HTTP 오류 403 - httpd.conf에서 #Include conf / extra / httpd-vhosts.conf 줄을 활성화할 때마다. 어떠한 제안?

---

이 답변은 귀하가 Apache 빌드를 사용하고 있다고 가정합니다.아파치 라운지(오류 로그 예제를 기반으로 함)

httpd.conf그래도 문제를 해결하는 데 도움이 되지 않으면 의 내용 httpd-vhosts.conf과 기타 가상 호스트 또는 SSL 구성 파일을 질문에 추가하는 것이 좋습니다 .

---

403 금지

에서 403 Forbidden활성화할 때마다 오류가 발생합니다 .Include conf/extra/httpd-vhosts.confhttpd.conf

파일이 제공되는 위치( DocumentRoot들 포함) 및 DirectoryApache 관련 설정에 주의하는 것이 중요합니다. 이는 존재하지 않는 디렉토리에 액세스하려는 시도까지 확장됩니다.

httpd.conf

에는 "default" 지시문과 관련 블록이 httpd.conf있어야 합니다 .DocumentRootDirectory

전. 기본값 DocumentRoot및 Directory설정(httpd.conf)

# [...] indicates omitted text for these examples.

# Apache 2.4.37+
Define SRVROOT "c:/Apache24"

# Apache 2.4.37+
ServerRoot "${SRVROOT}"

[...]

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "${SRVROOT}/htdocs"
<Directory "${SRVROOT}/htdocs">

    [...]
    Options Indexes FollowSymLinks

    [...]
    AllowOverride None

    [...]
    Require all granted
</Directory>

특히 블록 아래의 Option Indexes ...및 행은 ex에 대한 액세스를 제어하기 때문에 중요합니다. ( 위 서버의 기본값 ):Require all grantedDirectoryC:/Apache24/htdocsDocumentRoot

• Indexes원시 디렉토리의 내용을 표시할 수 있습니다(예: 파일이 없는 디렉토리) DirectoryIndex.index.html). 가 Indexes누락되었거나 전혀 지정되지 않은 경우 디렉터리 색인 파일이 없는 디렉터리는 를 반환합니다 .OptionsOptions403 Forbidden

• Require all granted누구나 디렉토리에 액세스할 수 있습니다. 그렇지 않으면 다시 403 Forbidden응답이 반환될 수 있습니다( 예를 들어 가 ex. 또는 Require all granted로 변경된 경우 ).Require ip 127.0.0.1Require all denied

httpd-vhosts.conf

기본 파일에는 각각 다른 설정을 지정 하고 수반되는 설정이 없는 httpd-vhosts.conf두 개의 예제 가상 호스트가 있습니다 .DocumentRoothttpd.confDirectory

전. httpd-vhosts.conf

<VirtualHost *:80>

    [...]
    DocumentRoot "${SRVROOT}/docs/dummy-host.example.com"
    [...]

</VirtualHost>

<VirtualHost *:80>

    [...]
    DocumentRoot "${SRVROOT}/docs/dummy-host2.example.com"
    [...]

</VirtualHost>

이러한 예시 호스트는 다음과 같은 이유로 응답을 요청합니다 403 Forbidden.

• 폴더 는 (예: ) 의 docs서버 아래에 있는 폴더가 아닙니다 . 즉, 액세스를 허용하려면 각각의 가상 호스트에 정의된 별도의 블록이 필요합니다(지시문 및 지시문 포함 ).DocumentRoothttpd.conf{SRVROOT}/htdocs/docs/...DirectoryRequireOptionsIndexes

• ${SRVROOT}/docs/dummy-host.example.com기본적으로 존재 하지도 ${SRVROOT}/docs/dummy-host2.example.com않습니다(!).

• 지정된 첫 번째 가상 호스트는 "기본" 응답(예: 호스트 이름이 기존 가상 호스트와 일치하지 않는 경우)에 대해 Apache에 의해 자동으로 우선 순위가 지정됩니다. 여기에는 생성된 모든 403 Forbidden응답이 포함됩니다.

이러한 예제가 에 있는 경우 httpd-vhosts.conf해당 예제를 주석 처리 #하거나(각 줄 앞에 를 추가) 완전히 삭제해야 합니다.

SSL 세션 캐시

AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]

SSL 구성에 다음과 같은 사항이 있어야 합니다.

SSLSessionCache        "shmcb:${SRVROOT}/logs/ssl_scache(512000)"

지시어 이전에 활성화됩니다 VirtualHost. 첫 번째 SSL 가상 호스트가 어떻게 보이는지 보려면 httpd-ssl.conf( ) 를 살펴봐야 합니다 ( 이를 위해 자체를 사용하지 않는다고 가정).conf/extras/httpd-ssl.confhttpd-ssl.conf

mod_socache_shmcb다음 예에서도 주석 처리를 해제해야 합니다 httpd.conf.

전. httpd.conf

[...]
#LoadModule socache_redis_module modules/mod_socache_redis.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule speling_module modules/mod_speling.so
[...]

---

경로 참고 사항

경험상 잠재적인 문제를 최소화하려면 Apache 경로에 공백이 포함되어서는 안 됩니다. 즉 C:\Program Files, 폴더 C:\Program Files (x86)를 피하는 것이 가장 좋습니다 Users.

---

업데이트

다음은 귀하가 제공한 구성 파일을 기반으로 한 몇 가지 추가 참고 사항입니다.

가상 호스트

다음은 httpd-vhosts.conf현재 가지고 있는 파일 대신 시도해 볼 수 있는 원본 파일을 기반으로 하는 (본질적으로) 작동하는 가상 호스트 예제여야 합니다.

전. httpd-vhosts.conf

<VirtualHost *:80>

    # Required
    ServerName localhost

    # Optional
    # ServerAlias www.localhost.com
    # ServerAdmin admin@localhost

    # Required
    DocumentRoot "${SRVROOT}/htdocs"
    # DocumentRoot "${SRVROOT}/htdocs/localhost"

    # Optional
    <Directory "${SRVROOT}/htdocs">
        Options Indexes FollowSymLinks Includes ExecCGI
        AllowOverride All
        Require all granted
    </Directory>

    # Optional
    ErrorLog "logs/localhost-error.log"
    CustomLog "logs/localhost-access.log" common

</VirtualHost>

# Literally using "localhost2" likely requires an entry
# in your "hosts" file or any local DNS server.
<VirtualHost *:80>

    # Required
    ServerName localhost2

    # Optional
    # ServerAlias www.localhost2.com
    # ServerAdmin admin@localhost2

    # Required
    DocumentRoot "${SRVROOT}/htdocs"
    # DocumentRoot "${SRVROOT}/htdocs/localhost2"

    # Optional
    ErrorLog "logs/localhost2-error.log"
    CustomLog "logs/localhost2-access.log" common

</VirtualHost>

참고 사항:

• ServerName각 가상 호스트에 대한 지시어는 더 이상 동일하지 않습니다 . 동일한 이름을 가진 두 개 이상의 가상 호스트가 있으면 이러한 이름을 확인할 때 문제가 발생할 수 있습니다( DocumentRootApache는 무엇에서 파일을 제공해야 합니까?).

• Order/ 문 은 Allow더 이상 사용되지 않습니다.따라서 제거되었습니다. 대부분의 경우 다음과 같은 새로운 지시어를 사용하는 것만으로도 Require충분합니다.

---

그래도 문제가 해결되지 않으면 테스트 중에 PHP를 제외하는 것이 좋습니다(예: 일반 HTML 파일만 사용하고 에서 PHP 설정을 주석 처리 httpd.conf). 이렇게 하면 Apache 자체와 PHP 구성에 문제가 있는지 더 잘 알 수 있을 것입니다.

---

SSL 구성

• mod_socache_shmcb위에서 언급한 대로(업데이트 후) 다음 에서 주석 처리를 제거해야 합니다 httpd.conf.

전. httpd.conf

[...]
#LoadModule socache_redis_module modules/mod_socache_redis.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule speling_module modules/mod_speling.so
[...]

• 또한 Windows에서는 SSLPassPhraseDialog builtin다음 을 주석 처리해야 합니다 .httpd_ssl.conf

전. httpd_ssl.conf

[...]

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is an internal
#   terminal dialog) has to provide the pass phrase on stdout.
# SSLPassPhraseDialog  builtin

[...]

SSL 인증서의 암호는 Windows용 Apache에서는 광범위하게 지원되지 않습니다.

작동하지 않았습니다 ...

내 conf 파일...

# Virtual Hosts
#
# Required modules: mod_log_config

# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at 
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
#   ServerAdmin [email protected]
    DocumentRoot "${SRVROOT}/htdocs"
    ServerName localhost
#   ServerAlias www.dummy-host.example.com
#   ErrorLog "logs/dummy-host.example.com-error.log"
#   CustomLog "logs/dummy-host.example.com-access.log" common
    <Directory "${SRVROOT}/htdocs">
        Options Indexes FollowSymLinks Includes ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:80>
#    ServerAdmin [email protected]
    DocumentRoot "${SRVROOT}/htdocs"
    ServerName localhost
#    ErrorLog "logs/localhost.log"
#    CustomLog "logs/dummy-host2.example.com-access.log" common
</VirtualHost>

다른 것...

# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used.  If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
Define SRVROOT "c:/Apache24"

ServerRoot "${SRVROOT}"

#

#Listen 12.34.56.78:80
Listen 80

#
#LoadModule access_compat_module modules/mod_access_compat.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule allowmethods_module modules/mod_allowmethods.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_core_module modules/mod_authn_core.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_socache_module modules/mod_authn_socache.so
#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_core_module modules/mod_authz_core.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule brotli_module modules/mod_brotli.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#LoadModule cache_socache_module modules/mod_cache_socache.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule data_module modules/mod_data.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule dav_lock_module modules/mod_dav_lock.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
#LoadModule dumpio_module modules/mod_dumpio.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule filter_module modules/mod_filter.so
#LoadModule http2_module modules/mod_http2.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
#LoadModule ident_module modules/mod_ident.so
#LoadModule imagemap_module modules/mod_imagemap.so
LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
#LoadModule ldap_module modules/mod_ldap.so
#LoadModule logio_module modules/mod_logio.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule lua_module modules/mod_lua.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule md_module modules/mod_md.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_express_module modules/mod_proxy_express.so
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
#LoadModule proxy_html_module modules/mod_proxy_html.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_http2_module modules/mod_proxy_http2.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
#LoadModule reflector_module modules/mod_reflector.so
#LoadModule remoteip_module modules/mod_remoteip.so
#LoadModule request_module modules/mod_request.so
#LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule rewrite_module modules/mod_rewrite.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule session_module modules/mod_session.so
#LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_crypto_module modules/mod_session_crypto.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
#LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule socache_redis_module modules/mod_socache_redis.so
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule speling_module modules/mod_speling.so
LoadModule ssl_module modules/mod_ssl.so
#LoadModule status_module modules/mod_status.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule unique_id_module modules/mod_unique_id.so
#LoadModule userdir_module modules/mod_userdir.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule version_module modules/mod_version.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule xml2enc_module modules/mod_xml2enc.so
LoadModule php7_module "C:\PHP\php7apache2_4.dll"

<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.  
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User 
Group 

</IfModule>

#
ServerAdmin [email protected]

#
ServerName localhost:80

#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other 
# <Directory> blocks below.
#

<Directory />
    AllowOverride none
    Require all denied
</Directory>

# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "${SRVROOT}/htdocs"
<Directory "${SRVROOT}/htdocs">
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>

#
# The following lines prevent .htaccess and .htpasswd files from being 
# viewed by Web clients. 
#
<Files ".ht*">
    Require all denied
</Files>

#
# ErrorLog: The location of the error log file.
#
ErrorLog "logs/error.log"

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    #
    CustomLog "logs/access.log" common

    #
</IfModule>

<IfModule alias_module>
    #
    # Redirect permanent /foo http://www.example.com/bar

    #
    #
    ScriptAlias /cgi-bin/ "${SRVROOT}/cgi-bin/"

</IfModule>

<IfModule cgid_module>
    #
</IfModule>

#
#
<Directory "${SRVROOT}/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule headers_module>
    #
    RequestHeader unset Proxy early
</IfModule>

<IfModule mime_module>
    #
    TypesConfig conf/mime.types

    #
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddHandler application/x-httpd-php .php
    AddType application/x-httpd-php .php .html
    Action application/x-httpd-php "C:\PHP\php-cgi.exe"

    #
</IfModule>

# Language settings
#Include conf/extra/httpd-languages.conf

# User home directories
#Include conf/extra/httpd-userdir.conf

# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf

# Virtual hosts
#Include conf/extra/httpd-vhosts.conf

# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf

# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf

# Various default settings
Include conf/extra/httpd-default.conf

# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>

# Secure (SSL/TLS) connections
# Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
</IfModule>

PHPIniDir "C:\PHP"
Timeout 240

그리고 마지막..

#
# When we also provide SSL we have to listen to the 
# standard HTTP port (see above) and to the HTTPS port
#
Listen 443


#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate,
#   and that httpd will negotiate as the client of a proxied server.
#   See the OpenSSL documentation for a complete list of ciphers, and
#   ensure these follow appropriate best practices for this deployment.
#   httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
#   while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES



#   User agents such as web browsers are not configured for the user's
#   own preference of either security or performance, therefore this
#   must be the prerogative of the web server administrator who manages
#   cpu load versus confidentiality, so enforce the server's cipher order.
SSLHonorCipherOrder on 

#   SSL Protocol support:
#   List the protocol versions which clients are allowed to connect with.
#   Disable SSLv3 by default (cf. RFC 7525 3.1.1).  TLSv1 (1.0) should be
#   disabled as quickly as practical.  By the end of 2016, only the TLSv1.2
#   protocol or later should remain in use.
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is an internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism 
#   to use and second the expiring timeout (in seconds).
#SSLSessionCache         "dbm:${SRVROOT}/logs/ssl_scache"
SSLSessionCache        "shmcb:${SRVROOT}/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300


<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "${SRVROOT}/htdocs"
ServerName localhost:443
ServerAdmin [email protected]
ErrorLog "${SRVROOT}/logs/error.log"
TransferLog "${SRVROOT}/logs/access.log"
SSLCertificateFile "${SRVROOT}/conf/ssl/server.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/server.key"

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   Server Certificate:

SSLCertificateFile "${SRVROOT}/conf/ssl/server.crt"
#SSLCertificateFile "${SRVROOT}/conf/server-dsa.crt"
#SSLCertificateFile "${SRVROOT}/conf/server-ecc.crt"

#   Server Private Key:

SSLCertificateKeyFile "${SRVROOT}/conf/ssl/server.key"
#SSLCertificateKeyFile "${SRVROOT}/conf/server-dsa.key"
#SSLCertificateKeyFile "${SRVROOT}/conf/server-ecc.key"

#   Server Certificate Chain:

#SSLCertificateChainFile "${SRVROOT}/conf/server-ca.crt"

#   Certificate Authority (CA):

#SSLCACertificatePath "${SRVROOT}/conf/ssl/ssl.crt"
#SSLCACertificateFile "${SRVROOT}/conf/ssl.crt/ca-bundle.crt"


#   Client Authentication (Type):

#SSLVerifyClient require
#SSLVerifyDepth  10

BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog "${SRVROOT}/logs/ssl_request.log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>