Skip to content
GitLab
Commit a7bdf8d0 authored by tbrehm's avatar tbrehm
Browse files

Implemented: FS#334 - IPv6 support 

Implemented: FS#1113 - Force client to use only allowed IPs
parent 92991d5f
Hide whitespace changes
Inline Side-by-side
install/sql/incremental/upd_0022.sql 0 → 100644
View file @ a7bdf8d0
ALTER TABLE `web_domain` ADD `ipv6_address` VARCHAR( 255 ) default NULL AFTER `ip_address`;
\ No newline at end of file
install/sql/ispconfig3.sql
View file @ a7bdf8d0
......@@ -1474,6 +1474,7 @@ CREATE TABLE `web_domain` (
`sys_perm_other` varchar(5) default NULL,
`server_id` int(11) unsigned NOT NULL default '0',
`ip_address` varchar(39) default NULL,
`ipv6_address` VARCHAR( 255 ) default NULL
`domain` varchar(255) default NULL,
`type` varchar(32) default NULL,
`parent_domain_id` int(11) unsigned NOT NULL default '0',
......
interface/web/sites/ajax_get_ip.php
View file @ a7bdf8d0
......@@ -35,10 +35,12 @@ require_once('../../lib/app.inc.php');
$app->auth->check_module_permissions('sites');
$server_id = intval($_GET["server_id"]);
$client_group_id = intval($_GET["client_group_id"]);
$ip_type = $app->db->quote($_GET['ip_type']);
if($_SESSION["s"]["user"]["typ"] == 'admin') {
$sql = "SELECT ip_address FROM server_ip WHERE server_id = $server_id";
$sql = "SELECT ip_address FROM server_ip WHERE ip_type = '$ip_type' AND server_id = $server_id";
$ips = $app->db->queryAllRecords($sql);
// $ip_select = "<option value=''></option>";
$ip_select = "*";
......
interface/web/sites/form/web_domain.tform.php
View file @ a7bdf8d0
......@@ -82,11 +82,22 @@ $form["tabs"]['domain'] = array (
'datatype' => 'VARCHAR',
'formtype' => 'SELECT',
'default' => '',
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT ip_address,ip_address FROM server_ip WHERE {AUTHSQL} ORDER BY ip_address',
/*'datasource' => array ( 'type' => 'SQL',
'querystring' => "SELECT ip_address,ip_address FROM server_ip WHERE ip_type = 'IPv4' AND {AUTHSQL} ORDER BY ip_address",
'keyfield'=> 'ip_address',
'valuefield'=> 'ip_address'
),
),*/
'value' => ''
),
'ipv6_address' => array (
'datatype' => 'VARCHAR',
'formtype' => 'SELECT',
'default' => '',
/*'datasource' => array ( 'type' => 'SQL',
'querystring' => "SELECT ip_address,ip_address FROM server_ip WHERE ip_type = 'IPv6' AND {AUTHSQL} ORDER BY ip_address",
'keyfield'=> 'ip_address',
'valuefield'=> 'ip_address'
),*/
'value' => ''
),
'domain' => array (
......
interface/web/sites/lib/lang/en_web_domain.lng
View file @ a7bdf8d0
......@@ -21,7 +21,8 @@ $wb["active_txt"] = 'Active';
$wb["document_root_txt"] = 'Documentroot';
$wb["system_user_txt"] = 'Linux User';
$wb["system_group_txt"] = 'Linux Group';
$wb["ip_address_txt"] = 'IP-Address';
$wb["ip_address_txt"] = 'IPv4-Address';
$wb["ipv6_address_txt"] = 'IPv6-Address';
$wb["vhost_type_txt"] = 'VHost Type';
$wb["hd_quota_txt"] = 'Harddisk Quota';
$wb["traffic_quota_txt"] = 'Traffic Quota';
......
interface/web/sites/templates/web_domain_edit.htm
View file @ a7bdf8d0
......@@ -15,14 +15,14 @@
<input type="hidden" name="server_id" value="{tmpl_var name='server_id_value'}" />
<tmpl_else>
<label for="server_id">{tmpl_var name='server_id_txt'}</label>
<select name="server_id" id="server_id" class="selectInput" onChange="loadOptionInto('ip_address','sites/ajax_get_ip.php?server_id='+document.getElementById('server_id').value)">
<select name="server_id" id="server_id" class="selectInput" onChange="reloadWebIP()">
{tmpl_var name='server_id'}
</select>
</tmpl_if>
</div>
<div class="ctrlHolder">
<label for="client_group_id">{tmpl_var name='client_group_id_txt'}</label>
<select name="client_group_id" id="client_group_id" class="selectInput">
<select name="client_group_id" id="client_group_id" class="selectInput" onChange="reloadWebIP()">
{tmpl_var name='client_group_id'}
</select>
</div>
......@@ -30,7 +30,7 @@
<tmpl_if name="is_reseller">
<div class="ctrlHolder">
<label for="client_group_id">{tmpl_var name='client_group_id_txt'}</label>
<select name="client_group_id" id="client_group_id" class="selectInput">
<select name="client_group_id" id="client_group_id" class="selectInput" onChange="reloadWebIP()">
{tmpl_var name='client_group_id'}
</select>
</div>
......@@ -40,6 +40,12 @@
<select name="ip_address" id="ip_address" class="selectInput formLengthIPv4">
{tmpl_var name='ip_address'}
</select>
</div>
<div class="ctrlHolder">
<label for="ipv6_address">{tmpl_var name='ipv6_address_txt'}</label>
<select name="ipv6_address" id="ipv6_address" class="selectInput formLengthIPv4">
{tmpl_var name='ipv6_address'}
</select>
</div>
<div class="ctrlHolder">
<label for="domain">{tmpl_var name='domain_txt'}</label>
......@@ -158,5 +164,10 @@
}
});
}
function reloadWebIP() {
loadOptionInto('ip_address','sites/ajax_get_ip.php?ip_type=IPv4&server_id='+document.getElementById('server_id').value)&client_group_id='+document.getElementById('client_group_id').value);
loadOptionInto('ipv6_address','sites/ajax_get_ip.php?ip_type=IPv6&server_id='+document.getElementById('server_id').value)&client_group_id='+document.getElementById('client_group_id').value);
}
</script>
interface/web/sites/web_domain_edit.php
View file @ a7bdf8d0
......@@ -94,8 +94,8 @@ class page_action extends tform_actions {
$app->tpl->setVar("server_id","<option value='$client[default_webserver]'>$tmp[server_name]</option>");
unset($tmp);
// Fill the IP select field with the IP addresses that are allowed for this client
$sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND client_id=0 OR client_id=".$_SESSION['s']['user']['client_id'];
//* Fill the IPv4 select field with the IP addresses that are allowed for this client
$sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "<option value='*'>*</option>";
//$ip_select = "";
......@@ -108,6 +108,21 @@ class page_action extends tform_actions {
$app->tpl->setVar("ip_address",$ip_select);
unset($tmp);
unset($ips);
//* Fill the IPv6 select field with the IP addresses that are allowed for this client
$sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "<option value=''></option>";
//$ip_select = "";
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
$ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
}
}
$app->tpl->setVar("ipv6_address",$ip_select);
unset($tmp);
unset($ips);
//* Reseller: If the logged in user is not admin and has sub clients (is a reseller)
} elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
......@@ -135,8 +150,8 @@ class page_action extends tform_actions {
}
$app->tpl->setVar("client_group_id",$client_select);
// Fill the IP select field with the IP addresses that are allowed for this client
$sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND client_id=0 OR client_id=".$_SESSION['s']['user']['client_id'];
//* Fill the IPv4 select field with the IP addresses that are allowed for this client
$sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "<option value='*'>*</option>";
//$ip_select = "";
......@@ -149,6 +164,21 @@ class page_action extends tform_actions {
$app->tpl->setVar("ip_address",$ip_select);
unset($tmp);
unset($ips);
//* Fill the IPv6 select field with the IP addresses that are allowed for this client
$sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "<option value=''></option>";
//$ip_select = "";
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
$ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
}
}
$app->tpl->setVar("ipv6_address",$ip_select);
unset($tmp);
unset($ips);
//* Admin: If the logged in user is admin
} else {
......@@ -161,8 +191,9 @@ class page_action extends tform_actions {
$tmp = $app->db->queryOneRecord("SELECT server_id FROM server WHERE web_server = 1 ORDER BY server_name LIMIT 0,1");
$server_id = $tmp['server_id'];
}
$sql = "SELECT ip_address FROM server_ip WHERE server_id = $server_id";
//* Fill the IPv4 select field
$sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv4' AND server_id = $server_id";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "<option value='*'>*</option>";
//$ip_select = "";
......@@ -175,6 +206,21 @@ class page_action extends tform_actions {
$app->tpl->setVar("ip_address",$ip_select);
unset($tmp);
unset($ips);
//* Fill the IPv6 select field
$sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND server_id = $server_id";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "<option value=''></option>";
//$ip_select = "";
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
$ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
}
}
$app->tpl->setVar("ipv6_address",$ip_select);
unset($tmp);
unset($ips);
// Fill the client select field
$sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0 ORDER BY name";
......
server/conf/nginx_reverseproxy_rewrites.conf.master deleted 100644 → 0
View file @ 92991d5f
server {
listen 80 default_server;
listen 443 default_server;
server_name _;
include /etc/nginx/proxy.conf;
<tmpl_loop name="nginx_rewrite_rules">
rewrite ^{tmpl_var name="rewrite_url_src"} {tmpl_var name="rewrite_url_dst"};
</tmpl_loop>
}
server/conf/nginx_reverseproxy_vhost.conf.master deleted 100644 → 0
View file @ 92991d5f
server {
listen 80;
server_name <tmpl_var name='alias'> <tmpl_var name='domain'>;
access_log /var/log/ispconfig/nginx/<tmpl_var name='domain'>/access.log;
error_log /var/log/ispconfig/nginx/<tmpl_var name='domain'>/error.log;
include /etc/nginx/proxy.conf;
location / {
proxy_pass http://<tmpl_var name='ip_address'>:80;
}
location ~* \.(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {
# Cache static-looking files for 120 minutes, setting a 10 day expiry time in the HTTP header,
# whether logged in or not (may be too heavy-handed).
proxy_cache_valid 200 120m;
expires 864000;
proxy_pass http://<tmpl_var name='ip_address'>:80;
}
<tmpl_if name='nginx_directives'>
<tmpl_var name='nginx_directives'>
</tmpl_if>
}
<tmpl_if name='ssl_enabled'>
###########################################################
# SSL Vhost
###########################################################
server {
listen 443;
server_name <tmpl_var name='ssl_domain'> <tmpl_var name='alias'>;
access_log /var/log/ispconfig/nginx/<tmpl_var name='domain'>/access.log
error_log /var/log/ispconfig/nginx/<tmpl_var name='domain'>/error.log
### SSL cert files ###
ssl_certificate <tmpl_var name='config_dir'>/ssl/<tmpl_var name='ssl_domain'>.crt
ssl_certificate_key <tmpl_var name='config_dir'>/ssl/<tmpl_var name='ssl_domain'>.crt
<tmpl_if name='has_bundle_cert'>
ssl_client_certificate <tmpl_var name='config_dir'>/ssl/<tmpl_var name='ssl_domain'>.bundle
</tmpl_if>
### Add SSL specific settings here ###
keepalive_timeout 60;
### Limiting Ciphers ########################
# Uncomment as per your setup
#ssl_ciphers HIGH:!ADH;
#ssl_perfer_server_ciphers on;
#ssl_protocols SSLv3;
##############################################
include /etc/nginx/proxy.conf;
### Most PHP, Python, Rails, Java App can use this header ###
proxy_set_header X-Forwarded-Proto https;
location / {
proxy_pass https://<tmpl_var name='ip_address'>:443;
}
}
</tmpl_if>
server/conf/ufw.before.rules.master deleted 100644 → 0
View file @ 92991d5f
#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-before-input
# ufw-before-output
# ufw-before-forward
#
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-not-local - [0:0]
# End required lines
# allow all on loopback
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-output -o lo -j ACCEPT
# connection tracking rules
-A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT
# drop INVALID packets (logs these in loglevel medium and higher)
-A ufw-before-input -m state --state INVALID -j ufw-logging-deny
-A ufw-before-input -m state --state INVALID -j DROP
# connection tracking for outbound
-A ufw-before-output -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A ufw-before-output -p udp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
# allow dhcp client to work
-A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT
#
# ufw-not-local
#
-A ufw-before-input -j ufw-not-local
# if LOCAL, RETURN
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
# if MULTICAST, RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
# if BROADCAST, RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
# all other non-local packets are dropped
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
# allow MULTICAST, be sure the MULTICAST line above is uncommented
-A ufw-before-input -s 224.0.0.0/4 -j ACCEPT
-A ufw-before-input -d 224.0.0.0/4 -j ACCEPT
COMMIT
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.5.2/24 -o eth0 -j SNAT --to 192.168.5.105
-A PREROUTING -p tcp -d 192.168.5.105 --dport 80 -i eth0 -j DNAT --to-destination 192.168.5.200:80
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT
server/conf/ufw.conf.master deleted 100644 → 0
View file @ 92991d5f
# /etc/ufw/ufw.conf
#
# set to yes to start on boot
ENABLED={tmpl_var name='enable'}
# set to one of 'off', 'low', 'medium', 'high'
LOGLEVEL={tmpl_var name='log_level'}
server/conf/ufw.default.master deleted 100644 → 0
View file @ 92991d5f
# /etc/default/ufw
#
# set to yes to apply rules to support IPv6 (no means only IPv6 on loopback
# accepted). You will need to 'disable' and then 'enable' the firewall for
# the changes to take affect.
IPV6={tmpl_var name='ipv6'}
# set the default input policy to ACCEPT, DROP or REJECT. Please note that if
# you change this you will most likely want to adjust your rules
DEFAULT_INPUT_POLICY="{tmpl_var name='default_input_policy'}"
# set the default output policy to ACCEPT, DROP, or REJECT. Please note that
# if you change this you will most likely want to adjust your rules
DEFAULT_OUTPUT_POLICY="{tmpl_var name='default_output_policy'}T"
# set the default forward policy to ACCEPT, DROP or REJECT. Please note that
# if you change this you will most likely want to adjust your rules
DEFAULT_FORWARD_POLICY="{tmpl_var name='default_forward_policy'}"
# set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please
# note that setting this to ACCEPT may be a security risk. See 'man ufw' for
# details
DEFAULT_APPLICATION_POLICY="{tmpl_var name='default_application_policy'}"
# By default, ufw only touches its own chains. Set this to 'yes' to have ufw
# manage the built-in chains too. Warning: setting this to 'yes' will break
# non-ufw managed firewall rules
MANAGE_BUILTINS={tmpl_var name='manage_builtins'}
#
# IPT backend
#
# only enable if using iptables backend
IPT_SYSCTL=/etc/ufw/sysctl.conf
# extra connection tracking modules to load
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc"
server/conf/vhost.conf.master
View file @ a7bdf8d0
......@@ -5,7 +5,8 @@
Deny from all
</Directory>
<VirtualHost <tmpl_var name='ip_address'>:80>
<tmpl_loop name="vhosts">
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
<tmpl_if name='php' op='==' value='suphp'>
DocumentRoot <tmpl_var name='web_document_root'>
</tmpl_else>
......@@ -34,7 +35,17 @@
ErrorDocument 500 /error/500.html
ErrorDocument 503 /error/503.html
</tmpl_if>
<IfModule mod_ssl.c>
<tmpl_if name='ssl_enabled'>
SSLEngine on
SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt
SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key
</tmpl_if>
<tmpl_if name='has_bundle_cert'>
SSLCACertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.bundle
</tmpl_if>
</IfModule>
<Directory {tmpl_var name='web_document_root_www'}>
Options FollowSymLinks
AllowOverride <tmpl_var name='allow_override'>
......@@ -225,228 +236,4 @@
<tmpl_var name='apache_directives'>
</VirtualHost>
<tmpl_if name='ssl_enabled'>
<IfModule mod_ssl.c>
###########################################################
# SSL Vhost
###########################################################
<VirtualHost <tmpl_var name='ip_address'>:443>
<tmpl_if name='php' op='==' value='suphp'>
DocumentRoot <tmpl_var name='web_document_root'>
</tmpl_else>
<tmpl_if name='php' op='==' value='cgi'>
DocumentRoot <tmpl_var name='web_document_root'>
</tmpl_else>
DocumentRoot <tmpl_var name='web_document_root_www'>
</tmpl_if>
</tmpl_if>
ServerName <tmpl_var name='ssl_domain'>
<tmpl_if name='alias'>
<tmpl_var name='alias'>
</tmpl_if>
ServerAdmin webmaster@<tmpl_var name='domain'>
ErrorLog /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log
<tmpl_if name='errordocs'>
ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 405 /error/405.html
ErrorDocument 500 /error/500.html
ErrorDocument 503 /error/503.html
</tmpl_if>
SSLEngine on
SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt
SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key
<tmpl_if name='has_bundle_cert'>
SSLCACertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.bundle
</tmpl_if>
<Directory {tmpl_var name='web_document_root_www'}>
Options FollowSymLinks
AllowOverride <tmpl_var name='allow_override'>
Order allow,deny
Allow from all
<tmpl_if name='ssi' op='==' value='y'>
# ssi enabled
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Options +Includes
</tmpl_if>
<tmpl_if name='php' op='==' value='no'>
<Files ~ '.php[s3-6]{0,1}$'>
Order allow,deny
Deny from all
Allow from none
</Files>
</tmpl_if>
</Directory>
<Directory {tmpl_var name='web_document_root'}>
Options FollowSymLinks
AllowOverride <tmpl_var name='allow_override'>
Order allow,deny
Allow from all
<tmpl_if name='ssi' op='==' value='y'>
# ssi enabled
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Options +Includes
</tmpl_if>
<tmpl_if name='php' op='==' value='no'>
<Files ~ '.php[s3-6]{0,1}$'>
Order allow,deny
Deny from all
Allow from none
</Files>
</tmpl_if>
</Directory>
<tmpl_if name='cgi' op='==' value='y'>
# cgi enabled
<Directory {tmpl_var name='document_root'}/cgi-bin>
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ <tmpl_var name='document_root'>/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
</tmpl_if>
<tmpl_if name='ssi'op='==' value='y'>
# ssi enabled
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</tmpl_if>
<tmpl_if name='suexec'op='==' value='y'>
# suexec enabled
SuexecUserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
</tmpl_if>
# Clear PHP settings of this website
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
<tmpl_if name='php' op='==' value='mod'>
# mod_php enabled
AddType application/x-httpd-php .php .php3 .php4 .php5
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
# PHPIniDir <tmpl_var name='custom_php_ini_dir'>
<tmpl_if name='security_level' op='==' value='20'>
php_admin_value open_basedir <tmpl_var name='php_open_basedir'>
</tmpl_if>
</tmpl_if>
<tmpl_if name='php' op='==' value='suphp'>
# suphp enabled
<Directory {tmpl_var name='web_document_root'}>
<IfModule mod_suphp.c>
suPHP_Engine on
# suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
<tmpl_if name='has_custom_php_ini'>
suPHP_ConfigPath <tmpl_var name='custom_php_ini_dir'>
</tmpl_if>
AddHandler x-httpd-suphp .php .php3 .php4 .php5
suPHP_AddHandler x-httpd-suphp
</IfModule>
</Directory>
</tmpl_if>
<tmpl_if name='php' op='==' value='cgi'>
# php as cgi enabled
ScriptAlias /php5-cgi <tmpl_var name='cgi_starter_path'><tmpl_var name='cgi_starter_script'>
Action php5-cgi /php5-cgi
AddHandler php5-cgi .php .php3 .php4 .php5
<Directory {tmpl_var name='cgi_starter_path'}>
Order allow,deny
Allow from all
</Directory>
</tmpl_if>
<tmpl_if name='php' op='==' value='fast-cgi'>
# php as fast-cgi enabled
# See: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
<IfModule mod_fcgid.c>
<tmpl_if name='fastcgi_config_syntax' op='==' value='2'>
FcgidIdleTimeout 300
FcgidProcessLifeTime 3600
FcgidMaxProcesses 1000
FcgidMinProcessesPerClass 0
FcgidMaxProcessesPerClass 100
FcgidConnectTimeout 3
FcgidIOTimeout 360
FcgidBusyTimeout 300
<tmpl_else>
IdleTimeout 300
ProcessLifeTime 3600
# MaxProcessCount 1000
DefaultMinClassProcessCount 0
DefaultMaxClassProcessCount 100
IPCConnectTimeout 3
IPCCommTimeout 360
BusyTimeout 300
</tmpl_if>
</IfModule>
<Directory {tmpl_var name='web_document_root_www'}>
AddHandler fcgid-script .php .php3 .php4 .php5
FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php