summaryrefslogtreecommitdiff
path: root/templates/vhosts
AgeCommit message (Collapse)Author
2011-10-08first work on php_settings via hashmh
2011-05-18woraround that redirects do not have a documentrootmh
2011-05-18we need to set the var also vor http partsmh
2011-05-18fix template typo from a previous copy&paste errormh
2011-05-18move header to partialsmh
2011-05-17this is now in the include filemh
2011-05-17migrate authentication to partialsmh
2011-05-17indentationmh
2011-05-17switching logs over to partialsmh
2011-05-17indentationmh
2011-05-17fix template typomh
2011-05-17improve mod_security rulesmh
* handled now by a partial * possibility to add rules that should be removed * possibility to add custom mod_sec options" * use new infrastructure for existing mod_sec tweaks
2011-04-01fix template errormh
2011-03-31add missing files and manage necessary files to run as specific usermh
2011-03-31improving passenger supportmh
2011-03-17put mod_security stuff in its own partialmh
2011-03-17add mod_security stuff to the new default templatemh
2011-02-25we need a new line theremh
2011-02-25cleanup renderingmh
2011-02-25fix template syntaxmh
2011-02-25fixing template foomh
2011-02-22fixing mode stuffmh
2011-02-22try to fix a variable problemmh
2011-02-22fix template pathsmh
2011-02-22fix typomh
2011-02-22first way to a unified partial based vhost templatemh
2011-01-30adding htpasswd for proxymh
2010-12-12enable HTS everywheremh
2010-12-06add STS header for enforced SSL sitesmh
* http://en.wikipedia.org/wiki/Strict_Transport_Security This will tell browsers to interact with that site only per HTTPS.
2010-11-04allow setting of additional options for proxy vhostsmh
2010-11-01add possibility to proxy vhostsmh
2010-10-25unify namingmh
2010-10-25improve redirect, so we don't stick on the servernamemh
2010-08-18add missing directive for ssl proxy vhostsmh
2010-08-16impelement itk plus modemh
itk plus mode is an additional mode to deploy itk based hostings which should be a bit more performant. The idea is that we have two apache-instances running: A) prefork based, listening on the external interface B) itk based, listening on the loopback interface A) will serve all static webpages, as well as possibly serve all static content of dynamic websites. All requests to dynamic content will be redirected to B). The idea is that A) doesn't load any modules to server dynamic content at all. B) will serve all the dynamic scripts of a vhost. This will mean that for vhosts (static ones) as well as static content (all none dynamic scripts) we can benefit from the fast prefork model, while we can use itk's security model for all the dynamic scripts. There are two new additional run_modes: - proxy-itk: this just passes all requests to apache instance B). This one is similar to plain itk based mode and should be used for vhosts that shouldn't (yet) changed to the mixed mode. - static-itk: this passes only requests to dynamic scripts to B) while all static content is served by A). Beware that the user with which A) is running should be member of the run group of B) and all static files need to readable by the group. This reduces the security model you have with plain itk, as the prefork apache user will be able to read php (config-) files of any vhost that runs in static-itk mode. If you want to keep the level of security for a certain vhost, you need to run the specific vhost in proxy-itk mode. Note 1: you cannot run vhosts in itk mode and others in proxy or static itk mode. There is a duplicate file resource definition that blocks that possibility. Note 2: This mode works currently only on CentOS based systems, as no work have been done so far to implement an init.d script that's able to run 2 apache instances.
2010-08-11introduce logmode featuremh
We are now able to select how apache should log accesses. These modes are: * default: as you would use it * semianonym: no ips are logged for CustomLog, ErrorLog still logs ips * anonym: no ips are logged for CustomLog, ErrorLog is sent to /dev/null * nologs: all logs are sent to /dev/null
2010-06-12add upload_dir to open_base_dir if there is onemh
2010-03-16typo3 partial errors in backend -> disable modsec for /typo3. Errors like ↵Andreas
You don't have permission to access /typo3/alt_doc.php
2010-02-04add rule to be ignored for wordpress, as it prevents additional uploadsmh
2010-01-30migrate missing partsmh
- migrate missing (newly introduced) vhosts - pass relevant_only stuff to subdefines
2010-01-30merged with lavamindmh
2010-01-27typoAndreas
2010-01-27silverstripe htaccess errorsAndreas
2010-01-27silverstripe .htaccessAndreas
2010-01-26module silverstripeAndreas
2010-01-04add $mod_security_relevantonly flag, enabled by default, logs only on ↵Jerome Charaoui
suspicious requests, set to 'false' to log all requests (as before)
2010-01-04source of last change (https logins)Andreas
2010-01-04gallery redirect user logins to httpsAndreas
2010-01-03we have already a default charset flag we manageAndreas
2010-01-02we have already a default charset flag we managemh