htetc/freeside-base2.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

PerlModule Apache2::compat

#PerlModule Apache::DBI

PerlModule HTML::Mason
PerlSetVar MasonArgsMethod CGI
PerlModule HTML::Mason::ApacheHandler

PerlRequire "%%%MASON_HANDLER%%%"

PerlChildInitHandler FS::Mason::child_init

#Locale::SubCountry
AddDefaultCharset UTF-8

PerlModule FS::AuthCookieHandler

#XXX need to also work properly for installs w/o /freeside/ in path
PerlSetVar FreesideLoginScript /freeside/loginout/login.html

#disables HTTP, so HTTPS only
#PerlSetVar FreesideSecure 1

#prevents cookie theft via JS
PerlSetVar FreesideHttpOnly 1

<Directory %%%FREESIDE_DOCUMENT_ROOT%%%>

    AuthName Freeside
    AuthType FS::AuthCookieHandler
    PerlAuthenHandler FS::AuthCookieHandler->authenticate
    PerlAuthzHandler  FS::AuthCookieHandler->authorize
    require valid-user

    <Files ~ "(\.cgi|\.html)$">
        SetHandler perl-script
        PerlHandler HTML::Mason
    </Files>

</Directory>

<Files login>
    AuthName Freeside
    AuthType FS::AuthCookieHandler
    SetHandler perl-script
    PerlHandler FS::AuthCookieHandler->login
</Files>

<Directory %%%FREESIDE_DOCUMENT_ROOT%%%/elements/>
    <Files "freeside.css">
        Satisfy any
    </Files>

    <Files ~ "(\.html)$">
        Deny from all
        SetHandler None
    </Files>
</Directory>

<Directory %%%FREESIDE_DOCUMENT_ROOT%%%/rt/Helpers/>
    SetHandler perl-script
    PerlHandler HTML::Mason
</Directory>

<Directory %%%FREESIDE_DOCUMENT_ROOT%%%/rt/REST/1.0/NoAuth/>
    Satisfy any
</Directory>

<Directory %%%FREESIDE_DOCUMENT_ROOT%%%/REST/1.0/>
    Satisfy any
    SetHandler perl-script
    PerlHandler HTML::Mason
</Directory>