AllowOverride None Require all denied Order Deny,Allow Deny from all DocumentRoot DocumentRoot DocumentRoot DocumentRoot DocumentRoot ServerName ServerAdmin webmaster@ ErrorLog /var/log/ispconfig/httpd//error.log Alias /error/ "/error/" ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 502 /error/502.html ErrorDocument 503 /error/503.html SSLEngine on SSLProtocol All -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on Header always add Strict-Transport-Security "max-age=15768000" SSLCertificateFile /ssl/.crt SSLCertificateKeyFile /ssl/.key SSLCertificateChainFile /ssl/.bundle SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off # Clear PHP settings of this website SetHandler None Options +FollowSymLinks AllowOverride Require all granted Order allow,deny Allow from all # ssi enabled AddType text/html .shtml AddOutputFilter INCLUDES .shtml Options +Includes Require all denied Order allow,deny Deny from all Allow from none # Clear PHP settings of this website SetHandler None Options +FollowSymLinks AllowOverride Require all granted Order allow,deny Allow from all # ssi enabled AddType text/html .shtml AddOutputFilter INCLUDES .shtml Options +Includes Require all denied Order allow,deny Deny from all Allow from none Options +ExecCGI RubyRequire apache/ruby-run #RubySafeLevel 0 AddType text/html .rb AddType text/html .rbx SetHandler ruby-object RubyHandler Apache::RubyRun.instance SetHandler ruby-object RubyHandler Apache::RubyRun.instance PerlModule ModPerl::Registry PerlModule Apache2::Reload PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI SetHandler perl-script SetHandler mod_python PythonHandler mod_python.publisher PythonDebug On # cgi enabled Require all granted Order allow,deny Allow from all ScriptAlias /cgi-bin/ /cgi-bin/ SetHandler cgi-script # suexec enabled SuexecUserGroup # mod_php enabled AddType application/x-httpd-php .php .php3 .php4 .php5 SetEnv TMP /tmp SetEnv TMPDIR /tmp SetEnv TEMP /tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@" php_admin_value upload_tmp_dir /tmp php_admin_value session.save_path /tmp # PHPIniDir php_admin_value open_basedir # suphp enabled suPHP_Engine on # suPHP_UserGroup suPHP_ConfigPath SetHandler x-httpd-suphp suPHP_AddHandler x-httpd-suphp # php as cgi enabled ScriptAlias /php5-cgi Action php5-cgi /php5-cgi SetHandler php5-cgi SetHandler php5-cgi Require all granted Order allow,deny Allow from all # php as fast-cgi enabled # For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html FcgidIdleTimeout 300 FcgidProcessLifeTime 3600 # FcgidMaxProcesses 1000 FcgidMaxRequestsPerProcess FcgidMinProcessesPerClass 0 FcgidMaxProcessesPerClass 10 FcgidConnectTimeout 3 FcgidIOTimeout 600 FcgidBusyTimeout 3600 FcgidMaxRequestLen 1073741824 IdleTimeout 300 ProcessLifeTime 3600 # MaxProcessCount 1000 DefaultMinClassProcessCount 0 DefaultMaxClassProcessCount 10 IPCConnectTimeout 3 IPCCommTimeout 600 BusyTimeout 3600 SetHandler fcgid-script FCGIWrapper .php FCGIWrapper .php3 FCGIWrapper .php4 FCGIWrapper .php5 Options +ExecCGI AllowOverride Require all granted Order allow,deny Allow from all SetHandler fcgid-script FCGIWrapper .php FCGIWrapper .php3 FCGIWrapper .php4 FCGIWrapper .php5 Options +ExecCGI AllowOverride Require all granted Order allow,deny Allow from all Require all granted Order allow,deny Allow from all SetHandler php5-fcgi SetHandler php5-fcgi Action php5-fcgi /php5-fcgi virtual Alias /php5-fcgi {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -host 127.0.0.1: -pass-header Authorization ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ fcgi://127.0.0.1:/$1 FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket -pass-header Authorization Require all granted Order allow,deny Allow from all SetHandler hhvm-fcgi SetHandler hhvm-fcgi SetHandler hhvm-fcgi SetHandler hhvm-fcgi Action hhvm-fcgi /hhvm-fcgi virtual Alias /hhvm-fcgi {tmpl_var name='document_root'}/cgi-bin/hhvm-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/hhvm-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket /var/run/hhvm/hhvm..sock -pass-header Authorization RewriteEngine on RewriteEngine on RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/ RewriteRule ^ - [END] RewriteCond %{HTTP_HOST} ^$ [NC] RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ RewriteRule ^(.*)$ https://$1 [R=301,NE,L] RewriteCond %{HTTP_HOST} ^$ [NC] RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ RewriteRule ^(.*)$ https://$1 [R=301,NE,L] RewriteCond %{HTTP_HOST} $ [NC] RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ RewriteCond %{REQUEST_URI} !^/webdav/ RewriteCond %{REQUEST_URI} !^/php5-fcgi/ RewriteCond %{REQUEST_URI} !^ RewriteRule ^/(.*)$ $1 RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] # add support for apache mpm_itk AssignUserId # Do not execute PHP files in webdav directory SecRuleRemoveById 960015 SecRuleRemoveById 960032 SetHandler None DavLockDB {tmpl_var name='document_root'}/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END SSLStaplingCache shmcb:/var/run/ocsp(128000)