Listen 443 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:!LOW:!RC4:!3DES+SHA:!IDEA SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES SSLHonorCipherOrder on SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLProxyProtocol all -SSLv2 -SSLv3 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:c:/Apache24/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 ServerName demo.czechidm.com ServerAdmin root@demo.czechidm.com ErrorLog "c:/Apache24/logs/demo.czechidm.com_ssl-error.log" TransferLog "c:/Apache24/logs/demo.czechidm.com_ssl-access.log" CustomLog "c:/Apache24/logs/demo.czechidm.com_ssl-request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" SSLEngine on SSLCertificateFile "c:/Apache24/conf/server.crt" SSLCertificateKeyFile "c:/Apache24/conf/server.key" #SSLCertificateChainFile "c:/Apache24/conf/server-chain.crt" SSLVerifyClient none SSLOptions +StdEnvVars SSLOptions +StdEnvVars BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 # workaround for bad font handling in IE 11 Header set Cache-Control "no-cache, public, must-revalidate, proxy-revalidate" Protocols https/1.1 ProxyRequests off ProxyPreserveHost on ProxyAddHeaders on ProxyPass / ajp://127.0.0.1:8009/ secret=**tomcat_ajp_secret** ProxyPassReverse / ajp://127.0.0.1:8009/ secret=**tomcat_ajp_secret** RewriteEngine On RewriteRule "^/$" "/idm/" [R] SecRuleRemoveById 981173 SecRuleRemoveById 960015 SecRuleRemoveById 950109 # Allow Czech signs SecRuleRemoveById 981318 SecRuleRemoveById 981242 SecRuleRemoveById 960024 SecRuleRemoveById 981245 # Too restrictive for login format SecRuleRemoveById 960035 # Needed by Websockets SecRuleRemoveById 970901 # These break Certificate Authority module SecRuleRemoveById 960915 SecRuleRemoveById 200003 # Modsec can throw false positives on some files due to multipart boundary check SecRuleRemoveById 960915 SecRuleRemoveById 200003 # do not log request/response body SecAuditLogParts AFHZ # Compress HTML, CSS, JavaScript, Text, XML and fonts AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/vnd.ms-fontobject AddOutputFilterByType DEFLATE application/x-font AddOutputFilterByType DEFLATE application/x-font-opentype AddOutputFilterByType DEFLATE application/x-font-otf AddOutputFilterByType DEFLATE application/x-font-truetype AddOutputFilterByType DEFLATE application/x-font-ttf AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE font/opentype AddOutputFilterByType DEFLATE font/otf AddOutputFilterByType DEFLATE font/ttf AddOutputFilterByType DEFLATE image/svg+xml AddOutputFilterByType DEFLATE image/x-icon AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/javascript AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE application/json AddOutputFilterByType DEFLATE application/hal+json # Remove browser bugs (only needed for really old browsers) BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html Header append Vary User-Agent