sync default conf avec notre rôle Ansible

HowtoApache.md

@@ -127,16 +127,47 @@ MaxRequestWorkers 250
 StartServers 50
 MinSpareServers 20
 MaxSpareServers 30
-MaxRequestsPerChild 100
+MaxConnectionsPerChild 100
 
+LimitUIDRange       0 6000
+LimitGIDRange       0 6000
+
+<IfModule mod_ssl.c>
+    SSLProtocol all -SSLv2 -SSLv3
+    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
+</IfModule>
+
+<IfModule status_module>
+    ExtendedStatus On
+    <IfModule proxy_module>
+        ProxyStatus On
+    </IfModule>
+</IfModule>
+
+# Go away bad bots (define "bad bots" in zzz-evolinux-custom.conf)
 <If "reqenv('GoAway') -eq 1">
   Require all denied
 </If>
 
-<IfModule mod_ssl.c>
-SSLProtocol all -SSLv2 -SSLv3
-SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
-</IfModule>
+<DirectoryMatch "/\.git">
+    # We don't want to let the client know a file exist on the server,
+    # so we return 404 "Not found" instead of 403 "Forbidden".
+    Redirect 404
+</DirectoryMatch>
+
+# File names starting with
+<FilesMatch "^\.(git|env)">
+    Redirect 404
+</FilesMatch>
+
+# File names ending with
+<FilesMatch "\.(inc|bak)$">
+    Redirect 404
+</FilesMatch>
+
+<LocationMatch "^/evolinux_fpm_status-.*">
+    Require all denied
+</LocationMatch>
 ~~~
 
 et nos optimisations spécifiques dans `/etc/apache2/conf-available/zzz-evolinux-custom.conf` :