02:44 +0200] "\x16\x03\x01" 400 285
79.208.42.27 - - [29/Sep/2012:17:02:44 +0200] "\x16\x03" 400 285

Quellcode

[Sat Sep 29 17:02:44 2012] [error] [client 79.208.42.27] invalid request-URI

Quellcode

# This is a modification of the default Apache 2.2 configuration file
# for Gentoo Linux.
#
# Support:
#   http://www.gentoo.org/main/en/lists.xml   [mailing lists]
#   http://forums.gentoo.org/                 [web forums]
#   irc://irc.freenode.net#gentoo-apache      [irc chat]
#
# Bug Reports:
#   http://bugs.gentoo.org                    [gentoo related bugs]
#   http://httpd.apache.org/bug_report.html   [apache httpd related bugs]
#
#
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo_log"
# with ServerRoot set to "/usr" will be interpreted by the
# server as "/usr/var/log/apache2/foo.log".

# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk.  If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
ServerRoot "/usr/lib64/apache2"

# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
# GENTOO: Automatically defined based on APACHE2_MODULES USE_EXPAND variable.
#         Do not change manually, it will be overwritten on upgrade.
#
# The following modules are considered as the default configuration.
# If you wish to disable one of them, you may have to alter other
# configuration directives.
#
# Change these at your own risk!

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
<IfDefine CACHE>
LoadModule cache_module modules/mod_cache.so
</IfDefine>
LoadModule cgi_module modules/mod_cgi.so
LoadModule cgid_module modules/mod_cgid.so
<IfDefine DAV>
LoadModule dav_module modules/mod_dav.so
</IfDefine>
<IfDefine DAV>
LoadModule dav_fs_module modules/mod_dav_fs.so
</IfDefine>
<IfDefine DAV>
LoadModule dav_lock_module modules/mod_dav_lock.so
</IfDefine>
LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
<IfDefine CACHE>
LoadModule disk_cache_module modules/mod_disk_cache.so
</IfDefine>
LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
LoadModule ext_filter_module modules/mod_ext_filter.so
<IfDefine CACHE>
LoadModule file_cache_module modules/mod_file_cache.so
</IfDefine>
LoadModule filter_module modules/mod_filter.so
LoadModule headers_module modules/mod_headers.so
LoadModule include_module modules/mod_include.so
<IfDefine INFO>
LoadModule info_module modules/mod_info.so
</IfDefine>
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
<IfDefine CACHE>
LoadModule mem_cache_module modules/mod_mem_cache.so
</IfDefine>
LoadModule mime_module modules/mod_mime.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule speling_module modules/mod_speling.so
<IfDefine SSL>
LoadModule ssl_module modules/mod_ssl.so
</IfDefine>
<IfDefine STATUS>
LoadModule status_module modules/mod_status.so
</IfDefine>
LoadModule unique_id_module modules/mod_unique_id.so
<IfDefine USERDIR>
LoadModule userdir_module modules/mod_userdir.so
</IfDefine>
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
User apache
Group apache

# Supplemental configuration
#
# Most of the configuration files in the /etc/apache2/modules.d/ directory can
# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features
# or to modify the default configuration of the server.
#
# To know which flag to add to APACHE2_OPTS, look at the first line of the
# the file, which will usually be an <IfDefine OPTION> where OPTION is the
# flag to use.
Include /etc/apache2/modules.d/*.conf

# Virtual-host support
#
# Gentoo has made using virtual-hosts easy. In /etc/apache2/vhosts.d/ we
# include a default vhost (enabled by adding -D DEFAULT_VHOST to
# APACHE2_OPTS in /etc/conf.d/apache2).
Include /etc/apache2/vhosts.d/*.conf

# vim: ts=4 filetype=apache

Quellcode

<IfDefine SSL>
<IfDefine SSL_DEFAULT_VHOST>
<IfModule ssl_module>
# see bug #178966 why this is in here

# When we also provide SSL we have to listen to the HTTPS port
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
Listen 443

<VirtualHost _default_:443>
        ServerName localhost
        Include /etc/apache2/vhosts.d/default_vhost.include
        ErrorLog /var/log/apache2/ssl_error_log

        <IfModule log_config_module>
                TransferLog /var/log/apache2/ssl_access_log
        </IfModule>

        ## SSL Engine Switch:
        # Enable/Disable SSL for this virtual host.
        SSLEngine on

        ## SSL Cipher Suite:
        # List the ciphers that the client is permitted to negotiate.
        # See the mod_ssl documentation for a complete list.
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        ## Server Certificate:
        # Point SSLCertificateFile at a PEM encoded certificate. If the certificate
        # is encrypted, then you will be prompted for a pass phrase. Note that a
        # kill -HUP will prompt again. Keep in mind that if you have both an RSA
        # and a DSA certificate you can configure both in parallel (to also allow
        # the use of DSA ciphers, etc.)
        SSLCertificateFile /etc/ssl/apache2/server.crt

        ## Server Private Key:
        # If the key is not combined with the certificate, use this directive to
        # point at the key file. Keep in mind that if you've both a RSA and a DSA
        # private key you can configure both in parallel (to also allow the use of
        # DSA ciphers, etc.)
        SSLCertificateKeyFile /etc/ssl/apache2/server.key

        ## Server Certificate Chain:
        # Point SSLCertificateChainFile at a file containing the concatenation of
        # PEM encoded CA certificates which form the certificate chain for the
        # server certificate. Alternatively the referenced file can be the same as
        # SSLCertificateFile when the CA certificates are directly appended to the
        # server certificate for convinience.
        #SSLCertificateChainFile /etc/ssl/apache2/ca.crt

        ## Certificate Authority (CA):
        # Set the CA certificate verification path where to find CA certificates
        # for client authentication or alternatively one huge file containing all
        # of them (file must be PEM encoded).
        # Note: Inside SSLCACertificatePath you need hash symlinks to point to the
        # certificate files. Use the provided Makefile to update the hash symlinks
        # after changes.
        #SSLCACertificatePath /etc/ssl/apache2/ssl.crt
        #SSLCACertificateFile /etc/ssl/apache2/ca-bundle.crt

        ## Certificate Revocation Lists (CRL):
        # Set the CA revocation path where to find CA CRLs for client authentication
        # or alternatively one huge file containing all of them (file must be PEM
        # encoded).
        # Note: Inside SSLCARevocationPath you need hash symlinks to point to the
        # certificate files. Use the provided Makefile to update the hash symlinks
        # after changes.
        #SSLCARevocationPath /etc/ssl/apache2/ssl.crl
        #SSLCARevocationFile /etc/ssl/apache2/ca-bundle.crl

        ## Client Authentication (Type):
        # Client certificate verification type and depth. Types are none, optional,
        # require and optional_no_ca. Depth is a number which specifies how deeply
        # to verify the certificate issuer chain before deciding the certificate is
        # not valid.
        #SSLVerifyClient require
        #SSLVerifyDepth  10

        ## Access Control:
        # With SSLRequire you can do per-directory access control based on arbitrary
        # complex boolean expressions containing server variable checks and other
        # lookup directives. The syntax is a mixture between C and Perl. See the
        # mod_ssl documentation for more details.
        #<Location />
        #       #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
        #       and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
        #       and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
        #       and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
        #       and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
        #       or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
        #</Location>

        ## SSL Engine Options:
        # Set various options for the SSL engine.

        ## FakeBasicAuth:
        # Translate the client X.509 into a Basic Authorisation. This means that the
        # standard Auth/DBMAuth methods can be used for access control. The user
        # name is the `one line' version of the client's X.509 certificate.
        # Note that no password is obtained from the user. Every entry in the user
        # file needs this password: `xxj31ZMTZzkVA'.

        ## ExportCertData:
        # This exports two additional environment variables: SSL_CLIENT_CERT and
        # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the server
        # (always existing) and the client (only existing when client
        # authentication is used). This can be used to import the certificates into
        # CGI scripts.

        ## StdEnvVars:
        # This exports the standard SSL/TLS related `SSL_*' environment variables.
        # Per default this exportation is switched off for performance reasons,
        # because the extraction step is an expensive operation and is usually
        # useless for serving static content. So one usually enables the exportation
        # for CGI and SSI requests only.

        ## StrictRequire:
        # This denies access when "SSLRequireSSL" or "SSLRequire" applied even under
        # a "Satisfy any" situation, i.e. when it applies access is denied and no
        # other module can change it.

        ## OptRenegotiate:
        # This enables optimized SSL connection renegotiation handling when SSL
        # directives are used in per-directory context.
        #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>

        <Directory "/var/www/localhost/cgi-bin">
                SSLOptions +StdEnvVars
        </Directory>

        ## SSL Protocol Adjustments:
        # The safe and default but still SSL/TLS standard compliant shutdown
        # approach is that mod_ssl sends the close notify alert but doesn't wait
        # for the close notify alert from client. When you need a different
        # shutdown approach you can use one of the following variables:

        ## ssl-unclean-shutdown:
        # This forces an unclean shutdown when the connection is closed, i.e. no
        # SSL close notify alert is send or allowed to received.  This violates the
        # SSL/TLS standard but is needed for some brain-dead browsers. Use this when
        # you receive I/O errors because of the standard approach where mod_ssl
        # sends the close notify alert.

        ## ssl-accurate-shutdown:
        # This forces an accurate shutdown when the connection is closed, i.e. a
        # SSL close notify alert is send and mod_ssl waits for the close notify
        # alert of the client. This is 100% SSL/TLS standard compliant, but in
        # practice often causes hanging connections with brain-dead browsers. Use
        # this only for browsers where you know that their SSL implementation works
        # correctly.
        # Notice: Most problems of broken clients are also related to the HTTP
        # keep-alive facility, so you usually additionally want to disable
        # keep-alive for those clients, too. Use variable "nokeepalive" for this.
        # Similarly, one has to force some clients to use HTTP/1.0 to workaround
        # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
        # "force-response-1.0" for this.
        <IfModule setenvif_module>
                BrowserMatch ".*MSIE.*" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        </IfModule>

        ## Per-Server Logging:
        # The home of a custom SSL log file. Use this when you want a compact
        # non-error SSL logfile on a virtual host basis.
        <IfModule log_config_module>
                CustomLog /var/log/apache2/ssl_request_log \
                        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"
        </IfModule>
</VirtualHost>
</IfModule>
</IfDefine>
</IfDefine>

# vim: ts=4 filetype=apache

Quellcode

# Virtual Hosts
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

<IfDefine DEFAULT_VHOST>
# see bug #178966 why this is in here

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80

# Use name-based virtual hosting.
NameVirtualHost *:80

# When virtual hosts are enabled, the main host defined in the default
# httpd.conf configuration will go away. We redefine it here so that it is
# still available.
#
# If you disable this vhost by removing -D DEFAULT_VHOST from
# /etc/conf.d/apache2, the first defined virtual host elsewhere will be
# the default.
<VirtualHost *:80>
        ServerName localhost
        Include /etc/apache2/vhosts.d/default_vhost.include

        <IfModule mpm_peruser_module>
                ServerEnvironment apache apache
        </IfModule>
</VirtualHost>
</IfDefine>

# vim: ts=4 filetype=apache

Quellcode

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
ServerAdmin root@localhost

# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
# If you change this to something that isn't under /var/www then suexec
# will no longer work.
DocumentRoot "/storage/export/www/extern"

# This should be changed to whatever you set DocumentRoot to.
<Directory "/storage/export/www/extern">
        # Possible values for the Options directive are "None", "All",
        # or any combination of:
        #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
        #
        # Note that "MultiViews" must be named *explicitly* --- "Options All"
        # doesn't give it to you.
        #
        # The Options directive is both complicated and important.  Please see
        # http://httpd.apache.org/docs/2.2/mod/core.html#options
        # for more information.
        Options Indexes FollowSymLinks

        # AllowOverride controls what directives may be placed in .htaccess files.
        # It can be "All", "None", or any combination of the keywords:
        #   Options FileInfo AuthConfig Limit
        AllowOverride All

        # Controls who can get stuff from this server.
        Order allow,deny
        Allow from all
</Directory>

<IfModule alias_module>
        # Redirect: Allows you to tell clients about documents that used to
        # exist in your server's namespace, but do not anymore. The client
        # will make a new request for the document at its new location.
        # Example:
        #   Redirect permanent /foo http://www.example.com/bar

        # Alias: Maps web paths into filesystem paths and is used to
        # access content that does not live under the DocumentRoot.
        # Example:
        #   Alias /webpath /full/filesystem/path
        #
        # If you include a trailing / on /webpath then the server will
        # require it to be present in the URL.  You will also likely
        # need to provide a <Directory> section to allow access to
        # the filesystem path.

        # ScriptAlias: This controls which directories contain server scripts.
        # ScriptAliases are essentially the same as Aliases, except that
        # documents in the target directory are treated as applications and
        # run by the server when requested rather than as documents sent to the
        # client.  The same rules about trailing "/" apply to ScriptAlias
        # directives as to Alias.
        ScriptAlias /cgi-bin/ "/storage/export/www/extern/cgi-bin/"
</IfModule>

# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "/storage/export/www/extern/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
</Directory>

# vim: ts=4 filetype=apache