{

my $status = $phplist{'status'} || 'disabled';
my $access = $phplist{'access'} || 'private';
my $auth   = $phplist{'Authentication'} || 'internal';
my $alias  =  $phplist{'AliasOnPrimary'} || 'enabled';
my $ver    = $sysconfig{'ReleaseVersion'} || '8.1';

my $allow = ( $access eq 'public' ) ? 'all granted' : "ip $localAccess $externalSSLAccess";
$alias = ($alias ne 'enabled') ? '' : 'Alias /lists /usr/share/phplist/www/';
$auth = ( $auth eq 'http' ) ? 'AuthName "phplist"' . "\n" .
                              "    AuthType Basic\n" .
		              "    AuthBasicProvider external\n".
                              "    AuthExternal pwauth\n".
                              "    require valid-user\n" : '';

if ($status eq 'enabled') {
    $OUT .=<<"EOF";


$alias
<Directory /usr/share/phplist/www/>
    Options None +FollowSymLinks
    AllowOverride None
    DirectoryIndex index.php
    AddType application/x-httpd-php .php 
    <FilesMatch "\\.(php|inc)\$">
      Require all denied
    </FilesMatch>
    <FilesMatch "(index.php|dl.php|ut.php|lt.php|download.php|connector.php)\$">
      Require all granted
      SetHandler "proxy:unix:/var/run/php-fpm/php80-phplist.sock|fcgi://localhost"
    </FilesMatch>
    Require $allow
</Directory>

# Admin section
<Directory /usr/share/phplist/www/admin>
    SSLRequireSSL on
    <FilesMatch "\\.(php|inc)\$">
      Require all denied
    </FilesMatch>
    <FilesMatch "(index.php|connector.php|upload.php)\$">
      SetHandler "proxy:unix:/var/run/php-fpm/php80-phplist.sock|fcgi://localhost"
      Require all granted
    </FilesMatch>
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
    <RequireAll>
     Require $allow
     $auth
    </RequireAll>
</Directory>

<Directory /usr/share/phplist/www/admin/js>
    <RequireAny>
      Require $allow
    </RequireAny>
</Directory>

<Directory /usr/share/phplist/www/admin/ui>
    <RequireAny>
      Require $allow
    </RequireAny>
</Directory>

EOF
}
else{
    $OUT .= "# PHPList is disabled\n";
}
}
