hydra/examples/hydra.conf

# Hydra v0.0.2 configuration file
# File format has is similar but no identical to the format of Boa v0.94
# version changes are noted in the comments
#
# The Hydra configuration file is parsed with a lex/yacc or flex/bison
# generated parser.  If it reports an error, the line number will be
# provided; it should be easy to spot.  The syntax of each of these
# rules is very simple, and they can occur in any order.  Where possible
# these directives mimic those of NCSA httpd 1.3; I saw no reason to 
# introduce gratuitous differences.

# $Id: hydra.conf,v 1.21 2003/01/22 07:51:49 nmav Exp $

# ServerRoot: The directory the .html (and related) files are placed.
ServerRoot /var/www

# number of threads to spawn
# One thread might be ok for a single CPU system, but in some systems, 
# performance may be increased by using a pool of 4-5 threads.
Threads 4

# Maximum number of concurent connections. If connections arrive after
# the given limit has been reached, then they will not be served, until
# some established connections close. If you do not set it, or set it to
# 0, then the default behaviour takes effect, which is to try to serve
# as much connections as possible (depends on system limits).
#MaxConnections 0
#MaxSSLConnections 0

# Port: The port Hydra runs on.  The default port for http servers is 80.
# If it is less than 1024, the server must be started as root.

Port 80

# Listen: the Internet address to bind(2) to.  If you leave it out,
# it takes the behavior before 0.93.17.2, which is to bind to all
# addresses (INADDR_ANY).  You only get one "Listen" directive,
# if you want service on multiple IP addresses, you have three choices:
#    1. Run hydra without a "Listen" directive
#       a. All addresses are treated the same; makes sense if the addresses
#          are localhost, ppp, and eth0.
#       b. Use the VirtualHost directive below to point requests to different
#          files.  Should be good for a very large number of addresses (web
#          hosting clients).
#    2. Run one copy of hydra per IP address, each has its own configuration
#       with a "Listen" directive.  No big deal up to a few tens of addresses.
#       Nice separation between clients.
# The name you provide gets run through inet_aton(3), so you have to use dotted
# quad notation.  This configuration is too important to trust some DNS.

#Listen 192.68.0.5

#  User: The name or UID the server should run as.
# Group: The group name or GID the server should run as.

User nobody
Group nogroup

# ServerAdmin: The email address where server problems should be sent.
# Note: this is not currently used, except as an environment variable
# for CGIs.

#ServerAdmin root@localhost

# PidFile: where to put the pid of the process.
# Comment out to write no pid file.
# Note: Because Boa drops priviledges at startup, and the
# pid file is written by the UID/GID before doing so, Boa
# does not attempt removal of the pid file.
# PidFile /var/run/hydra.pid

# ErrorLog: The location of the error log file. If this does not start
# with /, it is considered relative to the server root.
# Set to /dev/null if you don't want errors logged.
# If unset, defaults to /dev/stderr

ErrorLog /var/log/hydra/error_log
# Please NOTE: Sending the logs to a pipe ('|'), as shown below,
#  is somewhat experimental and might fail under heavy load.
# "Usual libc implementations of printf will stall the whole
#  process if the receiving end of a pipe stops reading."
#ErrorLog "|/usr/sbin/cronolog --symlink=/var/log/hydra/error_log /var/log/hydra/error-%Y%m%d.log"

# AccessLog: The location of the access log file. If this does not
# start with /, it is considered relative to the server root.
# Comment out or set to /dev/null (less effective) to disable 
# Access logging.

AccessLog /var/log/hydra/access_log
# Please NOTE: Sending the logs to a pipe ('|'), as shown below,
#  is somewhat experimental and might fail under heavy load.
# "Usual libc implementations of printf will stall the whole
#  process if the receiving end of a pipe stops reading."
#AccessLog  "|/usr/sbin/cronolog --symlink=/var/log/hydra/access_log /var/log/hydra/access-%Y%m%d.log"

# CGILog /var/log/hydra/cgi_log
# CGILog: The location of the CGI stderr log file. If this does not
# start with /, it is considered relative to the server root.
# The log file would contain any contents send to /dev/stderr
# by the CGI. If this is commented out, it defaults to whatever
# ErrorLog points.  Set to /dev/null to disable CGI stderr logging.
# Please NOTE: Sending the logs to a pipe ('|'), as shown below,
#  is somewhat experimental and might fail under heavy load.
# "Usual libc implementations of printf will stall the whole
#  process if the receiving end of a pipe stops reading."
#CGILog  "|/usr/sbin/cronolog --symlink=/var/log/hydra/cgi_log /var/log/hydra/cgi-%Y%m%d.log"

# CGIumask 027 (no mask for user, read-only for group, and nothing for user)
# CGIumask 027
# The CGIumask is set immediately before execution of the CGI.

# UseLocaltime: Logical switch.  Uncomment to use localtime 
# instead of UTC time
#UseLocaltime

# VerboseCGILogs: this is just a logical switch.
#  It simply notes the start and stop times of cgis in the error log
# Comment out to disable.

#VerboseCGILogs

# ServerName: the name of this server that should be sent back to 
# clients if different than that returned by gethostname + gethostbyname 

#ServerName www.your.org.here

# VirtualHost: Setup any virtual hosts (host based)
# Comment out to disable.
# It needs to specify the HostName, the IP (use '*' if all),
# the DocumentRoot and the UserDir (if any).
# UserDir is the name of the directory which is appended onto a user's home
# directory if a ~user request is received.
#
# Example: 
# VirtualHost www.dot.com * /var/www public_html
# VirtualHost www.dot.com 127.0.0.1 /var/www ""
#

#VirtualHost www.dot.com * /var/www ""

# DocumentRoot: The root directory of the HTML documents.
# Comment out to disable server non user files.
#
# Note that if VirtualHost is enabled, this will be the fallback
# for the clients that did not supply any host.

DocumentRoot /var/www

# DirectoryIndex: Name of the file to use as a pre-written HTML
# directory index.  Please MAKE AND USE THESE FILES.  On the
# fly creation of directory indexes can be _slow_.
# You can use more than one directory index by adding this
# directive several times.
# Comment out to always use DirectoryMaker

DirectoryIndex index.html

# DirectoryMaker: Name of program used to create a directory listing.
# Comment out to disable directory listings.  If both this and
# DirectoryIndex are commented out, accessing a directory will give
# an error (though accessing files in the directory are still ok).

DirectoryMaker /usr/lib/hydra/boa_indexer

# DirectoryCache: If DirectoryIndex doesn't exist, and DirectoryMaker
# has been commented out, the the on-the-fly indexing of Hydra can be used
# to generate indexes of directories. Be warned that the output is 
# extremely minimal and can cause delays when slow disks are used.
# Note: The DirectoryCache must be writable by the same user/group that 
# Hydra runs as.

# DirectoryCache /var/spool/hydra/dircache

# MaxFilesCache: Number of files to keep in file cache memory
# Set to 0 to disable file caching.

MaxFilesCache 256

# MaxFileSizeCache: The maximum size that a file should have in order to
# be added to the file cache.
# Comment out, to use the default value.

MaxFileSizeCache 131072

# KeepAliveMax: Number of KeepAlive requests to allow per connection
# Comment out, or set to 0 to disable keepalive processing

KeepAliveMax 1000

# KeepAliveTimeout: seconds to wait before keepalive connection times out

KeepAliveTimeout 10

# MimeTypes: This is the file that is used to generate mime type pairs
# and Content-Type fields for hydra.
# Set to /dev/null if you do not want to load a mime types file.
# Do *not* comment out (better use AddType!)

MimeTypes /etc/mime.types

# DefaultType: MIME type used if the file extension is unknown, or there
# is no file extension.

DefaultType text/plain

# DefaultCharset: The default character set used in text MIME types.

DefaultCharset ISO-8859-1

# CGIPath: The value of the $PATH environment variable given to CGI progs.

CGIPath /bin:/usr/bin:/usr/local/bin

# SinglePostLimit: The maximum allowable number of bytes in 
# a single POST.  Default is normally 1MB.

# AddType: adds types without editing mime.types
# Example: AddType type extension [extension ...]

# Uncomment the next line if you want .cgi files to execute from anywhere
#AddType application/x-httpd-cgi cgi


# Uncomment the following lines if you want .php files to execute from 
# anywhere, using the HIC (internally handled CGI). This is much faster
# than CGIs, since it is handled internally by the server (no fork).

# Use this if you have enabled HIC support, and you have compiled
# PHP as a Hydra (HIC) module. 
#HICModule /usr/lib/libphp4.so "_php" "application/x-httpd-php"


# Use this if you want CGIs to execute from anywhere, using the CGIAction. 
# This will not try to execute the given scripts, but will associate the 
# content type with the given executable.
#CGIAction "/usr/bin/php4" "application/x-httpd-php"


# You may also need these:
#AddType application/x-httpd-php php
#AddType application/x-httpd-php phtml

# number of HIC threads to spawn
# A HIC thread handles requests one after the other. Having several HIC threads
# increases performance in servers that serve a lot of dynamic content.
HICThreads 3

# Redirect, Alias, and ScriptAlias all have the same semantics -- they
# match the beginning of a request and take appropriate action.  Use
# Redirect for other servers, Alias for the same server, and ScriptAlias
# to enable directories for script execution.

# The first argument of Redirect and friends is the virtual server hostname,
# and the directive only applies to the given virtual server. If the directive
# equals "" then the default server is assumed.

# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Example: Redirect www.ourhost.com /bar http://elsewhere/feh/bar

# Aliases: Aliases one path to another.
# Example: Alias www.ourhost.com /path1/bar /absolute/path2/foo

#Alias www.localhost.com /doc /usr/doc

# ScriptAlias: Maps a virtual path to a directory for serving scripts
# Example: ScriptAlias www.ourhost.com /htbin/ /www/htbin/

#ScriptAlias www.localhost.com /cgi-bin/ /usr/lib/cgi-bin/

# An interval, that hydra will be entered in maintenance mode. This
# includes an SSL parameter regeneration, and closing of unused
# open files. This does not involve any downtime. Set to 0 to disable.
MaintenanceInterval 172800 #two days

# Access Control lists per virtual host
# These two directives (Allow/Deny), allow you to specify file
# patterns that will be denied or allowed access. The first argument
# of these directives is a virtual host.

# deny all files that start with a dot in the default host
#Deny "" */.*

# deny all the files that finish with '.inc' in www.localhost.com virtual
# host, but allow access to the public.inc.
#Deny "www.localhost.com" */*.inc
#Allow "www.localhost.com" */public.inc

# non zero enables SSL support
# 0: no SSL support
# 1: only SSL support
# 2: both SSL and non SSL ports
SSL 0

# The port where the SSL server will listen on
SSLPort 4443

# read the certificate from
SSLCertificate cert.pem

# read the private key from
SSLKey key.pem

# read the trusted CA list from
SSLCAList ca.pem

# Whether to verify client. Use 0, or comment out to disable.
# 1 means request a certificate, and verify if a certificate is sent.
# 2 means require a certificate and verify.
# 3 means request a certificate and try to verify. Do not fail if the verification
#   function failed. This is may be useful in CGIs that want to print some error message.
SSLVerifyClient 3

# Number of sessions to cache. This is to support session resuming.
# Set to 0 to disable.
SSLSessionCache 40

# After this time (in seconds) has passed, the stored SSL sessions
# will be expired, and will not be resumed.
SSLSessionTimeout 3600 #one hour

# Set the prime bits used in Diffie Hellman authentication. The parameters
# are only generated if the DHE ciphersuites are enabled.
# Value should be one of 768, 1024, 2048, 4096
SSLDHBits 768


# A comma separated list of the SSL ciphers. Valid selections are:
# ARCFOUR-128, ARCFOUR-40, 3DES, AES
# Note that ARCFOUR-40 is a weak algorithm.
SSLCiphers "AES, 3DES, ARCFOUR-128, ARCFOUR-40"

# A comma separated list of the SSL key exchange methods. Valid selections 
# are: RSA, DHE-RSA, DHE-DSS, RSA-EXPORT
# DHE-DSS can only be used with certificates that hold DSA parameters.
# Note that RSA-EXPORT is a weak algorithm.
SSLKeyExchangeAlgorithms "RSA, RSA-EXPORT"

# This one is by default more secure (offers forward secrecy),
# but more expensive in CPU time. 
#SSLKeyExchangeAlgorithms "DHE-RSA, DHE-DSS, RSA, RSA-EXPORT"

# A comma separated list of the SSL MAC algorithms. Valid selections 
# are: MD5, SHA1, RMD160
SSLMACAlgorithms "SHA1, MD5"

# A comma separated list of the SSL compression methods. Valid selections 
# are: NULL
SSLCompressionMethods "NULL"

# A comma separated list of the SSL protocol versions. Valid selections 
# are: TLS1.1, TLS1.0 and SSL3.0
SSLProtocols "TLS 1.1, TLS1.0, SSL3.0"
1	nmav	1.1	# Hydra v0.0.2 configuration file
2			# File format has is similar but no identical to the format of Boa v0.94
3			# version changes are noted in the comments
4			#
5			# The Hydra configuration file is parsed with a lex/yacc or flex/bison
6			# generated parser. If it reports an error, the line number will be
7			# provided; it should be easy to spot. The syntax of each of these
8			# rules is very simple, and they can occur in any order. Where possible
9			# these directives mimic those of NCSA httpd 1.3; I saw no reason to
10			# introduce gratuitous differences.
11
12	nmav	1.22	# $Id: hydra.conf,v 1.21 2003/01/22 07:51:49 nmav Exp $
13	nmav	1.1
14	andreou	1.20	# ServerRoot: The directory the .html (and related) files are placed.
15			ServerRoot /var/www
16	nmav	1.1
17			# number of threads to spawn
18	nmav	1.6	# One thread might be ok for a single CPU system, but in some systems,
19			# performance may be increased by using a pool of 4-5 threads.
20			Threads 4
21	nmav	1.1
22	nmav	1.10	# Maximum number of concurent connections. If connections arrive after
23			# the given limit has been reached, then they will not be served, until
24			# some established connections close. If you do not set it, or set it to
25			# 0, then the default behaviour takes effect, which is to try to serve
26			# as much connections as possible (depends on system limits).
27	nmav	1.1	#MaxConnections 0
28	nmav	1.21	#MaxSSLConnections 0
29	nmav	1.1
30			# Port: The port Hydra runs on. The default port for http servers is 80.
31			# If it is less than 1024, the server must be started as root.
32
33			Port 80
34
35			# Listen: the Internet address to bind(2) to. If you leave it out,
36			# it takes the behavior before 0.93.17.2, which is to bind to all
37			# addresses (INADDR_ANY). You only get one "Listen" directive,
38			# if you want service on multiple IP addresses, you have three choices:
39			# 1. Run hydra without a "Listen" directive
40			# a. All addresses are treated the same; makes sense if the addresses
41			# are localhost, ppp, and eth0.
42			# b. Use the VirtualHost directive below to point requests to different
43			# files. Should be good for a very large number of addresses (web
44			# hosting clients).
45			# 2. Run one copy of hydra per IP address, each has its own configuration
46			# with a "Listen" directive. No big deal up to a few tens of addresses.
47			# Nice separation between clients.
48			# The name you provide gets run through inet_aton(3), so you have to use dotted
49			# quad notation. This configuration is too important to trust some DNS.
50
51			#Listen 192.68.0.5
52
53			# User: The name or UID the server should run as.
54			# Group: The group name or GID the server should run as.
55
56			User nobody
57			Group nogroup
58
59			# ServerAdmin: The email address where server problems should be sent.
60			# Note: this is not currently used, except as an environment variable
61			# for CGIs.
62
63			#ServerAdmin root@localhost
64
65	nmav	1.15	# PidFile: where to put the pid of the process.
66			# Comment out to write no pid file.
67			# Note: Because Boa drops priviledges at startup, and the
68			# pid file is written by the UID/GID before doing so, Boa
69			# does not attempt removal of the pid file.
70			# PidFile /var/run/hydra.pid
71
72	nmav	1.1	# ErrorLog: The location of the error log file. If this does not start
73			# with /, it is considered relative to the server root.
74			# Set to /dev/null if you don't want errors logged.
75			# If unset, defaults to /dev/stderr
76
77			ErrorLog /var/log/hydra/error_log
78			# Please NOTE: Sending the logs to a pipe ('\|'), as shown below,
79			# is somewhat experimental and might fail under heavy load.
80			# "Usual libc implementations of printf will stall the whole
81			# process if the receiving end of a pipe stops reading."
82			#ErrorLog "\|/usr/sbin/cronolog --symlink=/var/log/hydra/error_log /var/log/hydra/error-%Y%m%d.log"
83
84			# AccessLog: The location of the access log file. If this does not
85			# start with /, it is considered relative to the server root.
86			# Comment out or set to /dev/null (less effective) to disable
87			# Access logging.
88
89			AccessLog /var/log/hydra/access_log
90			# Please NOTE: Sending the logs to a pipe ('\|'), as shown below,
91			# is somewhat experimental and might fail under heavy load.
92			# "Usual libc implementations of printf will stall the whole
93			# process if the receiving end of a pipe stops reading."
94			#AccessLog "\|/usr/sbin/cronolog --symlink=/var/log/hydra/access_log /var/log/hydra/access-%Y%m%d.log"
95	nmav	1.15
96			# CGILog /var/log/hydra/cgi_log
97			# CGILog: The location of the CGI stderr log file. If this does not
98			# start with /, it is considered relative to the server root.
99			# The log file would contain any contents send to /dev/stderr
100			# by the CGI. If this is commented out, it defaults to whatever
101			# ErrorLog points. Set to /dev/null to disable CGI stderr logging.
102			# Please NOTE: Sending the logs to a pipe ('\|'), as shown below,
103			# is somewhat experimental and might fail under heavy load.
104			# "Usual libc implementations of printf will stall the whole
105			# process if the receiving end of a pipe stops reading."
106			#CGILog "\|/usr/sbin/cronolog --symlink=/var/log/hydra/cgi_log /var/log/hydra/cgi-%Y%m%d.log"
107
108			# CGIumask 027 (no mask for user, read-only for group, and nothing for user)
109			# CGIumask 027
110			# The CGIumask is set immediately before execution of the CGI.
111	nmav	1.1
112			# UseLocaltime: Logical switch. Uncomment to use localtime
113			# instead of UTC time
114			#UseLocaltime
115
116			# VerboseCGILogs: this is just a logical switch.
117			# It simply notes the start and stop times of cgis in the error log
118			# Comment out to disable.
119
120			#VerboseCGILogs
121
122			# ServerName: the name of this server that should be sent back to
123			# clients if different than that returned by gethostname + gethostbyname
124
125			#ServerName www.your.org.here
126
127			# VirtualHost: Setup any virtual hosts (host based)
128			# Comment out to disable.
129			# It needs to specify the HostName, the IP (use '*' if all),
130			# the DocumentRoot and the UserDir (if any).
131	nmav	1.21	# UserDir is the name of the directory which is appended onto a user's home
132			# directory if a ~user request is received.
133	nmav	1.1	#
134			# Example:
135			# VirtualHost www.dot.com * /var/www public_html
136			# VirtualHost www.dot.com 127.0.0.1 /var/www ""
137			#
138
139			#VirtualHost www.dot.com * /var/www ""
140
141			# DocumentRoot: The root directory of the HTML documents.
142			# Comment out to disable server non user files.
143			#
144			# Note that if VirtualHost is enabled, this will be the fallback
145			# for the clients that did not supply any host.
146
147			DocumentRoot /var/www
148
149			# DirectoryIndex: Name of the file to use as a pre-written HTML
150			# directory index. Please MAKE AND USE THESE FILES. On the
151			# fly creation of directory indexes can be _slow_.
152			# You can use more than one directory index by adding this
153			# directive several times.
154			# Comment out to always use DirectoryMaker
155
156			DirectoryIndex index.html
157
158			# DirectoryMaker: Name of program used to create a directory listing.
159			# Comment out to disable directory listings. If both this and
160			# DirectoryIndex are commented out, accessing a directory will give
161			# an error (though accessing files in the directory are still ok).
162
163			DirectoryMaker /usr/lib/hydra/boa_indexer
164
165			# DirectoryCache: If DirectoryIndex doesn't exist, and DirectoryMaker
166			# has been commented out, the the on-the-fly indexing of Hydra can be used
167			# to generate indexes of directories. Be warned that the output is
168			# extremely minimal and can cause delays when slow disks are used.
169			# Note: The DirectoryCache must be writable by the same user/group that
170			# Hydra runs as.
171
172			# DirectoryCache /var/spool/hydra/dircache
173
174			# MaxFilesCache: Number of files to keep in file cache memory
175			# Set to 0 to disable file caching.
176
177			MaxFilesCache 256
178
179			# MaxFileSizeCache: The maximum size that a file should have in order to
180			# be added to the file cache.
181			# Comment out, to use the default value.
182
183			MaxFileSizeCache 131072
184
185			# KeepAliveMax: Number of KeepAlive requests to allow per connection
186			# Comment out, or set to 0 to disable keepalive processing
187
188			KeepAliveMax 1000
189
190			# KeepAliveTimeout: seconds to wait before keepalive connection times out
191
192			KeepAliveTimeout 10
193
194			# MimeTypes: This is the file that is used to generate mime type pairs
195			# and Content-Type fields for hydra.
196			# Set to /dev/null if you do not want to load a mime types file.
197			# Do not comment out (better use AddType!)
198
199			MimeTypes /etc/mime.types
200
201			# DefaultType: MIME type used if the file extension is unknown, or there
202			# is no file extension.
203
204			DefaultType text/plain
205
206	nmav	1.21	# DefaultCharset: The default character set used in text MIME types.
207
208			DefaultCharset ISO-8859-1
209
210	nmav	1.1	# CGIPath: The value of the $PATH environment variable given to CGI progs.
211
212			CGIPath /bin:/usr/bin:/usr/local/bin
213
214			# SinglePostLimit: The maximum allowable number of bytes in
215			# a single POST. Default is normally 1MB.
216
217			# AddType: adds types without editing mime.types
218			# Example: AddType type extension [extension ...]
219
220			# Uncomment the next line if you want .cgi files to execute from anywhere
221			#AddType application/x-httpd-cgi cgi
222	nmav	1.2
223	nmav	1.4
224			# Uncomment the following lines if you want .php files to execute from
225			# anywhere, using the HIC (internally handled CGI). This is much faster
226	nmav	1.7	# than CGIs, since it is handled internally by the server (no fork).
227	nmav	1.3
228			# Use this if you have enabled HIC support, and you have compiled
229	nmav	1.5	# PHP as a Hydra (HIC) module.
230	nmav	1.4	#HICModule /usr/lib/libphp4.so "_php" "application/x-httpd-php"
231
232	nmav	1.21
233			# Use this if you want CGIs to execute from anywhere, using the CGIAction.
234			# This will not try to execute the given scripts, but will associate the
235			# content type with the given executable.
236			#CGIAction "/usr/bin/php4" "application/x-httpd-php"
237
238
239	nmav	1.4	# You may also need these:
240			#AddType application/x-httpd-php php
241			#AddType application/x-httpd-php phtml
242
243	nmav	1.6	# number of HIC threads to spawn
244	nmav	1.21	# A HIC thread handles requests one after the other. Having several HIC threads
245	nmav	1.6	# increases performance in servers that serve a lot of dynamic content.
246	nmav	1.8	HICThreads 3
247	nmav	1.1
248			# Redirect, Alias, and ScriptAlias all have the same semantics -- they
249			# match the beginning of a request and take appropriate action. Use
250			# Redirect for other servers, Alias for the same server, and ScriptAlias
251			# to enable directories for script execution.
252	nmav	1.16
253			# The first argument of Redirect and friends is the virtual server hostname,
254			# and the directive only applies to the given virtual server. If the directive
255			# equals "" then the default server is assumed.
256	nmav	1.1
257			# Redirect allows you to tell clients about documents which used to exist in
258			# your server's namespace, but do not anymore. This allows you to tell the
259			# clients where to look for the relocated document.
260			# Example: Redirect www.ourhost.com /bar http://elsewhere/feh/bar
261
262			# Aliases: Aliases one path to another.
263			# Example: Alias www.ourhost.com /path1/bar /absolute/path2/foo
264
265			#Alias www.localhost.com /doc /usr/doc
266
267			# ScriptAlias: Maps a virtual path to a directory for serving scripts
268			# Example: ScriptAlias www.ourhost.com /htbin/ /www/htbin/
269
270			#ScriptAlias www.localhost.com /cgi-bin/ /usr/lib/cgi-bin/
271
272	nmav	1.17	# An interval, that hydra will be entered in maintenance mode. This
273			# includes an SSL parameter regeneration, and closing of unused
274			# open files. This does not involve any downtime. Set to 0 to disable.
275			MaintenanceInterval 172800 #two days
276	nmav	1.18
277			# Access Control lists per virtual host
278			# These two directives (Allow/Deny), allow you to specify file
279			# patterns that will be denied or allowed access. The first argument
280			# of these directives is a virtual host.
281
282			# deny all files that start with a dot in the default host
283			#Deny "" /.
284
285			# deny all the files that finish with '.inc' in www.localhost.com virtual
286			# host, but allow access to the public.inc.
287			#Deny "www.localhost.com" /.inc
288			#Allow "www.localhost.com" */public.inc
289	nmav	1.17
290	nmav	1.1	# non zero enables SSL support
291	nmav	1.21	# 0: no SSL support
292	nmav	1.1	# 1: only SSL support
293			# 2: both SSL and non SSL ports
294			SSL 0
295
296			# The port where the SSL server will listen on
297			SSLPort 4443
298
299			# read the certificate from
300			SSLCertificate cert.pem
301
302			# read the private key from
303			SSLKey key.pem
304	nmav	1.11
305			# read the trusted CA list from
306			SSLCAList ca.pem
307
308			# Whether to verify client. Use 0, or comment out to disable.
309			# 1 means request a certificate, and verify if a certificate is sent.
310			# 2 means require a certificate and verify.
311	nmav	1.12	# 3 means request a certificate and try to verify. Do not fail if the verification
312			# function failed. This is may be useful in CGIs that want to print some error message.
313	nmav	1.19	SSLVerifyClient 3
314	nmav	1.1
315			# Number of sessions to cache. This is to support session resuming.
316			# Set to 0 to disable.
317			SSLSessionCache 40
318
319			# After this time (in seconds) has passed, the stored SSL sessions
320			# will be expired, and will not be resumed.
321			SSLSessionTimeout 3600 #one hour
322
323			# Set the prime bits used in Diffie Hellman authentication. The parameters
324			# are only generated if the DHE ciphersuites are enabled.
325			# Value should be one of 768, 1024, 2048, 4096
326			SSLDHBits 768
327
328
329			# A comma separated list of the SSL ciphers. Valid selections are:
330			# ARCFOUR-128, ARCFOUR-40, 3DES, AES
331			# Note that ARCFOUR-40 is a weak algorithm.
332			SSLCiphers "AES, 3DES, ARCFOUR-128, ARCFOUR-40"
333
334			# A comma separated list of the SSL key exchange methods. Valid selections
335			# are: RSA, DHE-RSA, DHE-DSS, RSA-EXPORT
336	nmav	1.13	# DHE-DSS can only be used with certificates that hold DSA parameters.
337	nmav	1.1	# Note that RSA-EXPORT is a weak algorithm.
338			SSLKeyExchangeAlgorithms "RSA, RSA-EXPORT"
339	nmav	1.21
340			# This one is by default more secure (offers forward secrecy),
341			# but more expensive in CPU time.
342			#SSLKeyExchangeAlgorithms "DHE-RSA, DHE-DSS, RSA, RSA-EXPORT"
343	nmav	1.1
344			# A comma separated list of the SSL MAC algorithms. Valid selections
345	nmav	1.22	# are: MD5, SHA1, RMD160
346	nmav	1.1	SSLMACAlgorithms "SHA1, MD5"
347
348			# A comma separated list of the SSL compression methods. Valid selections
349			# are: NULL
350			SSLCompressionMethods "NULL"
351
352			# A comma separated list of the SSL protocol versions. Valid selections
353	nmav	1.22	# are: TLS1.1, TLS1.0 and SSL3.0
354			SSLProtocols "TLS 1.1, TLS1.0, SSL3.0"