apache configuration file add
authorcommunity.cacert.org <community.cacert.org@d4452222-2f33-11de-9270-010000000000>
Thu, 21 May 2009 12:00:24 +0000 (12:00 +0000)
committercommunity.cacert.org <community.cacert.org@d4452222-2f33-11de-9270-010000000000>
Thu, 21 May 2009 12:00:24 +0000 (12:00 +0000)
git-svn-id: http://svn.cacert.cl/Software/Voting/vote@36 d4452222-2f33-11de-9270-010000000000

.htaccess [new file with mode: 0644]

diff --git a/.htaccess b/.htaccess
new file mode 100644 (file)
index 0000000..a189cbe
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1,33 @@
+<IfModule mod_php5.c>
+php_flag        display_errors  Off
+php_flag        log_errors      On
+php_value       error_log       syslog
+
+php_flag        safe_mode                      On
+php_flag        safe_mode_gid                  On
+php_value      open_basedir            /var/www/board
+php_value      safe_mode_exec_dir      /var/empty
+</IfModule>
+
+<FilesMatch "^database.*$">
+       Order Deny,Allow
+       Deny from all
+</FilesMatch>
+
+
+
+
+<FilesMatch "^(motion|vote|proxy)\.php$">
+       # these files require authentication
+       <IfModule mod_ssl.c>
+       SSLOptions +StdEnvVars +ExportCertData
+       SSLUserName SSL_CLIENT_S_DN_Email
+       SSLVerifyClient optional
+               <IfModule mod_rewrite.c>
+               RewriteEngine        on
+               RewriteCond     %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
+               RewriteRule     .? - [F]
+               ErrorDocument 403 "You need a client side certificate issued by CAcert to access this url"
+               </IfModule>
+       </IfModule>
+</FilesMatch>