forked from pool/apache2
9ac936a203
*) SECURITY: CVE-2024-40898: Apache HTTP Server: SSRF with
mod_rewrite in server/vhost context on Windows (cve.mitre.org)
[boo#1228098]
SSRF in Apache HTTP Server on Windows with mod_rewrite in
server/vhost context, allows to potentially leak NTML hashes to
a malicious server via SSRF and malicious requests.
Users are recommended to upgrade to version 2.4.62 which fixes
this issue.
Credits: Smi1e (DBAPPSecurity Ltd.)
*) SECURITY: CVE-2024-40725: Apache HTTP Server: source code
disclosure with handlers configured via AddType (cve.mitre.org)
[boo#1228097]
A partial fix for CVE-2024-39884 in the core of Apache HTTP
Server 2.4.61 ignores some use of the legacy content-type based
configuration of handlers. "AddType" and similar configuration,
under some circumstances where files are requested indirectly,
result in source code disclosure of local content. For example,
PHP scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.62, which fixes
this issue.
*) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for
"balancer:" URLs set via SetHandler, also allowing for "unix:" sockets
with BalancerMember(s). PR 69168. [Yann Ylavic]
*) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs.
PR 69160 [Yann Ylavic]
*) mod_ssl: Fix crashes in PKCS#11 ENGINE support with OpenSSL 3.2.
[Joe Orton]
*) mod_ssl: Add support for loading certs/keys from pkcs11: URIs
via OpenSSL 3.x providers. [Ingo Franzki <ifranzki linux.ibm.com>]
*) mod_ssl: Restore SSL dumping on trace7 loglevel with OpenSSL >= 3.0.
[Ruediger Pluem, Yann Ylavic]
*) mpm_worker: Fix possible warning (AH00045) about children processes not
terminating timely. [Yann Ylavic]
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=706
57 lines
1.7 KiB
Plaintext
57 lines
1.7 KiB
Plaintext
# Template for a VirtualHost with SSL
|
|
# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf.
|
|
# Files must have the .conf suffix to be loaded.
|
|
#
|
|
# See https://en.opensuse.org/SDB:Apache_installation for further hints
|
|
# about virtual hosts.
|
|
#
|
|
# This is the Apache server configuration file providing SSL support.
|
|
# It contains the configuration directives to instruct the server how to
|
|
# serve pages over an https connection. For detailing information about these
|
|
# directives see http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
|
|
#
|
|
# Do NOT simply read the instructions in here without understanding
|
|
# what they do. They're here only as hints or reminders. If you are unsure
|
|
# consult the online docs. You have been warned.
|
|
#
|
|
|
|
<IfDefine SSL>
|
|
<IfDefine !NOSSL>
|
|
|
|
##
|
|
## SSL Virtual Host Context
|
|
##
|
|
|
|
<VirtualHost _default_:443>
|
|
|
|
# General setup for the virtual host
|
|
DocumentRoot "/srv/www/htdocs"
|
|
#ServerName www.example.com:443
|
|
#ServerAdmin webmaster@example.com
|
|
ErrorLog /var/log/apache2/error_log
|
|
TransferLog /var/log/apache2/access_log
|
|
|
|
# SSL Engine Switch:
|
|
# Enable/Disable SSL for this virtual host.
|
|
SSLEngine on
|
|
|
|
# OCSP Stapling:
|
|
# Enable/Disable OCSP for this virtual host.
|
|
SSLUseStapling on
|
|
|
|
# You can use per vhost certificates if SNI is supported.
|
|
SSLCertificateFile /etc/apache2/ssl.crt/vhost-example.crt
|
|
SSLCertificateKeyFile /etc/apache2/ssl.key/vhost-example.key
|
|
#SSLCertificateChainFile /etc/apache2/ssl.crt/vhost-example-chain.crt
|
|
|
|
# Per-Server Logging:
|
|
# The home of a custom SSL log file. Use this when you want a
|
|
# compact non-error SSL logfile on a virtual host basis.
|
|
CustomLog /var/log/apache2/ssl_request_log ssl_combined
|
|
|
|
</VirtualHost>
|
|
|
|
</IfDefine>
|
|
</IfDefine>
|
|
|