# -*- apache -*-
#
#  THIS FILE IS SUPPOSED TO COME WITH THE DEBIAN or RPM PACKAGE. 
#  PATH WILL BE ERRONEOUS FOR A HAND-MADE INSTALLATION
#
#  Written for apache 2.x
#  If you use apache 2.x, read INSTALL.verbose shipped with Savane
#
###################################################################
# SECURITY IMPROVEMENTS:
#
# You should add in your php.ini, if you are sure that no PHP software
# on your server require these:
#	
#     disable_functions = exec, passthru, popen, shell_exec, system
#
###################################################################

# If you'd like to put savane on the root of your webserver, 
# you would have to uncomment the following
# Alias / /usr/share/savane-frontend/

Alias /savane/export /var/cache/savane
Alias /savane /usr/share/savane-frontend


<Directory /usr/share/savane-frontend>
    # Pure apache conf:
    SetEnv SAVANE_CONF /etc/savane
    Options SymLinksIfOwnerMatch
    AllowOverride None
    AcceptPathInfo On
    ErrorDocument 404 /savane/404.php
    Order Allow,Deny 
    Allow from all

    # PHP conf:
    #  use register_globals and file uploads:
    php_admin_flag register_globals on
    php_admin_flag register_long_arrays on
    php_admin_flag magic_quotes_gpc on
    php_admin_flag file_uploads on
    #  for xhtml validity:
    php_value arg_separator.output "&amp;"
    #  to improve security
    php_admin_flag allow_url_fopen off
    php_admin_flag display_errors off
    php_admin_flag log_errors on
 
    # Configure some specials urls:
    <Files u>
	ForceType application/x-httpd-php
    </Files>
    <Files us>
	ForceType application/x-httpd-php
    </Files>
    <Files users>
	ForceType application/x-httpd-php
    </Files>
    <Files projects>
	ForceType application/x-httpd-php
    </Files>
    <Files pr>
	ForceType application/x-httpd-php
    </Files>
    <Files p>
	ForceType application/x-httpd-php
    </Files>
    <Files file>
	ForceType application/x-httpd-php
    </Files>

    # Restrict access to testconfig
    <Files testconfig.php>
   	Order Deny,Allow
	Allow from 127.0.0.1
	Deny from All
    </Files>
</Directory>

# Restrict access into include/
<Directory /usr/share/savane-frontend/include>
	Order Allow,Deny
	Deny from all
</Directory>

# Limit access to savane export
<Directory /var/cache/savane>
    Options SymLinksIfOwnerMatch
    AllowOverride None
    ErrorDocument 404 /savane/404-export.php
    Order Allow,Deny 
    Allow from all
</Directory>


# End Of File
