ServerAdmin e-business.support@batesville.com DocumentRoot /www2/weblink ServerName meaningfulfunerals.net DirectoryIndex "index.cfm" ServerAlias *.meaningfulfunerals.net SSLCertificateFile /etc/httpd/conf.d/certs/meaningfulfunerals.crt SSLCertificateKeyFile /etc/httpd/conf.d/certs/meaningfulfunerals.key SSLCACertificateFile /etc/httpd/conf.d/certs/gd_bundle-g2-g1.crt LogLevel warn rewrite:trace1 ErrorLog /var/log/httpd/ssl-weblink_error_log CustomLog /var/log/httpd/ssl-weblink_access_log combined Options Indexes FollowSymLinks AllowOverride AuthConfig Require all granted # AuthType Basic # AuthName "Secure Site" # AuthUserFile /home/bates1/.htpasswd # Require valid-user Order allow,deny Allow from all # SSL Engine Switch: Enable/Disable SSL for this virtual host. SSLEngine on # SSL Protocol support: # List the enable protocol levels with which clients will be able to # connect. Disable SSLv2 access by default: SSLProtocol TLSv1 all -SSLv2 -SSLv3 SSLProxyCheckPeerCN off # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. #SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on # ProxyRequests Off # ProxyPreserveHost On # ProxyPass / ajp://weblink:8009/ ProxyPassReverse / ajp://weblink:8009/ timeout=3600 RewriteEngine On # CheckSpelling on #Added 1/5/2016 for maint window #RewriteCond %{HTTP_HOST} !\d+\.\d+\.\d+\.\d+ #RewriteCond %{DOCUMENT_ROOT}/maintenance.html -f #RewriteCond %{SCRIPT_FILENAME} !maintenance.html #RewriteCond %{SCRIPT_FILENAME} !lbtester.cfm #RewriteRule ^.*$ /maintenance.html [R=503,L] #ErrorDocument 503 /maintenance.html #End of maint window #Non-Meaningfulfunerals.net traffic goes to robots-deny-all.txt # RewriteCond %{SERVER_PORT} ^443$ # RewriteCond %{HTTP_HOST} !^(.*)meaningfulfunerals\.net$ [NC] # RewriteRule ^/robots\.txt$ /robots-deny-all.txt [L] RewriteRule ^(/robots\.txt)$ ajp://weblink:8009/index.cfm$1 [P] # Forbid access to Railo Admin URLs: RewriteRule ^/lucee/admin/(.*) - [F] RewriteRule ^/lucee/doc/(.*) - [F] # Rewrite sitemap RewriteRule ^/sitemap\.txt$ ajp://weblink:8009/sitemap/index.cfm?format=txt [P] RewriteRule ^/sitemap\.xml$ ajp://weblink:8009/sitemap/index.cfm [P] RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f RewriteRule ^(.+\.html)$ - [L] # Serve these extensions via Apache RewriteRule ^(.*\.(png|gif|jpg|css|js|ico|ttf|woff|otf|eot|svg|ogg|mpeg|mp4|webm|jpeg|zip|swf|pdf|doc|docx|xls|xlsx|xml|txt|bmp|mp3)) - [NC,L] # Rewrite lbtester.cfm to fh/lbtester.cfm RewriteRule ^/lbtester\.cfm$ ajp://weblink:8009/fh/lbtester.cfm [P] # If it's a CFML (*.cfc or *.cfm) request, just proxy it to Tomcat: RewriteRule ^(.+\.cf[cm])(/.*)?$ ajp://weblink:8009$1$2 [P] # If trailing slash and real directory, then append index.cfm and proxy it to Tomcat/Railo: RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d RewriteRule ^(.+/)$ ajp://weblink:8009%{REQUEST_URI}index.cfm [P] # Cleanup/SEO url RewriteRule ^/sitemap(/.*)?$ ajp://weblink:8009/sitemap/index.cfm$1 [P] RewriteRule ^/admin(/.*)?$ ajp://weblink:8009/admin/index.cfm$1 [P] RewriteRule ^/pro(/.*)?$ ajp://weblink:8009/pro/index.cfm$1 [P] # Rework structure RewriteCond %[DOCUMENT_ROOT] !^/fh(/.*)$ RewriteCond %[DOCUMENT_ROOT] !^/BIAdmin(/.*)$ RewriteCond %[DOCUMENT_ROOT] !^/fh_live(/.*)$ RewriteRule ^(/.*)$ ajp://weblink:8009/index.cfm$1 [P] # If it's a real file (and we haven't proxied to Tomcat, so it must be static), just serve it: RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f RewriteRule . - [L] # NOTE: Everything else must be a CMS URL path (letters/numbers/hyphens/slashes only), or a 404... # Require trailing slash at this point, if otherwise valid CMS URL: RewriteCond %{REQUEST_URI} !^/server-(info|status) RewriteRule ^([a-zA-Z0-9/-]+[^/])$ $1/ [R=301,L] # Valid CMS URL path is proxied to Tomcat/Railo: # MUST COME AFTER ANY OTHER FIXED/EXPECTED REWRITES! RewriteCond %{REQUEST_URI} !^/server-(info|status) RewriteRule ^([a-zA-Z0-9/-]+)$ ajp://weblink:8009%{REQUEST_URI} [NE,P] # Anything else must be a 404 error: # RewriteRule . ajp://weblink:8009/404.cfm [NE,P]