# customized settings for CAcert webserver

MaxRequestsPerChild	100

ServerAdmin	support@cacert.localhost
ServerName	cacert.localhost

Header always set X-Frame-Options "DENY"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"

DocumentRoot /www/www

<Directory />
    Options -Indexes +Includes +FollowSymLinks
    AllowOverride None
</Directory>

<Directory /www/www>
    Options -Indexes +Includes +FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

<Directory /www/www/docs>
    Options +Indexes +Includes +FollowSymLinks +MultiViews
    AllowOverride None
</Directory>

<Directory /www/stamp>
    Options -Indexes +Includes +FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

UseCanonicalName	off
HostnameLookups		on

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" mod_gzip: %{mod_gzip_compression_ratio}npct. %T %v" full

CustomLog /var/log/apache2/access.log full

ServerSignature	off

AddDefaultCharset on

<IfModule mod_ssl.c>
	# OCSP Stapling, only in httpd 2.3.3 and later
	SSLUseStapling                          off
	SSLStaplingResponderTimeout             5
	SSLStaplingReturnResponderErrors        off
	SSLStaplingCache                        shmcb:${APACHE_RUN_DIR}/ocsp(1280000)
	SSLStaplingFakeTryLater                 off
	SSLStaplingStandardCacheTimeout         86400
</IfModule>