ServerAdmin support@vicibox.local
ServerName vicibox.local
DocumentRoot /srv/www/htdocs
ErrorLog /var/log/apache2/error_log
CustomLog /var/log/apache2/access_log combined
#CustomLog /dev/null combined
HostnameLookups Off
UseCanonicalName Off
ServerSignature Off
TraceEnable Off
Include /etc/apache2/conf.d/*.conf
DirectoryIndex index.html index.php index.htm
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt/vicibox.crt
#SSLCACertificateFile /etc/apache2/ssl.crt/CAchain.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/vicibox.key
SSLOptions +StdEnvVars
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
Require all denied
Require ip 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12 127.0.0.1
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
### Below is for PCI WebDSS scans, but will likely break ViciDial
#
# Header always set X-Frame-Options: DENY
# Header always set X-XSS-Protection "1; mode=block"
# Header always set X-Content-Type-Options: nosniff
# Header always set Content-Security-Policy "script-src 'self'; object-src 'self'"
# Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
#