Project

General

Profile

[Solved] How to detect if there is a bad user/password in... » lighttpd.conf

lighttpd.conf in HTTP+HTTPS - pamandine, 2022-06-22 12:54

 
#################################
# BASIC CONF
#################################

static-file.exclude-extensions += (".py", ".pyc")
server.document-root ="/bin/XXXXX/modules/web"
server.errorlog = "/logs/lighttpd-error.log"

server.modules = (
"mod_rewrite",
"mod_redirect",
"mod_alias",
"mod_auth",
"mod_authn_file",
"mod_access",
"mod_setenv",
"mod_cgi",
"mod_fastcgi",
"mod_usertrack",
"mod_evasive",
"mod_accesslog",
"mod_openssl",
)
## mimetype mapping
mimetype.assign = (
".gif" => "image/gif",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".png" => "image/png",
".css" => "text/css",
".html" => "text/html",
".js" => "text/javascript",
# make the default mime type application/octet-stream.
"" => "application/octet-stream"
)

# Use the "Content-Type" extended attribute to obtain mime type if possible
mimetype.use-xattr = "enable"


## send a different Server: header
## be nice and keep it at lighttpd
# server.tag = "lighttpd"

#################################
# HTTP
#################################

server.port = 80

#################################
# HTTPS
#################################

#IPV4
#This is used only when HTTP+HTTPS is enabled
$SERVER["socket"] == "0.0.0.0:443" { # <HTTP+HTTPS>
ssl.engine = "enable" # <HTTP+HTTPS>
ssl.pemfile = "/media/FLASH0/.cfg/ssl.pem" # <HTTP+HTTPS>
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" # <HTTP+HTTPS>
ssl.openssl.ssl-conf-cmd = ("Protocol" => "all, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1") # <HTTP+HTTPS>
} # <HTTP+HTTPS>

#IPV6
$SERVER["socket"] == "[::]:443" { # <HTTP+HTTPS>
ssl.engine = "enable" # <HTTP+HTTPS>
ssl.pemfile = "/media/FLASH0/.cfg/ssl.pem" # <HTTP+HTTPS>
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" # <HTTP+HTTPS>
ssl.openssl.ssl-conf-cmd = ("Protocol" => "all, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1") # <HTTP+HTTPS>
} # <HTTP+HTTPS>

##
## Use IPv6?
##
#server.use-ipv6 = "enable"

#################################
# ACCESS LOG
#################################

accesslog.filename = "/logs/lighttpd-access.log"
debug.log-request-handling = "enable"
debug.log-state-handling = "enable"
debug.log-request-header="enable"
debug.log-response-header="enable"

#################################
# BASIC CONF
#################################

server.max-connections = 20

fastcgi.server = ("/app.fcgi" => ((
"socket" => "/tmp/lighttpd/app-fcgi-"+var.PID+".sock", # For gracefully restart
"bin-path" => "/bin/XXXXX/modules/web/app.fcgi",
"check-local" => "disable",
"max-procs" => 1,
"idle-timeout" => 120 # To close after 2 minutes
)))
fastcgi.debug = 1

alias.url = (
"/static/" => "/bin/XXXXX/modules/web/static/"
)

url.rewrite-once = (
"^(/static($|/.*))$" => "$1",
"^(/.*)$" => "/app.fcgi$1"
)

##
## Authentication
##
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/tmp/lighttpd/lighttpd.users"

#Status And Configuration pages
auth.require = ( "/" =>
(
"method" => "digest",
"realm" => "XXXXX",
"require" => "valid-user"
)
)

#Product Hidden Config
$HTTP["url"] =~ "YYYYY" {
auth.require = ( "" =>
(
"method" => "digest",
"realm" => "YYYYY",
"require" => "user=Tech"
)
)
}





(2-2/2)