#### HTTP www.nicotine-plus.org vhost ####
###########################################

<VirtualHost *:80>
	ServerAdmin trac-admin@le-vert.net
        ServerName www.nicotine-plus.org
        ServerAlias nicotine-plus.org
        ServerAlias www.nicotine-plus.org


	### Trac common stuff
	Alias /trac "/usr/share/trac/htdocs/"
	<Directory /usr/share/trac/htdocs/>
        	Options Indexes MultiViews
	        AllowOverride None
	        Order deny,allow
	        allow from all
	</Directory>
	
	### Trac configuration
        <Location />
	         SetHandler mod_python
	         PythonHandler trac.web.modpython_frontend
	         PythonOption TracUriRoot /
	         PythonOption TracEnv /data/trac/nicotine+
	         # Workaround for "instance.__dict__ not accessible in restricted mode"
		 # See: http://trac.edgewall.org/ticket/3455#comment:5
		 PythonInterpreter "trac"
		 Order deny,allow 
	 	 allow from all
        </Location>

	### We need an htaccess auth on /login
        <Location "/login">
	        AuthType Basic
		AuthName "Nicotine+ Trac's Admin Area"
		AuthUserFile /data/trac/auth/nicotine+.le-vert.net
		Require valid-user
        </Location>



	### DavSVN on /svn
        <Location /svn>
		DAV svn
		SVNPath /data/subversion/nicotine+
		AuthType Basic
		AuthName "Nicotine+'s Subversion Repository"
		AuthUserFile /data/trac/auth/nicotine+.le-vert.net
		<LimitExcept GET PROPFIND OPTIONS REPORT>
			Require valid-user
		</LimitExcept>
        </Location>



	### Debian & Ubuntu repository and sources tarballs
	Alias /debian "/data/repos/nicotine+/debian/"
	Alias /ubuntu "/data/repos/nicotine+/ubuntu/"
	Alias /files "/data/repos/nicotine+/files/"
	
	<Directory "/data/repos/nicotine+/">
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order deny,allow
		allow from all
	</Directory>

	<Location /debian>
		SetHandler None
	</Location>

	<Location /ubuntu>
		SetHandler None
	</Location>
	
	<Location /files>
		SetHandler None
	</Location>

	### Disable python handler on /icons (indexer)
	<Location /icons>
		SetHandler None
	</Location>


	### Enable CGIs
	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

	<Directory /usr/lib/cgi-bin/>
		AllowOverride none
		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
		Order allow,deny
		Allow from all
		AuthType Basic
		AuthName "Nicotine+'s Access Stats"
		AuthUserFile /data/trac/auth/nicotine+.le-vert.net
		Require valid-user
	</Directory>
	
	<Location /cgi-bin>
		SetHandler None
	</Location>



	### Awstats access stats
	Alias /awstats-icon/ /usr/share/awstats/icon/
	
	<Location /awstats-icon>
		SetHandler None
	</Location>

	ErrorLog /var/log/apache2/www.nicotine-plus.org-error.log
        LogLevel warn
        
	CustomLog /var/log/apache2/www.nicotine-plus.org-access.log combined
        ServerSignature On



######################## Get rid of spammers....
######################## See: http://madwifi.org/wiki/FightingTracSpam

<IfModule mod_security.c>
    #
    # anti trac-spam rules v7
    # http://madwifi.org/wiki/FightingTracSpam
    #

    SecFilterDebugLevel     0
    # uncomment the following line if you enable debugging:
    #SecFilterDebugLog /path/to/somewhere/trac-spam.log

    SecFilterEngine         On
    SecFilterScanPOST       On
    SecFilterCheckURLEncoding On
    SecFilterCheckCookieFormat On
    SecFilterCheckUnicodeEncoding Off

    # default rule: if a request matches, we want mod-security to
    # put a notice about it into the (v)hosts' error log and
    # deny the request with status 402 ("Payment required")
    SecFilterDefaultAction "deny,log,status:402"

    # have a look at POST requests only, since they are what is used
    # to submit the spam - this helps to reduce the load that is
    # caused by mod-security
    SecFilterSelective REQUEST_METHOD "!(^POST$)" "nolog,allow"

    # allow all POST requests that are not directed to one of the
    # handlers we take into account below
    SecFilterSelective REQUEST_URI "!(/(wiki|newticket|ticket).*$)" "nolog,allow"

    # block POSTs to /ticket/<number>#preview and /newticket#preview
    # this catches spam type 1
    SecFilterSelective REQUEST_URI "^/(newticket|ticket/[0-9]+).*\#preview"

    # block POSTs to /wiki, /ticket and /newticket from users who
    # don't have a trac cookie
    # this catches spam type 2
    # 
    # CAUTION: these rules likely cause false positives, as some users tend
    # to turn off cookie support in their browser. Don't activate them unless
    # you're sure that this won't offend your visitors, or at least warn
    # visitors.
    #SecFilterSelective REQUEST_URI "^/(wiki/|newticket|ticket/).*$" chain
    #SecFilterSelective HTTP_COOKIE "!(trac_auth|trac_session)"

    # don't accept usage of HTML processor in tickets / ticket comments
    # this catches spam type 3
    SecFilterSelective REQUEST_URI "^/(newticket|ticket/).*$" chain
    SecFilterSelective "ARG_description|ARG_comment" "#!html"

    # block new ticket and ticket comment POSTs if they contain more
    # than one URL 
    # this catches spam type 4
    SecFilterSelective "REQUEST_URI" "^/(newticket|ticket/).*$" chain
    SecFilterSelective "ARGS" "http\:/.*http\:/"

    # block LED spammer; his spam is not blocked by the previous
    # rule, since he only includes only one URL to the spamvertised
    # website
    # last but not least, this catches spam type 5
    SecFilterSelective REQUEST_URI "^/(newticket|ticket/).*$" chain
    SecFilterSelective "ARG_description|ARG_comment" "www.tideled.com"

    # block tickets or comments with an http://-URL in it, if user is
    # not properly authenticated; throw a 403 that allows to present
    # users with a custom error page which explains what is going
    # on (see below)
    SecFilterSelective "REQUEST_URI" "/(newticket|ticket/).*$" chain
    SecFilterSelective HTTP_COOKIE "!trac_auth" chain
    SecFilterSelective HTTP_Authorization "!Basic" chain
    SecFilterSelective "ARGS" "(http|https):/" "deny,log,status:403"


    # Apache allows to present users with customized error pages,
    # and we can make use of that feature to let spammers know what
    # we think of 'em.
    # Tell Apache what file to use as error page for 402, and
    # let it know that requests to this file should not be handled
    # by Trac.
    # 
    # Uncomment the following lines if you want to make use of this
    # feature (see also step 3 of the recipe):
    Alias /error402.html /data/trac/nicotine+/htdocs/error402.html 
    ErrorDocument   402     /error402.html
    <Location /error402.html>
        <IfModule mod_include.c>
	    # Don't forget to set the file +x
	#            XBitHack On
	</IfModule>
        SetHandler None
    </Location>
    #
    # Another use for customized error pages is, as mentioned above,
    # to let users know why they are not allowed to give URLs in
    # their tickets and what they can do to circumvent this
    # limitation.
    Alias /error403.html /data/trac/nicotine+/htdocs/error403.html 
    ErrorDocument   403     /error403.html
    <Location /error403.html>
        SetHandler  None
    </Location>
</IfModule>

</VirtualHost>

## End HTTP www.nicotine-plus.org vhost ##
##########################################



### HTTPS www.nicotine-plus.org vhost ####
##########################################

<VirtualHost *:443>

        ServerName www.nicotine-plus.org
        ServerAlias nicotine-plus.org
        ServerAlias www.nicotine-plus.org
	
	RewriteEngine On
	RewriteRule ^(.*) http://%{SERVER_NAME}$1

</VirtualHost>

# End HTTPS www.nicotine-plus.org vhost ##
##########################################