7 files changed, 48 insertions, 38 deletions
diff --git a/sca-cpp/trunk/modules/http/conf/mime.types b/sca-cpp/trunk/modules/http/conf/mime.types
index 430aa95f0f..3f083f9a32 100644
--- a/sca-cpp/trunk/modules/http/conf/mime.types
+++ b/sca-cpp/trunk/modules/http/conf/mime.types
@@ -471,7 +471,7 @@ image/gif			gif
 image/ief			ief
 image/jpeg			jpeg jpg jpe
 image/naplps
-image/png			png
+image/png			png b64
 image/prs.btif
 image/prs.pti
 image/svg+xml			svg
@@ -546,7 +546,7 @@ text/directory
 text/enriched
 text/html			html htm
 text/parityfec
-text/plain			asc txt b64
+text/plain			asc txt
 text/prs.lines.tag
 text/rfc822-headers
 text/richtext			rtx
diff --git a/sca-cpp/trunk/modules/http/form-auth-conf b/sca-cpp/trunk/modules/http/form-auth-conf
index 2898d9b7ed..08b97b9df8 100755
--- a/sca-cpp/trunk/modules/http/form-auth-conf
+++ b/sca-cpp/trunk/modules/http/form-auth-conf
@@ -57,7 +57,7 @@ AuthFormProvider file
 AuthFormLoginRequiredLocation /login
 AuthFormLogoutLocation /
 Session On
-SessionCookieName TuscanyFormAuth path=/;secure=TRUE
+SessionCookieName TuscanyFormAuth domain=.$host; path=/
 SessionCryptoPassphrase $pw
 Require valid-user
 </Location>
diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf
index 74b3944cc1..5b034c7928 100755
--- a/sca-cpp/trunk/modules/http/httpd-conf
+++ b/sca-cpp/trunk/modules/http/httpd-conf
@@ -35,8 +35,6 @@ else
     pportsuffix=":$pport"
 fi
 
-dothost=`echo $host | grep "\."`
-
 mkdir -p $4
 htdocs=`echo "import os; print os.path.realpath('$4')" | python`
 
@@ -83,12 +81,9 @@ HostNameLookups Off
 # [timestamp] [access] remote-host remote-ident remote-user "request-line"
 # status response-size "referrer" "user-agent" "user-track" local-IP
 # virtual-host response-time bytes-received bytes-sent
-LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [access] %h %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{cookie}n\" %A %V %D %I %O" combined
+LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [access] %h %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{cookie}n\" %A %V %D %I %O %{mod_security-message}i" combined
 Include conf/log.conf
 
-# Configure tracking
-Include conf/tracking.conf
-
 # Configure Mime types and default charsets
 TypesConfig $here/conf/mime.types
 AddDefaultCharset utf-8
@@ -116,7 +111,8 @@ Require all denied
 
 # Configure output filters to enable compression and rate limiting
 <Location />
-SetOutputFilter RATE_LIMIT;DEFLATE
+#SetOutputFilter RATE_LIMIT;DEFLATE
+SetOutputFilter DEFLATE
 
 BrowserMatch ^Mozilla/4 gzip-only-text/html
 BrowserMatch ^Mozilla/4\.0[678] no-gzip
@@ -125,7 +121,7 @@ BrowserMatch ^check_http/ check_http
 SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
 Header append Vary User-Agent env=!dont-vary
 
-SetEnv rate-limit 400 
+#SetEnv rate-limit 400 
 </Location>
 
 # Listen on HTTP port
@@ -165,26 +161,6 @@ Include conf/adminauth.conf
 
 EOF
 
-# Generate tracking configuration
-cat >$root/conf/tracking.conf <<EOF
-# Generated by: httpd-conf $*
-# Configure tracking
-CookieTracking on
-CookieName TuscanyVisitorId
-CookieStyle Cookie
-CookieExpires 31556926
-
-EOF
-
-if [ "$dothost" != "" ]; then
-    cat >>$root/conf/tracking.conf <<EOF
-# Generated by: httpd-conf $*
-CookieDomain .$dothost
-
-EOF
-
-fi
-
 # Configure logging
 cat >$root/conf/log.conf <<EOF
 # Generated by: httpd-conf $*
@@ -303,6 +279,10 @@ Require all granted
 AuthType None
 Require all granted
 </Location>
+<Location /proxy/public>
+AuthType None
+Require all granted
+</Location>
 <Location /favicon.ico>
 AuthType None
 Require all granted
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf
index 420d08ff87..b5f82d9690 100755
--- a/sca-cpp/trunk/modules/http/httpd-ssl-conf
+++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf
@@ -37,6 +37,8 @@ else
     sslpportsuffix=":$sslpport"
 fi
 
+dothost=`echo $host | grep "\."`
+
 htdocs=`echo $conf | awk '{ print $8 }'`
 mkdir -p $htdocs
 htdocs=`echo "import os; print os.path.realpath('$htdocs')" | python`
@@ -80,6 +82,9 @@ Include conf/locauth-ssl.conf
 Include conf/pubauth-ssl.conf
 Include conf/adminauth-ssl.conf
 
+# Configure tracking
+Include conf/tracking-ssl.conf
+
 </VirtualHost>
 
 EOF
@@ -163,7 +168,7 @@ SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
 # SSL-cipher "request-line" status response-size "referrer" "user-agent"
 # "SSL-client-I-DN" "SSL-client-S-DN" "user-track" local-IP virtual-host
 # response-time bytes-received bytes-sent
-LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [sslaccess] %h %l %u %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{SSL_CLIENT_I_DN}x\" \"%{SSL_CLIENT_S_DN}x\" \"%{cookie}n\" %A %V %D %I %O" sslcombined
+LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [sslaccess] %h %l %u %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{SSL_CLIENT_I_DN}x\" \"%{SSL_CLIENT_S_DN}x\" \"%{cookie}n\" %A %V %D %I %O %{mod_security-message}i" sslcombined
 Include conf/log-ssl.conf
 
 # Enable HTTPS reverse proxy
@@ -180,6 +185,26 @@ SSLProxyCheckPeerCN Off
 
 EOF
 
+# Generate tracking configuration
+cat >$root/conf/tracking-ssl.conf <<EOF
+# Generated by: httpd-ssl-conf $*
+# Configure tracking
+CookieTracking on
+CookieName TuscanyVisitorId
+CookieStyle Cookie
+CookieExpires 31556926
+
+EOF
+
+if [ "$dothost" != "" ]; then
+    cat >>$root/conf/tracking-ssl.conf <<EOF
+# Generated by: httpd-ssl-conf $*
+CookieDomain .$dothost
+
+EOF
+
+fi
+
 # Configure logging
 cat >$root/conf/log-ssl.conf <<EOF
 # Generated by: httpd-ssl-conf $*
diff --git a/sca-cpp/trunk/modules/http/proxy-base-conf b/sca-cpp/trunk/modules/http/proxy-base-conf
index c61c0e20d8..cbd62bcc14 100755
--- a/sca-cpp/trunk/modules/http/proxy-base-conf
+++ b/sca-cpp/trunk/modules/http/proxy-base-conf
@@ -24,10 +24,11 @@ root=`echo "import os; print os.path.realpath('$1')" | python`
 
 cat >>$root/conf/vhost.conf <<EOF
 # Generated by: proxy-base-conf $*
-# Enable load balancing
+# Do not proxy admin pages
 ProxyPass /balancer-manager !
 ProxyPass /server-status !
 ProxyPass /server-info !
+ProxyPass /proxy !
 
 # Enable balancer manager
 <Location /balancer-manager>
@@ -38,7 +39,7 @@ HostnameLookups on
 EOF
 
 cat >>$root/conf/adminauth.conf <<EOF
-# Generated by: proxy-conf $*
+# Generated by: proxy-base-conf $*
 # Allow the server admin to manage the load balancer
 <Location /balancer-manager>
 Require user admin
diff --git a/sca-cpp/trunk/modules/http/proxy-conf b/sca-cpp/trunk/modules/http/proxy-conf
index b2156e6f74..dd51a34b5b 100755
--- a/sca-cpp/trunk/modules/http/proxy-conf
+++ b/sca-cpp/trunk/modules/http/proxy-conf
@@ -24,12 +24,14 @@ root=`echo "import os; print os.path.realpath('$1')" | python`
 
 cat >>$root/conf/vhost.conf <<EOF
 # Generated by: proxy-conf $*
-# Enable load balancing
+# Do not proxy admin pages
 ProxyPass /balancer-manager !
 ProxyPass /server-status !
 ProxyPass /server-info !
-ProxyPass / balancer://cluster/
+ProxyPass /proxy !
 
+# Enable load balancing
+ProxyPass / balancer://cluster/
 <Proxy balancer://cluster>
 Require all granted
 ProxySet lbmethod=byrequests
diff --git a/sca-cpp/trunk/modules/http/proxy-ssl-conf b/sca-cpp/trunk/modules/http/proxy-ssl-conf
index 94318d7db5..150cf88b60 100755
--- a/sca-cpp/trunk/modules/http/proxy-ssl-conf
+++ b/sca-cpp/trunk/modules/http/proxy-ssl-conf
@@ -24,12 +24,14 @@ root=`echo "import os; print os.path.realpath('$1')" | python`
 
 cat >>$root/conf/vhost-ssl.conf <<EOF
 # Generated by: proxy-ssl-conf $*
-# Enable load balancing
+# Do not proxy admin pages
 ProxyPass /balancer-manager !
 ProxyPass /server-status !
 ProxyPass /server-info !
-ProxyPass / balancer://sslcluster/
+ProxyPass /proxy !
 
+# Enable load balancing
+ProxyPass / balancer://sslcluster/
 <Proxy balancer://sslcluster>
 Require all granted
 ProxySet lbmethod=byrequests