Hi, I installed for testing PFsense 2.0 on a ALIX.2D13 and I try the captive portal function.
The problem is that the server did not redirect correctly to the authentication page, firefox print a message like this "This page does not redirect correctly. Firefox has detected that the server is redirecting the request for this page so that it can never be completed." and the user is not redirected in the authentication page. If I write in firefox "http://192.168.1.1:8000"; I only have blank page. If someone can give me a clue I thank him in advance, it is my first configuration of pfsense and i don't know if this is a problem in my configuration or if it is a problem in the release. Here i print same info about my configuration. Thank you. ---------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------- Config file: <?xml version="1.0"?> <pfsense> <version>6.3</version> <lastchange/> <theme>pfsense_ng</theme> <sysctl> <item> <desc>Set the ephemeral port range to be lower.</desc> <tunable>net.inet.ip.portrange.first</tunable> <value>default</value> </item> <item> <desc>Drop packets to closed TCP ports without returning a RST</desc> <tunable>net.inet.tcp.blackhole</tunable> <value>default</value> </item> <item> <desc>Do not send ICMP port unreachable messages for closed UDP ports</desc> <tunable>net.inet.udp.blackhole</tunable> <value>default</value> </item> <item> <desc>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</desc> <tunable>net.inet.ip.random_id</tunable> <value>default</value> </item> <item> <desc>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</desc> <tunable>net.inet.tcp.drop_synfin</tunable> <value>default</value> </item> <item> <desc>Enable sending IPv4 redirects</desc> <tunable>net.inet.ip.redirect</tunable> <value>default</value> </item> <item> <desc>Enable sending IPv6 redirects</desc> <tunable>net.inet6.ip6.redirect</tunable> <value>default</value> </item> <item> <desc>Generate SYN cookies for outbound SYN-ACK packets</desc> <tunable>net.inet.tcp.syncookies</tunable> <value>default</value> </item> <item> <desc>Maximum incoming/outgoing TCP datagram size (receive)</desc> <tunable>net.inet.tcp.recvspace</tunable> <value>default</value> </item> <item> <desc>Maximum incoming/outgoing TCP datagram size (send)</desc> <tunable>net.inet.tcp.sendspace</tunable> <value>default</value> </item> <item> <desc>IP Fastforwarding</desc> <tunable>net.inet.ip.fastforwarding</tunable> <value>default</value> </item> <item> <desc>Do not delay ACK to try and piggyback it onto a data packet</desc> <tunable>net.inet.tcp.delayed_ack</tunable> <value>default</value> </item> <item> <desc>Maximum outgoing UDP datagram size</desc> <tunable>net.inet.udp.maxdgram</tunable> <value>default</value> </item> <item> <desc>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</desc> <tunable>net.link.bridge.pfil_onlyip</tunable> <value>default</value> </item> <item> <desc>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</desc> <tunable>net.link.bridge.pfil_member</tunable> <value>default</value> </item> <item> <desc>Set to 1 to enable filtering on the bridge interface</desc> <tunable>net.link.bridge.pfil_bridge</tunable> <value>default</value> </item> <item> <desc>Allow unprivileged access to tap(4) device nodes</desc> <tunable>net.link.tap.user_open</tunable> <value>default</value> </item> <item> <desc>Verbosity of the rndtest driver (0: do not display results on console)</desc> <tunable>kern.rndtest.verbose</tunable> <value>default</value> </item> <item> <desc>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</desc> <tunable>kern.randompid</tunable> <value>default</value> </item> <item> <desc>Maximum size of the IP input queue</desc> <tunable>net.inet.ip.intr_queue_maxlen</tunable> <value>default</value> </item> <item> <desc>Disable CTRL+ALT+Delete reboot from keyboard.</desc> <tunable>hw.syscons.kbd_reboot</tunable> <value>default</value> </item> <item> <desc>Enable TCP Inflight mode</desc> <tunable>net.inet.tcp.inflight.enable</tunable> <value>default</value> </item> <item> <desc>Enable TCP extended debugging</desc> <tunable>net.inet.tcp.log_debug</tunable> <value>default</value> </item> <item> <desc>Set ICMP Limits</desc> <tunable>net.inet.icmp.icmplim</tunable> <value>default</value> </item> <item> <desc>TCP Offload Engine</desc> <tunable>net.inet.tcp.tso</tunable> <value>default</value> </item> <item> <desc>TCP Offload Engine - BCE</desc> <tunable>hw.bce.tso_enable</tunable> <value>default</value> </item> </sysctl> <system> <optimization>normal</optimization> <hostname>fw</hostname> <domain>intranet.net</domain> <group> <name>all</name> <description><![CDATA[All Users]]></description> <scope>system</scope> <gid>1998</gid> <member>0</member> </group> <group> <name>admins</name> <description><![CDATA[System Administrators]]></description> <scope>system</scope> <gid>1999</gid> <member>0</member> <priv>page-all</priv> </group> <user> <name>admin</name> <fullname>System Administrator</fullname> <scope>system</scope> <groupname>admins</groupname> <password>$1$eRkJYBdc$eNo4qKmZCiBWpJHTq92Bc.</password> <uid>0</uid> <priv>user-shell-access</priv> <md5-hash>21232f297a57a5a743894a0e4a801fc3</md5-hash> <nt-hash>a281fad8d0de9635da57c0fe96220aa2</nt-hash> </user> <user> <scope>user</scope> <password>$1$rMNP4/sN$t.dayWIxkXO84LNFHdLyU0</password> <md5-hash>c9f5c29cf490da28e0ee29dddc7151c5</md5-hash> <nt-hash>f51df19a5bd2d915a4347ad5088bef14</nt-hash> <name>test</name> <fullname/> <expires/> <authorizedkeys/> <uid>2000</uid> </user> <nextuid>2001</nextuid> <nextgid>2000</nextgid> <timezone>Europe/Rome</timezone> <time-update-interval/> <timeservers>1.europe.pool.ntp.org</timeservers> <webgui> <protocol>https</protocol> <ssl-certref>4bfd8e989ef1e</ssl-certref> <port/> </webgui> <disablenatreflection>yes</disablenatreflection> <cert> <refid>4bfd8e989ef1e</refid> <name>webConfigurator default</name> <crt>crt> <prv></prv> </cert> <cert> <refid>4bfe2e83641cd</refid> <name>CERTIFICATO-CP</name> <caref>4bfe2e348fde3</caref> <crt></crt> <prv></prv> </cert> <enablesshd>enabled</enablesshd> <dnsserver>208.67.222.222</dnsserver> <dnsserver>208.67.220.220</dnsserver> <dnsallowoverride/> <dns1gwint>none</dns1gwint> <dns2gwint>none</dns2gwint> <dns3gwint>none</dns3gwint> <dns4gwint>none</dns4gwint> <ca> <refid>4bfe2e348fde3</refid> <name>certCP</name> <crt></crt> <prv></prv> <serial>1</serial> </ca> </system> <interfaces> <wan> <enable/> <if>vr1</if> <mtu>1500</mtu> <media/> <mediaopt/> <descr><![CDATA[WAN]]></descr> <ipaddr>10.39.251.140</ipaddr> <subnet>24</subnet> <spoofmac/> </wan> <lan> <enable/> <if>vr0</if> <ipaddr>192.168.1.1</ipaddr> <subnet>24</subnet> <media/> <mediaopt/> </lan> </interfaces> <staticroutes/> <pppoe> <username/> <password/> <provider/> </pppoe> <pptp> <username/> <password/> </pptp> <dhcpd> <lan> <enable/> <range> <from>192.168.1.10</from> <to>192.168.1.100</to> </range> <defaultleasetime/> <maxleasetime/> <netmask></netmask> <failover_peerip/> <gateway/> <domain/> <domainsearchlist/> <ddnsdomain/> <tftp/> <ldap/> <next-server/> <filename/> <rootpath/> <numberoptions/> </lan> </dhcpd> <pptpd> <mode/> <redir/> <localip/> <remoteip/> </pptpd> <ovpn/> <dnsmasq> <enable/> <hosts> <host>fw</host> <domain>intranet.net</domain> <ip>192.168.1.1</ip> <descr/> </hosts> </dnsmasq> <snmpd> <syslocation/> <syscontact/> <rocommunity>public</rocommunity> </snmpd> <diag> <ipv6nat> <ipaddr/> </ipv6nat> </diag> <bridge/> <syslog/> <nat> <ipsecpassthru> <enable/> </ipsecpassthru> </nat> <filter> <rule> <id/> <type>pass</type> <interface>wan</interface> <max/> <max-src-nodes/> <max-src-conn/> <max-src-states/> <statetimeout/> <statetype>keep state</statetype> <os/> <protocol>tcp</protocol> <source> <any/> </source> <destination> <any/> </destination> <log/> <descr/> </rule> <rule> <id/> <type>pass</type> <interface>lan</interface> <max/> <max-src-nodes/> <max-src-conn/> <max-src-states/> <statetimeout/> <statetype>keep state</statetype> <os/> <source> <network>lan</network> </source> <destination> <any/> </destination> <log/> <descr><![CDATA[Default allow LAN to any rule]]></descr> </rule> </filter> <shaper/> <ipsec> <preferredoldsa/> </ipsec> <aliases/> <proxyarp/> <cron> <item> <minute>0</minute> <hour>*</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 newsyslog</command> </item> <item> <minute>1,31</minute> <hour>0-5</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 adjkerntz -a</command> </item> <item> <minute>1</minute> <hour>3</hour> <mday>1</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command> </item> <item> <minute>*/60</minute> <hour>*</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command> </item> <item> <minute>1</minute> <hour>1</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command> </item> <item> <minute>*/60</minute> <hour>*</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command> </item> <item> <minute>*/5</minute> <hour>*</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 /usr/local/bin/checkreload.sh</command> </item> </cron> <wol/> <rrd> <enable/> </rrd> <load_balancer> <monitor_type> <name>ICMP</name> <type>icmp</type> <desc>ICMP</desc> <options/> </monitor_type> <monitor_type> <name>TCP</name> <type>tcp</type> <desc>Generic TCP</desc> <options/> </monitor_type> <monitor_type> <name>HTTP</name> <type>http</type> <desc>Generic HTTP</desc> <options> <path>/</path> <host/> <code>200</code> </options> </monitor_type> <monitor_type> <name>HTTPS</name> <type>https</type> <desc>Generic HTTPS</desc> <options> <path>/</path> <host/> <code>200</code> </options> </monitor_type> <monitor_type> <name>SMTP</name> <type>send</type> <desc>Generic SMTP</desc> <options> <send>EHLO nosuchhost</send> <expect>250-</expect> </options> </monitor_type> </load_balancer> <widgets> <sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close</sequence> </widgets> <revision> <time>1274950593</time> <description><![CDATA[admin: /services_dhcp.php made unknown change]]></description> <username>admin</username> </revision> <l7shaper> <container/> </l7shaper> <dnshaper/> <gateways> <gateway_item> <interface>wan</interface> <gateway>10.39.251.5</gateway> <name>netscreen</name> <weight>1</weight> <descr/> <defaultgw/> </gateway_item> </gateways> <openvpn/> <captiveportal> <page/> <timeout>60</timeout> <interface>lan</interface> <maxproc/> <idletimeout/> <enable/> <auth_method>local</auth_method> <reauthenticateacct/> <httpsname>fw.intranet.net</httpsname> <bwdefaultdn/> <bwdefaultup/> <certificate> </certificate> <cacertificate/> <private-key> </private-key> <redirurl>http://www.google.it</redirurl> <radiusip/> <radiusip2/> <radiusport/> <radiusport2/> <radiusacctport/> <radiuskey/> <radiuskey2/> <radiusvendor>default</radiusvendor> <radmac_format>default</radmac_format> <logoutwin_enable/> </captiveportal> </pfsense> ---------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------- The output of the command "ipfw list": 65291 allow pfsync from any to any 65292 allow carp from any to any 65301 allow ip from any to any layer2 mac-type 0x0806 65302 allow ip from any to any layer2 mac-type 0x888e 65303 allow ip from any to any layer2 mac-type 0x88c7 65304 allow ip from any to any layer2 mac-type 0x8863 65305 allow ip from any to any layer2 mac-type 0x8864 65306 allow ip from any to any layer2 mac-type 0x888e 65307 deny ip from any to any layer2 not mac-type 0x0800 65310 allow udp from any 68 to { 255.255.255.255 or 192.168.1.1 } dst-port 67 in 65311 allow udp from any 68 to { 255.255.255.255 or 192.168.1.1 } dst-port 67 in 65312 allow udp from { 255.255.255.255 or 192.168.1.1 } 67 to any dst-port 68 ou t 65313 allow icmp from { 255.255.255.255 or 192.168.1.1 } to any out icmptypes 0 65314 allow icmp from any to { 255.255.255.255 or 192.168.1.1 } in icmptypes 8 65315 allow udp from any to { 255.255.255.255 or 192.168.1.1 } dst-port 53 in 65316 allow udp from { 255.255.255.255 or 192.168.1.1 } 53 to any out 65317 allow tcp from any to { 255.255.255.255 or 192.168.1.1 } dst-port 8000 in 65318 allow tcp from { 255.255.255.255 or 192.168.1.1 } 8000 to any out 65319 allow tcp from any to { 255.255.255.255 or 192.168.1.1 } dst-port 443 in 65320 allow tcp from { 255.255.255.255 or 192.168.1.1 } 443 to any out 65321 allow ip from table(3) to any in 65322 allow ip from any to table(4) out 65323 pipe tablearg ip from table(5) to any in 65324 pipe tablearg ip from any to table(6) out 65325 allow ip from any to table(7) in 65326 allow ip from table( to any out 65327 pipe tablearg ip from any to table(9) in 65328 pipe tablearg ip from table(10) to any out 65329 allow ip from table(1) to any in 65330 allow ip from any to table(2) out 65531 fwd 127.0.0.1,8000 tcp from any to any in 65532 allow tcp from any to any out 65533 deny ip from any to any 65534 allow ip from any to any layer2 65535 allow ip from any to any ---------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------- lighty-CaptivePortal.conf : # lighttpd configuration file # # use a it as base for lighttpd 1.0.0 and above # ############ Options you really have to take care of #################### ## FreeBSD! server.event-handler = "freebsd-kqueue" server.network-backend = "writev" ## modules to load server.modules = ( "mod_acc esslog", "mod_acc ess", "mod_accesslog", "mod_expire", "mod_compress", "mod_redirect", "mod_fas tcgi", "mod_cgi","mod_rewrite" ) ## Unused modules # "mod_setenv", # "mod_rewrite", # "mod_ssi", # "mod_usertrack", # "mod_expire", # "mod_secdownload", # "mod_rrdtool", # "mod_auth", # "mod_status", # "mod_alias", # "mod_proxy", # "mod_simple_vhost", # "mod_evhost", # "mod_userdir", # "mod_cgi", server.max-keep-alive-requests = 15 server.max-keep-alive-idle = 30 ## a static document-root, for virtual-hosting take look at the ## server.virtual-* options server.document-root = "/usr/local/captiveportal/" url.rewrite-once = ( "(.*captiveportal.*)" => "$1", "(.*)" => "/index.php?rediru rl=$1" ) # Maximum idle time with nothing being written (php downloading) server.max-write-idle = 999 ## where to send error-messages to server.errorlog = "/var/log/lighttpd.error.log" # files to check for if .../ is requested server.indexfiles = ( "index.php", "index.html", "index.htm", "default.htm" ) # mimetype mapping mimetype.assign = ( ".pdf" => "application/pdf", ".sig" => "application/pgp-signature", ".spl" => "application/futuresplash", ".class" => "application/octet-stream", ".ps" => "application/postscript", ".torrent" => "application/x-bittorrent", ".dvi" => "application/x-dvi", ".gz" => "application/x-gzip", ".pac" => "application/x-ns-proxy-autoconfig", ".swf" => "application/x-shockwave-flash", ".tar.gz" => "application/x-tgz", ".tgz" => "application/x-tgz", ".tar" => "application/x-tar", ".zip" => "application/zip", ".mp3" => "audio/mpeg", ".m3u" => "audio/x-mpegurl", ".wma" => "audio/x-ms-wma", ".wax" => "audio/x-ms-wax", ".ogg" => "audio/x-wav", ".wav" => "audio/x-wav", ".gif" => "image/gif", ".jpg" => "image/jpeg", ".jpeg" => "image/jpeg", ".png" => "image/png", ".xbm" => "image/x-xbitmap", ".xpm" => "image/x-xpixmap", ".xwd" => "image/x-xwindowdump", ".css" => "text/css", ".html" => "text/html", ".htm" => "text/html", ".js" => "text/javascript", ".asc" => "text/plain", ".c" => "text/plain", ".conf" => "text/plain", ".text" => "text/plain", ".txt" => "text/plain", ".dtd" => "text/xml", ".xml" => "text/xml", ".mpeg" => "video/mpeg", ".mpg" => "video/mpeg", ".mov" => "video/quicktime", ".qt" => "video/quicktime", ".avi" => "video/x-msvideo", ".asf" => "video/x-ms-asf", ".asx" => "video/x-ms-asf", ".wmv" => "video/x-ms-wmv", ".bz2" => "application/x-bzip", ".tbz" => "application/x-bzip-compressed-tar", ".tar.bz2" => "application/x-bzip-compressed-tar" ) # Use the "Content-Type" extended attribute to obtain mime type if possible #mimetypes.use-xattr = "enable" #### accesslog module #accesslog.filename = "/dev/null" ## deny access the file-extensions # # ~ is for backupfiles from vi, emacs, joe, ... # .inc is often used for code includes which should in general not be part # of the document-root url.access-deny = ( "~", ".inc" ) ######### Options that are good to be but not neccesary to be changed ####### ## bind to port (default: 80) server.port = 8000 ## error-handler for status 404 #server.error-handler-404 = "/error-handler.html" #server.error-handler-404 = "/error-handler.php" ## to help the rc.scripts server.pid-file = "/var/run/lighty-CaptivePortal.pid" ## virtual directory listings server.dir-listing = "disable" ## enable debugging debug.log-request-header = "disable" debug.log-response-header = "disable" debug.log-request-handling = "disable" debug.log-file-not-found = "disable" # gzip compression compress.cache-dir = "/tmp/lighttpdcompress/" compress.filetype = ("text/plain","text/css", "text/xml", "text/javascript" ) server.upload-dirs = ( "/tmp/captiveportal/" ) server.max-request-size = 384 #### fastcgi module ## read fastcgi.txt for more info fastcgi.server = ( ".php" => ( "localhost" => ( "socket" => "/tmp/php-fastcgi.socket", "min-procs" => 0, "max-procs" => 3, "bin-environment" => ( "PHP_FCGI_CHILDREN" => "3", "PHP_FCGI_MAX_REQUESTS" => "500" ), "bin-path" => "/usr/local/bin/php" ) ) ) #### CGI module cgi.assign = ( ".cgi" => "" ) expire.url = ( "" => "access 50 hours", ) ---------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------- lighty-webConfigurator.conf : # # lighttpd configuration file # # use a it as base for lighttpd 1.0.0 and above # ############ Options you really have to take care of #################### ## FreeBSD! server.event-handler = "freebsd-kqueue" server.network-backend = "writev" ## modules to load server.modules = ( "mod_acc ess", "mod_accesslog", "mod_expire", "mod_compress", "mod_redirect", "mod_fas tcgi", "mod_cgi" ) ## Unused modules # "mod_setenv", # "mod_rewrite", # "mod_ssi", # "mod_usertrack", # "mod_expire", # "mod_secdownload", # "mod_rrdtool", # "mod_auth", # "mod_status", # "mod_alias", # "mod_proxy", # "mod_simple_vhost", # "mod_evhost", # "mod_userdir", # "mod_cgi", server.max-keep-alive-requests = 15 server.max-keep-alive-idle = 30 ## a static document-root, for virtual-hosting take look at the ## server.virtual-* options server.document-root = "/usr/local/www/" # Maximum idle time with nothing being written (php downloading) server.max-write-idle = 999 ## where to send error-messages to server.errorlog = "/var/log/lighttpd.error.log" # files to check for if .../ is requested server.indexfiles = ( "index.php", "index.html", "index.htm", "default.htm" ) # mimetype mapping mimetype.assign = ( ".pdf" => "application/pdf", ".sig" => "application/pgp-signature", ".spl" => "application/futuresplash", ".class" => "application/octet-stream", ".ps" => "application/postscript", ".torrent" => "application/x-bittorrent", ".dvi" => "application/x-dvi", ".gz" => "application/x-gzip", ".pac" => "application/x-ns-proxy-autoconfig", ".swf" => "application/x-shockwave-flash", ".tar.gz" => "application/x-tgz", ".tgz" => "application/x-tgz", ".tar" => "application/x-tar", ".zip" => "application/zip", ".mp3" => "audio/mpeg", ".m3u" => "audio/x-mpegurl", ".wma" => "audio/x-ms-wma", ".wax" => "audio/x-ms-wax", ".ogg" => "audio/x-wav", ".wav" => "audio/x-wav", ".gif" => "image/gif", ".jpg" => "image/jpeg", ".jpeg" => "image/jpeg", ".png" => "image/png", ".xbm" => "image/x-xbitmap", ".xpm" => "image/x-xpixmap", ".xwd" => "image/x-xwindowdump", ".css" => "text/css", ".html" => "text/html", ".htm" => "text/html", ".js" => "text/javascript", ".asc" => "text/plain", ".c" => "text/plain", ".conf" => "text/plain", ".text" => "text/plain", ".txt" => "text/plain", ".dtd" => "text/xml", ".xml" => "text/xml", ".mpeg" => "video/mpeg", ".mpg" => "video/mpeg", ".mov" => "video/quicktime", ".qt" => "video/quicktime", ".avi" => "video/x-msvideo", ".asf" => "video/x-ms-asf", ".asx" => "video/x-ms-asf", ".wmv" => "video/x-ms-wmv", ".bz2" => "application/x-bzip", ".tbz" => "application/x-bzip-compressed-tar", ".tar.bz2" => "application/x-bzip-compressed-tar" ) # Use the "Content-Type" extended attribute to obtain mime type if possible #mimetypes.use-xattr = "enable" #### accesslog module #accesslog.filename = "/dev/null" ## deny access the file-extensions # # ~ is for backupfiles from vi, emacs, joe, ... # .inc is often used for code includes which should in general not be part # of the document-root url.access-deny = ( "~", ".inc" ) ######### Options that are good to be but not neccesary to be changed ####### ## bind to port (default: 80) server.port = 443 ## error-handler for status 404 #server.error-handler-404 = "/error-handler.html" #server.error-handler-404 = "/error-handler.php" ## to help the rc.scripts server.pid-file = "/var/run/lighty-webConfigurator.pid" ## virtual directory listings server.dir-listing = "disable" ## enable debugging debug.log-request-header = "disable" debug.log-response-header = "disable" debug.log-request-handling = "disable" debug.log-file-not-found = "disable" # gzip compression compress.cache-dir = "/tmp/lighttpdcompress/" compress.filetype = ("text/plain","text/css", "text/xml", "text/javascript" ) server.upload-dirs = ( "/root/", "/tmp/", "/var/" ) server.max-request-size = 2097152 #### fastcgi module ## read fastcgi.txt for more info fastcgi.server = ( ".php" => ( "localhost" => ( "socket" => "/tmp/php-fastcgi.socket", "min-procs" => 0, "max-procs" => 3, "bin-environment" => ( "PHP_FCGI_CHILDREN" => "3", "PHP_FCGI_MAX_REQUESTS" => "500" ), "bin-path" => "/usr/local/bin/php" ) ) ) #### CGI module cgi.assign = ( ".cgi" => "" ) expire.url = ( "" => "access 50 hours", ) ## ssl configuration ssl.engine = "enable" ssl.pemfile = "/var/etc/cert.pem" $SERVER["socket"] == ":80" { $HTTP["host"] =~ "(.*)" { url.redirect = ( "^/(.*)" => "https://%1/$1"; ) } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
