krasnuydyx · November 22, 2017 13:58
diff --git a/httpd.conf b/httpd.conf
 Header set Set-Cookie HttpOnly;Secure
 Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
 Header always set X-XSS-Protection "1; mode=block"
 #Header always append X-Frame-Options SAMEORIGIN
 Header always set X-Content-Type-Options: nosniff
 #Header set Pragma "no-cache"
 #Header set Expires 0

 <IfModule mpm_worker_module>
  ServerLimit          24
  StartServers          3
  MinSpareThreads      10
  MaxSpareThreads      25
  ThreadsPerChild      50
  ThreadLimit          50
  MaxClients          600
  MaxRequestsPerChild   0
 </IfModule>

 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D %{Host}i" combinedhost

 <IfModule mod_ssl.c>
  SSLHonorCipherOrder On
  # Akamai recommended cipher suites
  SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
  SSLProtocol +all -SSLv2 -SSLv3
 </IfModule>
diff --git a/vhost443.conf b/vhost443.conf
 <VirtualHost *:443>
        ServerName site.com
        ServerAlias www.site.com
        
        SSLEngine on   
        SSLCertificateFile    /var/www/ssl/www.site.com.crt
        SSLCertificateKeyFile /var/www/ssl/www.site.com.key
        SSLCACertificateFile  /var/www/ssl/ca-bundle-client.crt

        Header set Set-Cookie HttpOnly;Secure
        
        DocumentRoot /var/www/html
        <Directory /var/www/html>
                AllowOverride All
                Options Includes SymLinksIfOwnerMatch
                FileETag MTime Size
        </Directory>
        
        ScriptAlias /cgi-bin /var/www/cgi-bin/
        
        Alias /stats /var/www/wusage/
        
        CustomLog /var/www/logs/access/access_log combined
        ErrorLog /var/www/logs/error/error_log
 </VirtualHost>
diff --git a/vhost80.conf b/vhost80.conf
 <VirtualHost *:80>
        ServerName site.com
        ServerAlias www.site.com

        FastCgiExternalServer /var/www/cgi-bin/php5.external -socket /var/run/www.socket -idle-timeout 600 -pass-header Authorization -pass-header Content-Type

        ### RT 261056 PCI DSS Compliance ###
        Header set Set-Cookie HttpOnly;Secure
        Header always set X-XSS-Protection "1; mode=block"
        Header always append X-Frame-Options SAMEORIGIN
        Header always set X-Content-Type-Options: nosniff
        ####################################
        
        DocumentRoot /var/www/html
        <Directory /var/www/html>
                AllowOverride All
                Options Includes SymLinksIfOwnerMatch
        </Directory>
        
        ScriptAlias /cgi-bin /var/www/cgi-bin/
        
        Alias /stats /var/www/wusage/
        
        CustomLog /var/www/logs/access/access_log combined
        ErrorLog /var/www/logs/error/error_log
 </VirtualHost>
	Header set Set-Cookie HttpOnly;Secure
	Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
	Header always set X-XSS-Protection "1; mode=block"
	#Header always append X-Frame-Options SAMEORIGIN
	Header always set X-Content-Type-Options: nosniff
	#Header set Pragma "no-cache"
	#Header set Expires 0

	<IfModule mpm_worker_module>
	ServerLimit 24
	StartServers 3
	MinSpareThreads 10
	MaxSpareThreads 25
	ThreadsPerChild 50
	ThreadLimit 50
	MaxClients 600
	MaxRequestsPerChild 0
	</IfModule>

	LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D %{Host}i" combinedhost

	<IfModule mod_ssl.c>
	SSLHonorCipherOrder On
	# Akamai recommended cipher suites
	SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
	SSLProtocol +all -SSLv2 -SSLv3
	</IfModule>
	<VirtualHost *:443>
	ServerName site.com
	ServerAlias www.site.com

	SSLEngine on
	SSLCertificateFile /var/www/ssl/www.site.com.crt
	SSLCertificateKeyFile /var/www/ssl/www.site.com.key
	SSLCACertificateFile /var/www/ssl/ca-bundle-client.crt

	Header set Set-Cookie HttpOnly;Secure

	DocumentRoot /var/www/html
	<Directory /var/www/html>
	AllowOverride All
	Options Includes SymLinksIfOwnerMatch
	FileETag MTime Size
	</Directory>

	ScriptAlias /cgi-bin /var/www/cgi-bin/

	Alias /stats /var/www/wusage/

	CustomLog /var/www/logs/access/access_log combined
	ErrorLog /var/www/logs/error/error_log
	</VirtualHost>
	<VirtualHost *:80>
	ServerName site.com
	ServerAlias www.site.com

	FastCgiExternalServer /var/www/cgi-bin/php5.external -socket /var/run/www.socket -idle-timeout 600 -pass-header Authorization -pass-header Content-Type

	### RT 261056 PCI DSS Compliance ###
	Header set Set-Cookie HttpOnly;Secure
	Header always set X-XSS-Protection "1; mode=block"
	Header always append X-Frame-Options SAMEORIGIN
	Header always set X-Content-Type-Options: nosniff
	####################################

	DocumentRoot /var/www/html
	<Directory /var/www/html>
	AllowOverride All
	Options Includes SymLinksIfOwnerMatch
	</Directory>

	ScriptAlias /cgi-bin /var/www/cgi-bin/

	Alias /stats /var/www/wusage/

	CustomLog /var/www/logs/access/access_log combined
	ErrorLog /var/www/logs/error/error_log
	</VirtualHost>