sei.conf 2.16 KB
Edit Raw Blame History



1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90


ServerTokens Prod

LogFormat "%h \"%{X-Forwarded-For}i\" %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
HostnameLookups Off
ServerSignature Off
AddDefaultCharset iso-8859-1

Alias "/sei" "/opt/sei/web"
Alias "/sip" "/opt/sip/web"
Alias "/infra_css" "/opt/infra/infra_css"
Alias "/infra_js" "/opt/infra/infra_js"

<VirtualHost *:80>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<VirtualHost *:443>

    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/sei.crt
    SSLCertificateChainFile /etc/pki/tls/certs/sei-ca.pem
    SSLCertificateKeyFile /etc/pki/tls/private/sei.key

    DocumentRoot /opt/sei/web

    ServerAdmin marcelo.linhares@planejamento.gov.br

    DirectoryIndex index.php index.html
    IndexIgnore *

    # Bloqueia acesso à qualquer arquivo ou diretório externo ao DocumentRoot
    <Directory />
        AllowOverride None
    #    Require all denied
    </Directory>

    <Directory ~ "(/opt/sei/web|/opt/sip/web|/opt/infra/infra_css|/opt/infra/infra_js)" >
        AllowOverride None
        Options None
    #    Require all granted
    </Directory>

</VirtualHost>

<IfModule prefork.c>
    StartServers 20
    MinSpareServers 10
    MaxSpareServers 30
    ServerLimit 2000
    MaxClients 2000
    MaxRequestsPerChild 0
</IfModule>

<IfModule worker.c>
    StartServers 3
    MaxClients 150
    MinSpareThreads 25
    MaxSpareThreads 75
    ThreadsPerChild 25
    MaxRequestsPerChild 10000
</IfModule>

<Location /server-status-url-status>
    SetHandler server-status
    Order deny,allow
    #Deny from all
    Allow from all
</Location>

<Location /server-info-url-info>
    SetHandler server-info
    Order deny,allow
    #Deny from all
    Allow from all
</Location>

# Para evitar erros nos log do SIP (menu Infra/Log) identificados por “Microsoft Data Access Internet Publishing Provider Protocol Discovery”
SetEnvIfNoCase user-agent "Microsoft Data Access Internet Publishing Provider Protocol Discovery" bad_bot=1
<FilesMatch "(.*)">
    Order Allow,Deny
    Allow from all
    Deny from env=bad_bot
</FilesMatch>