forked from ph0sph8/LinuxConfigs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
000-default.conf
111 lines (96 loc) · 3.85 KB
/
000-default.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#located /etc/apache2/sites-enabled/000-default.conf
#HTTP and HTTPS config
<VirtualHost *:80>
#[*] Replace Setting below to set hostname to use in Apache once its changes in server settings
#ServerName Replace_Server_Name
#[*] Setting below is for HTTP->HTTPS Redirect on Apache Replace the value below
Redirect permanent / https://ReDir_IP_or_Domain
#[*]SIEM CONFIG
SetEnv backend_name decoy
#SetEnv hostname Replace_Server_Name
SetEnv frontend_name www-http
LogFormat "%t %{hostname}e apache[%P]: frontend:%{frontend_name}e/%A:%{local}p backend:%{backend_name}e client:%h:%{remote}p xforwardedfor:%{X-Forwarded-For}i headers:{%{User-Agent}i|%{Host}i|%{X-Forwarded-For}i|%{X-Forwarded-Proto}i|%{X-Host}i|%{Forwarded}i|%{Via}i|} statuscode:%s request:%r" redelklogformat
CustomLog ${APACHE_LOG_DIR}/access-redelk.log redelklogformat
<Directory /var/www/html>
Options -Indexes -Includes -ExecCGI -MultiViews
AllowOverride none
Order deny,allow
allow from all
LimitRequestBody 52428800
<LimitExcept GET POST>
deny from all
</LimitExcept>
#<Files "ReplaceFIlePath">
#Require method POST
#</Files>
</Directory>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
#LogLevel rewrite trace6
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
#<Files "ReplaceFIlePath">
#Require method POST
#</Files>
<Location />
<RequireAll>
Require all granted
Include /etc/apache2/blacklist.conf
</RequireAll>
</Location>
</VirtualHost>
#[*] RUN 'a2enmod ssl' to enable SSL/TLS Manually
#[*] RUN sudo hostnamectl set-hostname {DOMAIN} (if needed)
#[*] Setup global fqdn apache 'sudo echo "ServerName {Server hostname}" | sudo tee /etc/apache2/conf-available/fqdn.conf '
#[*] Check config syntax 'apache2ctl configtest'
<VirtualHost *:443>
#[*] Replace Setting below to set hostname to use in Apache once its changes in server settings
#ServerName Replace_Server_Name
#Redirect permanent / https://ReDir_IP_or_Domain
#[*] Enable SSL
SSLEngine On
#[*] Enable SSL Proxy
SSLProxyEngine On
#[*] Trust Self-Signed Certificates generated on final dest
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
#[*] The path to the SSL/TLS files
SSLCertificateFile Path_to_crt
SSLCertificateKeyFile PATH_to_Private_key
SSLCertificateChainFile PATH_to_ca_bundle
#[*]SIEM CONFIG
SetEnv backend_name decoy
SetEnv hostname Replace_Server_Name
SetEnv frontend_name www-http
LogFormat "%t %{hostname}e apache[%P]: frontend:%{frontend_name}e/%A:%{local}p backend:%{backend_name}e client:%h:%{remote}p xforwardedfor:%{X-Forwarded-For}i headers:{%{User-Agent}i|%{Host}i|%{X-Forwarded-For}i|%{X-Forwarded-Proto}i|%{X-Host}i|%{Forwarded}i|%{Via}i|} statuscode:%s request:%r" redelklogformat
CustomLog ${APACHE_LOG_DIR}/access-redelk.log redelklogformat
<Directory /var/www/html>
Options Indexes FollowSymLinks -Includes -ExecCGI -MultiViews
Require all granted
AllowOverride All
Order allow,deny
allow from all
LimitRequestBody 52428800
<LimitExcept GET POST>
deny from all
</LimitExcept>
</Directory>
#ADD_WEBDIR
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
#LogLevel rewrite trace6
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
#[*] Uncomment section below to make a file on the system accessable by the web service HTTP POST ONLY
#<Files "FILE_Path_To_POST_only_File">
#Require method POST
#</Files>
<Location />
<RequireAll>
Require all granted
Include /etc/apache2/blacklist.conf
</RequireAll>
</Location>
</VirtualHost>