ServerAdmin e-business.support@batesville.com
DocumentRoot /www2/weblink
ServerName meaningfulfunerals.net
DirectoryIndex "index.cfm"
ServerAlias *.meaningfulfunerals.net
SSLCertificateFile /etc/httpd/conf.d/certs/meaningfulfunerals.crt
SSLCertificateKeyFile /etc/httpd/conf.d/certs/meaningfulfunerals.key
SSLCACertificateFile /etc/httpd/conf.d/certs/gd_bundle-g2-g1.crt
LogLevel warn rewrite:trace1
ErrorLog /var/log/httpd/ssl-weblink_error_log
CustomLog /var/log/httpd/ssl-weblink_access_log combined
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Require all granted
# AuthType Basic
# AuthName "Secure Site"
# AuthUserFile /home/bates1/.htpasswd
# Require valid-user
Order allow,deny
Allow from all
# SSL Engine Switch: Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol TLSv1 all -SSLv2 -SSLv3
SSLProxyCheckPeerCN off
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
# ProxyRequests Off
# ProxyPreserveHost On
# ProxyPass / ajp://weblink:8009/
ProxyPassReverse / ajp://weblink:8009/ timeout=3600
RewriteEngine On
# CheckSpelling on
#Added 1/5/2016 for maint window
#RewriteCond %{HTTP_HOST} !\d+\.\d+\.\d+\.\d+
#RewriteCond %{DOCUMENT_ROOT}/maintenance.html -f
#RewriteCond %{SCRIPT_FILENAME} !maintenance.html
#RewriteCond %{SCRIPT_FILENAME} !lbtester.cfm
#RewriteRule ^.*$ /maintenance.html [R=503,L]
#ErrorDocument 503 /maintenance.html
#End of maint window
#Non-Meaningfulfunerals.net traffic goes to robots-deny-all.txt
# RewriteCond %{SERVER_PORT} ^443$
# RewriteCond %{HTTP_HOST} !^(.*)meaningfulfunerals\.net$ [NC]
# RewriteRule ^/robots\.txt$ /robots-deny-all.txt [L]
RewriteRule ^(/robots\.txt)$ ajp://weblink:8009/index.cfm$1 [P]
# Forbid access to Railo Admin URLs:
RewriteRule ^/lucee/admin/(.*) - [F]
RewriteRule ^/lucee/doc/(.*) - [F]
# Rewrite sitemap
RewriteRule ^/sitemap\.txt$ ajp://weblink:8009/sitemap/index.cfm?format=txt [P]
RewriteRule ^/sitemap\.xml$ ajp://weblink:8009/sitemap/index.cfm [P]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f
RewriteRule ^(.+\.html)$ - [L]
# Serve these extensions via Apache
RewriteRule ^(.*\.(png|gif|jpg|css|js|ico|ttf|woff|otf|eot|svg|ogg|mpeg|mp4|webm|jpeg|zip|swf|pdf|doc|docx|xls|xlsx|xml|txt|bmp|mp3)) - [NC,L]
# Rewrite lbtester.cfm to fh/lbtester.cfm
RewriteRule ^/lbtester\.cfm$ ajp://weblink:8009/fh/lbtester.cfm [P]
# If it's a CFML (*.cfc or *.cfm) request, just proxy it to Tomcat:
RewriteRule ^(.+\.cf[cm])(/.*)?$ ajp://weblink:8009$1$2 [P]
# If trailing slash and real directory, then append index.cfm and proxy it to Tomcat/Railo:
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
RewriteRule ^(.+/)$ ajp://weblink:8009%{REQUEST_URI}index.cfm [P]
# Cleanup/SEO url
RewriteRule ^/sitemap(/.*)?$ ajp://weblink:8009/sitemap/index.cfm$1 [P]
RewriteRule ^/admin(/.*)?$ ajp://weblink:8009/admin/index.cfm$1 [P]
RewriteRule ^/pro(/.*)?$ ajp://weblink:8009/pro/index.cfm$1 [P]
# Rework structure
RewriteCond %[DOCUMENT_ROOT] !^/fh(/.*)$
RewriteCond %[DOCUMENT_ROOT] !^/BIAdmin(/.*)$
RewriteCond %[DOCUMENT_ROOT] !^/fh_live(/.*)$
RewriteRule ^(/.*)$ ajp://weblink:8009/index.cfm$1 [P]
# If it's a real file (and we haven't proxied to Tomcat, so it must be static), just serve it:
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f
RewriteRule . - [L]
# NOTE: Everything else must be a CMS URL path (letters/numbers/hyphens/slashes only), or a 404...
# Require trailing slash at this point, if otherwise valid CMS URL:
RewriteCond %{REQUEST_URI} !^/server-(info|status)
RewriteRule ^([a-zA-Z0-9/-]+[^/])$ $1/ [R=301,L]
# Valid CMS URL path is proxied to Tomcat/Railo:
# MUST COME AFTER ANY OTHER FIXED/EXPECTED REWRITES!
RewriteCond %{REQUEST_URI} !^/server-(info|status)
RewriteRule ^([a-zA-Z0-9/-]+)$ ajp://weblink:8009%{REQUEST_URI} [NE,P]
# Anything else must be a 404 error:
# RewriteRule . ajp://weblink:8009/404.cfm [NE,P]