|
version 1.43.2.2, 2019/07/07 18:39:39
|
version 1.43.2.3, 2020/01/06 15:54:10
|
|
Line 67 http://www.lon-capa.org/
|
Line 67 http://www.lon-capa.org/
|
| </dependencies> |
</dependencies> |
| <perlscript mode='fg' dist="default"> |
<perlscript mode='fg' dist="default"> |
| # Generated from doc/loncapafiles/webserver.piml |
# Generated from doc/loncapafiles/webserver.piml |
| |
use Socket; |
| |
use Sys::Hostname::FQDN(); |
| unless (-e "<TARGET />") { |
unless (-e "<TARGET />") { |
| print '**** ERROR! <TARGET /> should exist! Are you missing the Apache '. |
print '**** ERROR! <TARGET /> should exist! Are you missing the Apache '. |
| 'software package?'; |
'software package?'; |
|
Line 168 else {
|
Line 170 else {
|
| system("cp $rewrite_off $curr_rewrite"); |
system("cp $rewrite_off $curr_rewrite"); |
| chmod(0644, $curr_rewrite); |
chmod(0644, $curr_rewrite); |
| } else { |
} else { |
| my ($not_rewrite_on,$not_rewrite_off); |
my ($not_rewrite_on,$not_rewrite_off,$rewrite_state); |
| if (open(PIPE, "diff --brief $rewrite_off $curr_rewrite |")) { |
if (open(PIPE, "diff --brief $rewrite_off $curr_rewrite |")) { |
| my $diffres = <PIPE> ; |
my $diffres = <PIPE> ; |
| close(PIPE); |
close(PIPE); |
| chomp($diffres); |
chomp($diffres); |
| if ($diffres) { |
if ($diffres) { |
| $not_rewrite_off = 1; |
$not_rewrite_off = 1; |
| |
} else { |
| |
$rewrite_state = 'off'; |
| } |
} |
| } |
} |
| if (open(PIPE, "diff --brief $rewrite_on $curr_rewrite |")) { |
if (open(PIPE, "diff --brief $rewrite_on $curr_rewrite |")) { |
|
Line 183 else {
|
Line 187 else {
|
| chomp($diffres); |
chomp($diffres); |
| if ($diffres) { |
if ($diffres) { |
| $not_rewrite_on = 1; |
$not_rewrite_on = 1; |
| |
} else { |
| |
$rewrite_state = 'on'; |
| } |
} |
| } |
} |
| unless ($not_rewrite_off || $not_rewrite_on) { |
if ($not_rewrite_off && $not_rewrite_on) { |
| print('**** WARNING **** '.$curr_rewrite.' does not match '. |
print('**** WARNING **** '."\n".$curr_rewrite.' does not match '. |
| 'either: '.$rewrite_on.' - the file used to enable rewriting '. |
'either:'."\n".$rewrite_on.' - the file used to enable rewriting '. |
| 'of requests for http:// to https:// or: '.$rewrite_off. |
'of requests for http:// to https:// '."\n".'or:'."\n".$rewrite_off. |
| ' - the file used to disable such rewriting'."\n\n". |
' - the file used to disable such rewriting'."\n\n". |
| 'This may be because '. $curr_rewrite.' has been '. |
'This may be because '. $curr_rewrite.' has been '. |
| 'previously customized, or it may be because of a change '. |
'previously customized,'."\n".'or it may be because of a change '. |
| 'to the files in '.$rewrite_dir."\n"); |
'to the files in '.$rewrite_dir."\n"); |
| |
if (open(my $fh,'<',$curr_rewrite)) { |
| |
while(<$fh>) { |
| |
if (/^\s*RewriteEngine\s+(on|off)\s*$/i) { |
| |
if ($1 eq 'on') { |
| |
$rewrite_state = 'on'; |
| |
} else { |
| |
$rewrite_state = 'off'; |
| |
} |
| |
last; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
if ($rewrite_state eq 'on') { |
| |
# Checking for rewrites of https:// to http:// |
| |
my ($gotrules,$rulestr,$ssldir); |
| |
if ('<DIST />' eq 'suse9.2' || '<DIST />' eq 'suse9.3' |
| |
|| '<DIST />' eq 'sles9') { |
| |
$ssldir = '/etc/apache/vhosts.d'; |
| |
} elsif ('<DIST />' =~ /^(suse|sles)/) { |
| |
$ssldir = '/etc/apache2/vhosts.d'; |
| |
} elsif ('<DIST />' =~ /^(debian|ubuntu)/) { |
| |
$ssldir = '/etc/apache2/sites-available'; |
| |
} else { |
| |
$ssldir = '/etc/httpd/conf.d'; |
| |
} |
| |
my $hostname = Sys::Hostname::FQDN::fqdn(); |
| |
my $hostip = Socket::inet_ntoa(scalar(gethostbyname($hostname)) || 'localhost'); |
| |
my @expected = ('RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:\/\/)', |
| |
'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)', |
| |
'RewriteRule ^/adm/wrapper/ext/(?!https:\/\/) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]', |
| |
'RewriteCond %{REMOTE_ADDR} 127.0.0.1', |
| |
'RewriteRule (.*) - [L]'); |
| |
if (($hostip ne '') && ($hostip ne '127.0.0.1')) { |
| |
push(@expected,('RewriteCond %{REMOTE_ADDR} '.$hostip, |
| |
'RewriteRule (.*) - [L]')); |
| |
} |
| |
push(@expected,('RewriteCond %{REQUEST_URI} ^/public/.*/syllabus$', |
| |
'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)', |
| |
'RewriteRule ^/public/.*/syllabus$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]')); |
| |
if (-d $ssldir) { |
| |
my @rewrites; |
| |
if (opendir(my $dir,$ssldir)) { |
| |
my @sslconf_files; |
| |
foreach my $file (!grep(/^\.$/,readdir($dir))) { |
| |
if (open(my $fh,'<',"$ssldir/$file")) { |
| |
while (<$fh>) { |
| |
if (/^\s*<VirtualHost\s+[^:]*\:443>\s*$/) { |
| |
push(@sslconf_files,$file); |
| |
last; |
| |
} |
| |
} |
| |
close($fh); |
| |
} |
| |
} |
| |
if (@sslconf_files) { |
| |
my @rewrites; |
| |
foreach my $file (@sslconf_files) { |
| |
if (open(my $fh,'<',"$ssldir/$file")) { |
| |
my ($rewrite,$num) = (0,0); |
| |
while (<$fh>) { |
| |
if ($rewrite) { |
| |
if (/\s*<\/IfModule>/) { |
| |
$rewrite = 0; |
| |
$num ++; |
| |
} else { |
| |
chomp(); |
| |
s/^(\s+|\s+)$//g; |
| |
push(@{$rewrites[$num]},$_); |
| |
} |
| |
} elsif (/^\s*<IfModule\s+mod_rewrite.c>/) { |
| |
$rewrite = 1; |
| |
} |
| |
} |
| |
close($fh); |
| |
} |
| |
} |
| |
} |
| |
closedir($dir); |
| |
} |
| |
if (@rewrites) { |
| |
foreach my $item (@rewrites) { |
| |
if (ref($item) eq 'ARRAY') { |
| |
my $found = 0; |
| |
foreach my $item (@rewrites) { |
| |
foreach my $match (@expected) { |
| |
if ($match eq $item) { |
| |
$found ++; |
| |
last; |
| |
} |
| |
} |
| |
} |
| |
if ($found >= @expected) { |
| |
$gotrules = 1; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| |
unless ($gotrules) { |
| |
print('**** WARNING **** '."\n".$curr_rewrite.' is currently set so rewrites '. |
| |
'of http to https are enabled for most URLs.'."\n". |
| |
'Unless your Apache configuration includes Strict-Transport-Security '. |
| |
'(with max-age > 0), it is recommended to also set rewrites from https to http '. |
| |
'for specific URLs in a file in '.$ssldir.' by including the following:'."\n". |
| |
"<IfModule mod_rewrite.c>\n".' '. |
| |
join("\n ",@expected)."\n". |
| |
"</IfModule>\n"); |
| |
} |
| } |
} |
| } |
} |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to webserver.piml CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc / loncapafiles