source: trunk/package/uhttpd/files/uhttpd.config @ 22589

Last change on this file since 22589 was 22589, checked in by jow, 6 years ago

[package] uhttpd: add option to reject requests from RFC1918 IPs to public server IPs (DNS rebinding countermeasure)

File size: 1.7 KB
Line 
1# Server configuration
2config uhttpd main
3
4        # HTTP listen addresses, multiple allowed
5        list listen_http        0.0.0.0:80
6#       list listen_http        [::]:80
7
8        # HTTPS listen addresses, multiple allowed
9        list listen_https       0.0.0.0:443
10#       list listen_https       [::]:443
11
12        # Server document root
13        option home             /www
14
15        # Reject requests from RFC1918 IP addresses
16        # directed to the servers public IP(s).
17        # This is a DNS rebinding countermeasure.
18        option rfc1918_filter 1
19
20        # Certificate and private key for HTTPS.
21        # If no listen_https addresses are given,
22        # the key options are ignored.
23        option cert             /etc/uhttpd.crt
24        option key              /etc/uhttpd.key
25
26        # CGI url prefix, will be searched in docroot.
27        # Default is /cgi-bin
28        option cgi_prefix       /cgi-bin
29
30        # Lua url prefix and handler script.
31        # Lua support is disabled if no prefix given.
32#       option lua_prefix       /luci
33#       option lua_handler      /usr/lib/lua/luci/sgi/uhttpd.lua
34
35        # CGI/Lua timeout, if the called script does not
36        # write data within the given amount of seconds,
37        # the server will terminate the request with
38        # 504 Gateway Timeout response.
39        option script_timeout   60
40
41        # Network timeout, if the current connection is
42        # blocked for the specified amount of seconds,
43        # the server will terminate the associated
44        # request process.
45        option network_timeout  30
46
47        # Basic auth realm, defaults to local hostname
48#       option realm    OpenWrt
49
50        # Configuration file in busybox httpd format
51#       option config   /etc/httpd.conf
52
53
54# Certificate defaults for px5g key generator
55config cert px5g
56
57        # Validity time
58        option days             730
59
60        # RSA key size
61        option bits             1024
62
63        # Location
64        option country          DE
65        option state            Berlin
66        option location         Berlin
67
68        # Common name
69        option commonname       OpenWrt
70
Note: See TracBrowser for help on using the repository browser.