| blob | 542060c48de7be677b37bfa57bbdcb0497ceb107 |
1 ## To convert this file to apache.conf using the current Girocco::Config
2 ## values either do "make" or "make apache.conf" or ./make-apache-conf.sh
3 ##
4 # This is an example configuration of a virtualhost running Girocco, as set up
5 # at repo.or.cz; unfortunately, somewhat independent from Girocco::Config.
6 # It is not essential for Girocco to use a special virtualhost, however.
7 <VirtualHost *:80>
9 # ---- BEGIN LINES TO DUPLICATE ----
11 ServerName @@httpdnsname@@
12 ServerAlias www.@@httpdnsname@@
13 ServerAdmin @@admin@@
15 # This is the standard "combined" log format modified as follows:
16 # the REMOTE_USER (%u) has double-quotes around it
17 # the received time is shown as [YYYY-mm-dd_HH:MM:SS +hhmm] (almost RFC 3339 format)
18 # -- this is one character shorter than the default but sorts so much better
19 # when the logio_module is present (almost always) the %O value is prefixed with:
20 # %I-> -- <bytes-received-including-request-and-headers>
21 # the first line of the request ("%r") is prefixed with
22 # %X%k: -- <connection-status><keepalive-request-num>
23 # <keepalive-request-num> will be omitted if apache < 2.2.11
24 # these fields are added to the end:
25 # :%{local}p -- :<actual-server-port>
26 # %Dus -- <request-time-in-microseconds>
27 # "%o{Content-Range}" -- <outgoing Content-Range header>
28 <IfVersion >= 2.2.11>
29 LogFormat "%h %l \"%u\" %{[%F_%T %z]}t %X%k:\"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" :%{local}p %Dus \"%{Content-Range}o\"" girocco
30 </IfVersion>
31 <IfVersion !>= 2.2.11>
32 LogFormat "%h %l \"%u\" %{[%F_%T %z]}t %X:\"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" :%{local}p %Dus \"%{Content-Range}o\"" girocco
33 </IfVersion>
34 <IfModule logio_module>
35 # %I and %O are only available with the logio_module
36 <IfVersion >= 2.2.11>
37 LogFormat "%h %l \"%u\" %{[%F_%T %z]}t %X%k:\"%r\" %>s %I->%O \"%{Referer}i\" \"%{User-Agent}i\" :%{local}p %Dus \"%{Content-Range}o\"" girocco
38 </IfVersion>
39 <IfVersion !>= 2.2.11>
40 LogFormat "%h %l \"%u\" %{[%F_%T %z]}t %X:\"%r\" %>s %I->%O \"%{Referer}i\" \"%{User-Agent}i\" :%{local}p %Dus \"%{Content-Range}o\"" girocco
41 </IfVersion>
42 </IfModule>
44 # If your distribution does not set APACHE_LOG_DIR before
45 # starting Apache you will need to edit the next two directives
46 ErrorLog "${APACHE_LOG_DIR}/@@nickname@@-error.log"
47 CustomLog "${APACHE_LOG_DIR}/@@nickname@@-access.log" girocco
49 <IfModule mime_magic_module>
50 # Avoid spurious Content-Type values when git-http-backend
51 # fails to provide a Content-Type header in its output
52 MimeMagicFile /dev/null
53 </IfModule>
55 DocumentRoot @@webroot@@
56 <Directory @@webroot@@>
57 # Add MultiViews only if pages are truly
58 # offered in more than a single language
59 # FollowSymLinks or SymLinksIfOwnerMatch is required for .htaccess files
60 Options FollowSymLinks
61 # FileInfo (or All) must be enabled to activate .htaccess file mod_rewrite rules
62 AllowOverride All
63 <IfVersion < 2.3>
64 Order allow,deny
65 Allow from all
66 Satisfy all
67 </IfVersion>
68 <IfVersion >= 2.3>
69 Require all granted
70 </IfVersion>
71 DirectoryIndex w
72 </Directory>
74 # The non-mod_rewrite items are handled first where the magic /[bchrw]
75 # prefix always forces selection of the prefix-indicated cgi handler.
77 ScriptAlias /w @@cgiroot@@/gitweb.cgi
78 ScriptAlias /b @@cgiroot@@/bundles.cgi
79 AliasMatch ^/h/(.*\.html)$ @@cgiroot@@/html/$1
80 ScriptAliasMatch ^/(?!(?i)gitweb\.cgi|bundles\.cgi|html\.cgi(?:/|$))([^/]+\.cgi(?:/.*)?)$ @@cgiroot@@/$1
82 # Any requests without the magic /[bchrw] are treated as Git requests if they
83 # are one of the few possible Git URLs otherwise they go to bundles or gitweb
85 # Change the setting of $SmartHTTPOnly in Girocco::Config.pm to
86 # change whether or not non-smart HTTP fetch access will be allowed.
88 <IfDefine !@@SmartHTTPOnly@@>
89 # This accelerates non-smart HTTP access to loose objects, packs and info
90 AliasMatch \
91 "(?x)^/(?![bchw]/)(?:r/)? \
92 ((?:[a-zA-Z0-9][a-zA-Z0-9+._-]*(?<!\.git)/)*[a-zA-Z0-9][a-zA-Z0-9+._-]*?)(?:\.git)?/( \
93 HEAD | \
94 objects/info/alternates | \
95 objects/info/http-alternates | \
96 objects/info/packs | \
97 objects/[0-9a-f]{2}/[0-9a-f]{38} | \
98 objects/pack/pack-[0-9a-f]{40}\.(?:pack|idx) )$" \
99 @@reporoot@@/$1.git/$2
100 </IfDefine>
102 # SetEnv GIT_HTTP_BACKEND_BIN to override Config.pm $git_http_backend_bin
103 ScriptAlias /r/ @@basedir@@/bin/git-http-backend-verify/
105 ScriptAliasMatch \
106 "(?x)^/(?![bchrw]/) \
107 ((?:[a-zA-Z0-9][a-zA-Z0-9+._-]*(?<!\.git)/)*[a-zA-Z0-9][a-zA-Z0-9+._-]*?)(?:\.git)?/( \
108 info/refs | \
109 git-upload-pack | \
110 git-receive-pack | \
111 [a-zA-Z0-9][a-zA-Z0-9+._-]*\.bundle )$" \
112 @@basedir@@/bin/git-http-backend-verify/$1.git/$2
114 # Everything else off to bundles.cgi or gitweb.cgi
115 ScriptAliasMatch \
116 "(?x)^/(?![bchrw]/) \
117 ((?:[a-zA-Z0-9][a-zA-Z0-9+._-]*(?<!\.git)/)*[a-zA-Z0-9][a-zA-Z0-9+._-]*?\.git/bundles)$" \
118 @@cgiroot@@/bundles.cgi/$1
119 ScriptAliasMatch \
120 "(?x)^/(?![bchrw]/) \
121 ((?:[a-zA-Z0-9][a-zA-Z0-9+._-]*(?<!\.git)/)*[a-zA-Z0-9][a-zA-Z0-9+._-]*?\.git(?!/bundles)(?:/.*)?)$" \
122 @@cgiroot@@/gitweb.cgi/$1
124 # mod_rewrite is not strictly required for gitweb and fetch access, but
125 # if it's not available the trailing ".git" is never optional for
126 # gitweb, the leading /h is always required for *.html, snapshots are
127 # not throttled, some bogus Git http protocol requests will not be
128 # detected early and, if non-smart HTTP is allowed, access to the
129 # /info/refs file will not be accelerated in non-smart HTTP mode.
131 <IfModule rewrite_module>
132 RewriteEngine On
134 # Snapshot/blob_plain requests are only allowed via the PATH_INFO mechanism
135 RewriteCond %{QUERY_STRING} (^|[&;])a=(?:snapshot|blob_plain)([&;]|$) [NC]
136 RewriteRule .? - [NS,F,L]
138 # Redirect snapshot requests to snapshot.cgi
139 RewriteRule \
140 "(?x)^/(?![bchr]/)(?:w/)? \
141 ((?:[a-zA-Z0-9][a-zA-Z0-9+._-]*(?<!\.git)/)*[a-zA-Z0-9][a-zA-Z0-9+._-]*?\.git/ \
142 snapshot(?:/.*)?)$" \
143 @@cgiroot@@/snapshot.cgi/$1 [NS,L,H=cgi-script]
145 # Detect blob_plain requests with is_blob_plain
146 RewriteRule \
147 "(?x)^/(?![bchr]/)(?:w/)? \
148 ((?:[a-zA-Z0-9][a-zA-Z0-9+._-]*(?<!\.git)/)*[a-zA-Z0-9][a-zA-Z0-9+._-]*?\.git)/ \
149 blob_plain(?:/.*)?$" \
150 - [E=is_blob_plain:$1]
152 # Reject blob_plain requests if .no_blob_plain file exists and is not zero bytes
153 RewriteCond "%{ENV:is_blob_plain}" !=""
154 RewriteCond "@@reporoot@@/%{ENV:is_blob_plain}/.no_blob_plain" -s
155 RewriteRule ^ - [NS,F]
157 # Reject blob_plain requests if .no_blob_plain file exists AND mismatched Referer
158 # We require the referer host and port and git project to match the current request
159 RewriteCond "%{ENV:is_blob_plain}" !=""
160 RewriteCond "@@reporoot@@/%{ENV:is_blob_plain}/.no_blob_plain" -f
161 RewriteRule ^ - [C,E=is_blob_ref:1]
162 RewriteRule ^ - [C,E=ref_host:]
163 RewriteRule ^ - [E=ref_path:]
164 RewriteCond "%{ENV:is_blob_ref}" =1
165 RewriteCond "%{HTTP_REFERER}" "^https?://(?:[^@/]*@)?([^@:/?#]+(?::[0-9]+)?)"
166 RewriteRule ^ - [E=ref_host:%1]
167 RewriteCond "%{ENV:is_blob_ref}" =1
168 RewriteCond "%{HTTP_REFERER}" "^https?://(?:[^@/]*@)?[^@:/?#]+(?::[0-9]*)?(?:/w)?(.*)$"
169 RewriteRule ^ - [E=ref_path:%1]
170 RewriteCond "%{ENV:is_blob_ref}" =1
171 RewriteCond "@%{HTTP_HOST}=%{ENV:ref_host}@" "!^@([^=]*)=\1@$" [NC,OR]
172 RewriteCond "@/%{ENV:is_blob_plain}=%{ENV:ref_path}" "!^@([^=]*)=\1(?:[/?#]|$)"
173 RewriteRule ^ - [NS,F]
175 # Make the leading /h optional for requests that name an existing .html template
176 RewriteCond @@webroot@@/$1 !-f
177 RewriteCond @@cgiroot@@/$1 !-f
178 RewriteCond @@cgiroot@@/html/$1 -s
179 RewriteRule \
180 ^/(?![bchrw]/)(.*\.html)$ \
181 /h/$1 [NS,PT]
183 # Redirect bare gitweb requests without .git that name an existing repo...
184 RewriteCond @@webroot@@/$2 !-f
185 RewriteCond @@cgiroot@@/$2 !-f
186 RewriteCond @@reporoot@@/$2.git/HEAD -s
187 RewriteRule \
188 "(?x)^/(?![bchr]/)((?:w/)?) \
189 ((?:[a-zA-Z0-9][a-zA-Z0-9+._-]*(?<!\.git)/)*[a-zA-Z0-9][a-zA-Z0-9+._-]*(?<!\.git))$" \
190 /$1$2.git [NS,L,R=301]
192 # Of the 11 possible Git protocol URLs (i.e. passed to git-http-backend-verify),
193 # 9 are only valid with GET/HEAD and the other two are only valid with POST
194 # Furthermore, 7 are only valid when non-smart is allowed and
195 # 1 is only valid when smart-only is enabled if it has the correct query string.
197 # These two always require POST
198 RewriteCond %{REQUEST_METHOD} !=POST
199 RewriteRule \
200 "(?x)^/(?![bchw]/)(?:r/)? \
201 (?:[a-zA-Z0-9][a-zA-Z0-9+._-]*(?<!\.git)/)*[a-zA-Z0-9][a-zA-Z0-9+._-]*?(?:\.git)?/(?: \
202 git-upload-pack | \
203 git-receive-pack )$" \
204 - [NS,F]
206 <IfDefine @@SmartHTTPOnly@@>
207 # These 7 are always forbidden when non-smart HTTP is disabled
208 RewriteRule \
209 "(?x)^/(?![bchw]/)(?:r/)? \
210 (?:[a-zA-Z0-9][a-zA-Z0-9+._-]*(?<!\.git)/)*[a-zA-Z0-9][a-zA-Z0-9+._-]*?(?:\.git)?/(?: \
211 HEAD | \
212 objects/info/alternates | \
213 objects/info/http-alternates | \
214 objects/info/packs | \
215 objects/[0-9a-f]{2}/[0-9a-f]{38} | \
216 objects/pack/pack-[0-9a-f]{40}\.(?:pack|idx) )$" \
217 - [NS,F]
218 # This one is forbidden without the magic query string when non-smart is disabled
219 RewriteCond %{REQUEST_METHOD} !^(?:GET|HEAD)$ [OR]
220 RewriteCond %{QUERY_STRING} !(^|&)service=git-(?:upload|receive)-pack(&|$)
221 RewriteRule \
222 "(?x)^/(?![bchw]/)(?:r/)? \
223 (?:[a-zA-Z0-9][a-zA-Z0-9+._-]*(?<!\.git)/)*[a-zA-Z0-9][a-zA-Z0-9+._-]*?(?:\.git)?/ \
224 info/refs $" \
225 - [NS,F]
226 # This one requires GET (or HEAD)
227 RewriteCond %{REQUEST_METHOD} !^(?:GET|HEAD)$
228 RewriteRule \
229 "(?x)^/(?![bchw]/)(?:r/)? \
230 (?:[a-zA-Z0-9][a-zA-Z0-9+._-]*(?<!\.git)/)*[a-zA-Z0-9][a-zA-Z0-9+._-]*?(?:\.git)?/ \
231 [a-zA-Z0-9][a-zA-Z0-9+._-]*\.bundle $" \
232 - [NS,F]
233 </IfDefine>
235 <IfDefine !@@SmartHTTPOnly@@>
236 # These 9 require GET (or HEAD)
237 RewriteCond %{REQUEST_METHOD} !^(?:GET|HEAD)$
238 RewriteRule \
239 "(?x)^/(?![bchw]/)(?:r/)? \
240 (?:[a-zA-Z0-9][a-zA-Z0-9+._-]*(?<!\.git)/)*[a-zA-Z0-9][a-zA-Z0-9+._-]*?(?:\.git)?/(?: \
241 HEAD | \
242 info/refs | \
243 objects/info/alternates | \
244 objects/info/http-alternates | \
245 objects/info/packs | \
246 objects/[0-9a-f]{2}/[0-9a-f]{38} | \
247 objects/pack/pack-[0-9a-f]{40}\.(?:pack|idx) | \
248 [a-zA-Z0-9][a-zA-Z0-9+._-]*\.bundle )$" \
249 - [NS,F]
250 # This one can be accelerated when accessed with non-smart HTTP
251 RewriteCond %{REQUEST_METHOD} ^(?:GET|HEAD)$
252 RewriteCond %{QUERY_STRING} !(^|&)service=git-(?:upload|receive)-pack(&|$)
253 RewriteRule \
254 "(?x)^/(?![bchw]/)(?:r/)? \
255 ((?:[a-zA-Z0-9][a-zA-Z0-9+._-]*(?<!\.git)/)*[a-zA-Z0-9][a-zA-Z0-9+._-]*?)(?:\.git)?/ \
256 info/refs $" \
257 @@reporoot@@/$1.git/info/refs [NS,L]
258 </IfDefine>
259 </IfModule>
261 <Directory @@reporoot@@>
262 Options FollowSymLinks
263 AllowOverride None
264 <IfVersion < 2.3>
265 Order allow,deny
266 Allow from all
267 Satisfy all
268 </IfVersion>
269 <IfVersion >= 2.3>
270 Require all granted
271 </IfVersion>
273 <IfModule rewrite_module>
274 # Everything fetched over the non-smart git http
275 # protocol should be an existing file. If the request
276 # is not for an existing file, just send back an error
277 # message without emitting anything into the error log.
278 RewriteEngine On
279 RewriteBase /
280 RewriteCond @@reporoot@@/$1 !-f
281 RewriteRule ^(.*)$ - [NS,R=404,L]
282 </IfModule>
283 </Directory>
285 <Directory @@cgiroot@@>
286 # FollowSymLinks or SymLinksIfOwnerMatch is required for .htaccess files
287 Options SymLinksIfOwnerMatch
288 # FileInfo must be enabled to activate .htaccess file mod_rewrite rules
289 AllowOverride FileInfo
290 <IfVersion < 2.3>
291 Order deny,allow
292 Deny from all
293 Satisfy all
294 </IfVersion>
295 <IfVersion >= 2.3>
296 Require all denied
297 </IfVersion>
298 <Files gitweb.cgi>
299 Options +ExecCGI
300 <IfVersion < 2.3>
301 Order deny,allow
302 Allow from all
303 Satisfy all
304 </IfVersion>
305 <IfVersion >= 2.3>
306 Require all granted
307 </IfVersion>
308 <IfModule !mod_fastcgi.c>
309 <IfModule !mod_fcgid.c>
310 SetHandler cgi-script
311 </IfModule>
312 </IfModule>
314 # Note that in testing mod_fastcgi (in dynamic mode)
315 # was found to be slightly faster than mod_fcgid.
316 #
317 # However, we prefer mod_fcgid if both are available
318 # because we cannot control the server-global settings
319 # of mod_fastcgi's "FastCgiConfig" options.
320 #
321 # In order for gitweb.cgi to run reasonably well as a
322 # mod_fastcgi dynamic FastCGI application, the
323 # "FastCgiConfig" option "-idle-timeout" value needs to
324 # be increased from the default value of "30" to at
325 # least "120", preferably more like "300". But that
326 # will affect ALL dynamic mod_fastcgi applications on
327 # the ENTIRE server, not just gitweb.cgi. Additionally
328 # the "FastCgiConfig" "-restart" option probably ought
329 # to be set as well. Also, unfortunately, there is no
330 # mod_fastcgi option corresponding to mod_fcgid's
331 # MaxRequestsPerProcess option and gitweb.cgi running
332 # in FastCGI mode (without using FCGI::ProcManager) will
333 # always exit after serving 100 requests (a good thing).
334 #
335 # The alternative is to make gitweb.cgi a static
336 # mod_fastcgi application (the "FastCgiServer"
337 # directive), but then the number of running instances
338 # will be fixed at whatever value is chosen for the
339 # "-processes" option rather than being dynamically
340 # adjusted based on load and that's probably undesirable
341 # in most cases unless you run gitweb.cgi under a
342 # front-end that dynamically forks multiple copies of
343 # gitweb.cgi based on the current load. See the CPAN
344 # FCGI::ProcManager::Dynamic module for an example of
345 # how to do this in Perl:
346 #
347 # http://search.cpan.org/search?query=FCGI::ProcManager::Dynamic&mode=module
348 #
349 # So instead we prefer mod_fcgid because we can adjust
350 # the necessary options for good gitweb.cgi behavior
351 # while affecting only gitweb.cgi and having it remain
352 # a dynamic application whose total number of running
353 # instances is adjusted based on current server load.
355 <IfModule mod_fcgid.c>
356 SetHandler fcgid-script
357 </IfModule>
358 <IfModule !mod_fcgid.c>
359 <IfModule mod_fastcgi.c>
360 SetHandler fastcgi-script
361 </IfModule>
362 </IfModule>
363 </Files>
364 <FilesMatch ^(?!(?i)gitweb\.cgi$).*\.cgi$>
365 Options +ExecCGI
366 SetHandler cgi-script
367 <IfVersion < 2.3>
368 Order deny,allow
369 Allow from all
370 Satisfy all
371 </IfVersion>
372 <IfVersion >= 2.3>
373 Require all granted
374 </IfVersion>
375 </FilesMatch>
376 </Directory>
377 <Directory @@cgiroot@@/html>
378 <IfVersion < 2.3>
379 Order deny,allow
380 Allow from all
381 Satisfy all
382 </IfVersion>
383 <IfVersion >= 2.3>
384 Require all granted
385 </IfVersion>
386 <Files *.html>
387 ForceType "text/html; charset=utf-8"
388 </Files>
389 </Directory>
391 <IfModule mod_fcgid.c>
392 # mod_fcgid benefits from some additional config for gitweb.cgi
393 # gitweb.cgi has a hard-coded maximum of 100 requests
394 # and we do not want to give up too soon in case Git is lagging.
395 # Note that adding a 'MaxProcesses ...' option here may be valuable
396 # to limit the maximum number of gitweb.cgi processes that can be
397 # spawned (default is 100) -- perhaps to something much lower such
398 # as 1 or 2 times the number of CPU cores. Also note that in the
399 # unlikely event all the children finish their 100 requests at the
400 # same time, the server's FcgidSpawnScoreUpLimit (which defaults
401 # to 10 if not set) should be set to at least 3 times the
402 # MaxProcesses value chosen to allow them all to respawn
403 # immediately. FcgidSpawnScoreUpLimit MUST be at least twice the
404 # chosen MaxProcesses value (assuming FcgidTerminationScore is
405 # still set to the default 2) in order to allow any child at all to
406 # respawn immediately in this case without a delay.
407 FcgidCmdOptions @@cgiroot@@/gitweb.cgi \
408 MaxRequestsPerProcess 100 IOTimeout 300
409 </IfModule>
411 <Directory @@basedir@@/bin>
412 Options None
413 AllowOverride None
414 <IfVersion < 2.3>
415 Order deny,allow
416 Deny from all
417 Satisfy all
418 </IfVersion>
419 <IfVersion >= 2.3>
420 Require all denied
421 </IfVersion>
422 <Files git-http-backend-verify>
423 Options ExecCGI
424 SetHandler cgi-script
425 <IfVersion < 2.3>
426 Order deny,allow
427 Allow from all
428 Satisfy all
429 </IfVersion>
430 <IfVersion >= 2.3>
431 Require all granted
432 </IfVersion>
433 </Files>
434 </Directory>
436 # ---- END LINES TO DUPLICATE ----
438 </VirtualHost>
441 # Change the setting of $TLSHost in Girocco::Config.pm to change
442 # whether or not the following https virtual host is enabled.
444 <IfDefine @@TLSHost@@>
446 # This is an example configuration of an https virtualhost running Girocco, as set
447 # up at repo.or.cz; unfortunately, completely independent from Girocco::Config.
448 # It is not essential for Girocco to use a special virtualhost, however.
449 # The Config.pm $httpspushurl variable needs to be defined to properly enable
450 # https pushing.
451 <VirtualHost *:443>
453 # These certificate files will all be automatically generated, but the
454 # paths here may need to be corrected to match the paths
455 # (especially $certsdir) from Config.pm
457 SSLCertificateFile @@certsdir@@/girocco_www_crt.pem
458 SSLCertificateKeyFile @@certsdir@@/girocco_www_key.pem
459 SSLCertificateChainFile @@certsdir@@/girocco_www_chain.pem
460 # When using a www server cert signed by a pre-trusted root, only
461 # the above three lines should be changed. Changing either of the
462 # below two lines will likely break https client authentication.
463 SSLCACertificateFile @@certsdir@@/girocco_root_crt.pem
464 SSLCADNRequestFile @@certsdir@@/girocco_client_crt.pem
466 SSLVerifyDepth 3
467 SSLOptions +FakeBasicAuth +StrictRequire
468 SSLEngine on
470 # This configuration allows fetching over https without a certificate
471 # while always requiring a certificate for pushing over https
472 RewriteEngine On
473 SSLVerifyClient optional
474 RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$ [NC]
475 RewriteCond %{QUERY_STRING} (^|&)service=git-receive-pack(&|$) [NC]
476 RewriteRule /info/refs$ - [NC,NS,env=client_auth_required:1]
477 RewriteCond %{REQUEST_METHOD} =POST [NC]
478 RewriteRule /git-receive-pack$ - [NC,NS,env=client_auth_required:1]
479 RewriteCond %{ENV:client_auth_required} 1
480 RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
481 RewriteRule .? %{REQUEST_URI} [NS,R=401]
482 <Location />
483 SSLRequireSSL
484 SSLOptions +FakeBasicAuth
485 AuthName "Git Client Authentication"
486 AuthType Basic
487 AuthBasicProvider anon
488 Anonymous *
489 <IfVersion < 2.3>
490 Order deny,allow
491 Deny from env=client_auth_required
492 Satisfy any
493 Require valid-user
494 </IfVersion>
495 <IfVersion >= 2.3>
496 <RequireAny>
497 <RequireAll>
498 Require all granted
499 Require not env client_auth_required
500 </RequireAll>
501 Require valid-user
502 </RequireAny>
503 </IfVersion>
504 </Location>
505 ErrorDocument 401 /authrequired.cgi
507 # ---- BEGIN DUPLICATE LINES ----
508 ##
509 ## *** IMPORTANT ***
510 ##
511 ## ALL the entire contents from the <VirtualHost *:80> section at the top of
512 ## this file must be copied here.
513 ##
514 ## To avoid this duplication, the contents of the <VirtualHost *:80> section
515 ## above can be moved to a separate file and then included both here and in
516 ## the <VirtualHost *:80> section using an Include directive. Be careful not
517 ## to place the new include file in one of the directories the standard apache
518 ## configuration blindly includes all files from.
519 ##
520 # ---- END DUPLICATE LINES ----
522 </VirtualHost>
524 </IfDefine>