User	    wwwrun
Group	    www

# Load the modules needed for this file
LoadModule  mime_module        /usr/lib/apache2/mod_mime.so
LoadModule  dir_module         /usr/lib/apache2/mod_dir.so
LoadModule  setenvif_module    /usr/lib/apache2/mod_setenvif.so
LoadModule  log_config_module  /usr/lib/apache2/mod_log_config.so

Options None

# Set up MIME content type recognition
TypesConfig  /etc/mime.types

# Enable default documents for directory queries
DirectoryIndex  index.html

# Setup Logging
LogFormat  "%h %l %u %t \"%r\" %>s %b"  clf

# Listen on port 80 (default http) and 443 (default https)
Listen  80
Listen  443

# Include the SSL module
LoadModule  ssl_module  /usr/lib/apache2-prefork/mod_ssl.so

# SSL session cache
SSLSessionCache         shmcb:/var/lib/apache2/ssl_scache(512000)
SSLSessionCacheTimeout  600
SSLMutex default

# Seed the random number generator
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

# Require SSL when accessing /protected
<Directory /srv/www/WWW/protected>
  SSLRequireSSL
  SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
      and %{SSL_CLIENT_S_DN_O} eq "University of Cambridge" \
      and %{SSL_CLIENT_S_DN_OU} in {"Computing Service", "MISD"} \
      and %{SSL_CLIENT_I_DN_O} eq "**TEST Jon's Test CA company" )
</Directory>

# Install the CGI module so we can display the environment
LoadModule cgi_module /usr/lib/apache2-prefork/mod_cgi.so
AddHandler cgi-script .cgi
Options +ExecCGI

<VirtualHost *:80>

  ServerName    www.dept.cam.ac.uk
  DocumentRoot  /srv/www/WWW
  CustomLog     /var/log/apache2/www.log  clf

</VirtualHost>

<VirtualHost *:443>

  ServerName    www.dept.cam.ac.uk
  DocumentRoot  /srv/www/WWW
  CustomLog     /var/log/apache2/www.log  clf

  # Minimal SSL configuration
  SSLEngine  On
  SSLCertificateFile     /etc/apache2/ssl.crt/WWW.crt
  SSLCertificateKeyFile  /etc/apache2/ssl.key/WWW.key

  # Work-around browser bugs
  SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

  # SSL custom logging
  CustomLog /var/log/apache2/www-ssl.log \
         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b \"%{SSL_CLIENT_S_DN_CN}x\""

  SSLCACertificateFile  /etc/apache2/ssl.crt/personalCA.crt
  SSLVerifyClient require

  SSLUserName SSL_CLIENT_S_DN_CN 
  SSLOptions +StdEnvVars

</VirtualHost>