version 1.381, 2021/04/18 02:08:46
|
version 1.384, 2021/08/01 19:28:10
|
Line 223 sub handler {
|
Line 223 sub handler {
|
'ltitools','ssl','trust','lti','privacy','passwords', |
'ltitools','ssl','trust','lti','privacy','passwords', |
'proctoring','wafproxy'],$dom); |
'proctoring','wafproxy'],$dom); |
my %encconfig = |
my %encconfig = |
&Apache::lonnet::get_dom('encconfig',['ltitools','lti','proctoring'],$dom); |
&Apache::lonnet::get_dom('encconfig',['ltitools','lti','proctoring'],$dom,undef,1); |
if (ref($domconfig{'ltitools'}) eq 'HASH') { |
if (ref($domconfig{'ltitools'}) eq 'HASH') { |
if (ref($encconfig{'ltitools'}) eq 'HASH') { |
if (ref($encconfig{'ltitools'}) eq 'HASH') { |
foreach my $id (keys(%{$domconfig{'ltitools'}})) { |
foreach my $id (keys(%{$domconfig{'ltitools'}})) { |
Line 7337 sub print_wafproxy {
|
Line 7337 sub print_wafproxy {
|
foreach my $domain (keys(%otherdoms)) { |
foreach my $domain (keys(%otherdoms)) { |
%{$values{$domain}} = (); |
%{$values{$domain}} = (); |
my %config = &Apache::lonnet::get_dom('configuration',['wafproxy'],$domain); |
my %config = &Apache::lonnet::get_dom('configuration',['wafproxy'],$domain); |
if (ref($config{$domain}) eq 'HASH') { |
if (ref($config{'wafproxy'}) eq 'HASH') { |
if (ref($config{$domain}{'wafproxy'}) eq 'HASH') { |
$aliases{$domain} = $config{'wafproxy'}{'alias'}; |
$aliases{$domain} = $config{$domain}{'wafproxy'}{'alias'}; |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { |
$values{$domain}{$item} = $config{'wafproxy'}{$item}; |
$values{$domain}{$item} = $config{$domain}{'wafproxy'}{$item}; |
|
} |
|
} |
} |
} |
} |
} |
} |
Line 7354 sub print_wafproxy {
|
Line 7352 sub print_wafproxy {
|
$itemcount ++; |
$itemcount ++; |
my $dom_in_effect; |
my $dom_in_effect; |
my $aliasrows = '<tr>'. |
my $aliasrows = '<tr>'. |
'<td class="LC_left_item">'.&mt('Hostname').': '. |
'<td class="LC_left_item" style="vertical-align: baseline;">'. |
&Apache::lonnet::hostname($server).'</td>'; |
&mt('Hostname').': '. |
|
'<i>'.&Apache::lonnet::hostname($server).'</i></td><td> </td>'; |
if ($othercontrol{$server}) { |
if ($othercontrol{$server}) { |
$dom_in_effect = $othercontrol{$server}; |
$dom_in_effect = $othercontrol{$server}; |
my $current; |
my $current; |
if (ref($aliases{$othercontrol{$server}}) eq 'HASH') { |
if (ref($aliases{$dom_in_effect}) eq 'HASH') { |
$current = $aliases{$othercontrol{$server}{$server}}; |
$current = $aliases{$dom_in_effect}{$server}; |
} |
} |
|
$aliasrows .= '<td class="LC_left_item" style="vertical-align: baseline;">'. |
|
&mt('Alias').': '; |
if ($current) { |
if ($current) { |
$aliasrows .= $current; |
$aliasrows .= $current; |
} else { |
} else { |
$aliasrows .= &mt('None in effect'); |
$aliasrows .= &mt('None'); |
} |
} |
$aliasrows .= '<td class="LC_left_item"><span class="LC_small">('. |
$aliasrows .= ' <span class="LC_small">('. |
&mt('WAF/Reverse Proxy controlled by domain: [_1]', |
&mt('controlled by domain: [_1]', |
'<b>'.$othercontrol{$server}.'</b>').'</span></td>'; |
'<b>'.$dom_in_effect.'</b>').')</span></td>'; |
} else { |
} else { |
$dom_in_effect = $dom; |
$dom_in_effect = $dom; |
my $current; |
my $current; |
Line 7378 sub print_wafproxy {
|
Line 7379 sub print_wafproxy {
|
$current = $aliases{$dom}{$server}; |
$current = $aliases{$dom}{$server}; |
} |
} |
} |
} |
$aliasrows .= '<td class="LC_left_item">'.&mt('WAF/Reverse Proxy Alias').': '. |
$aliasrows .= '<td class="LC_left_item" style="vertical-align: baseline;">'. |
|
&mt('Alias').': '. |
'<input type="text" name="wafproxy_alias_'.$server.'" '. |
'<input type="text" name="wafproxy_alias_'.$server.'" '. |
'value="'.$current.'" size="30" /></td>'; |
'value="'.$current.'" size="30" /></td>'; |
} |
} |
Line 7408 sub print_wafproxy {
|
Line 7410 sub print_wafproxy {
|
'</table></td></tr>'; |
'</table></td></tr>'; |
$itemcount++; |
$itemcount++; |
} |
} |
if (keys(%othercontrol)) { |
if (keys(%otherdoms)) { |
foreach my $key (sort(keys(%othercontrol))) { |
foreach my $key (sort(keys(%otherdoms))) { |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
$datatable = '<tr'.$css_class.'>'. |
$datatable .= '<tr'.$css_class.'>'. |
'<td class="LC_left_item">'.&mt('Domain: [_1]','<b>'.$key.'</b>').'</td>'. |
'<td class="LC_left_item">'.&mt('Domain: [_1]','<b>'.$key.'</b>').'</td>'. |
'<td class="LC_left_item"><table>'.$aliasinfo{$key}. |
'<td class="LC_left_item"><table>'.$aliasinfo{$key}. |
'</table></td></tr>'; |
'</table></td></tr>'; |
$itemcount++; |
$itemcount++; |
} |
} |
} |
} |
} else { |
} else { |
|
my %ip_methods = &remoteip_methods(); |
if ($setdom) { |
if ($setdom) { |
$itemcount ++; |
$itemcount ++; |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
my ($nowafstyle,$wafstyle,$curr_remotip,$currwafdisplay,$vpndircheck,$vpnaliascheck, |
my ($nowafstyle,$wafstyle,$curr_remotip,$currwafdisplay,$vpndircheck,$vpnaliascheck, |
$currwafvpn,$wafrangestyle); |
$currwafvpn,$wafrangestyle,$alltossl,$ssltossl); |
$wafstyle = ' style="display:none;"'; |
$wafstyle = ' style="display:none;"'; |
$nowafstyle = ' style="display:table-row;"'; |
$nowafstyle = ' style="display:table-row;"'; |
$currwafdisplay = ' style="display: none"'; |
$currwafdisplay = ' style="display: none"'; |
$wafrangestyle = ' style="display: none"'; |
$wafrangestyle = ' style="display: none"'; |
$curr_remotip = 'n'; |
$curr_remotip = 'n'; |
|
$ssltossl = ' checked="checked"'; |
if ($showdom) { |
if ($showdom) { |
$wafstyle = ' style="display:table-row;"'; |
$wafstyle = ' style="display:table-row;"'; |
$nowafstyle = ' style="display:none;"'; |
$nowafstyle = ' style="display:none;"'; |
Line 7440 sub print_wafproxy {
|
Line 7444 sub print_wafproxy {
|
$currwafdisplay = ' style="display:table-row"'; |
$currwafdisplay = ' style="display:table-row"'; |
$wafrangestyle = ' style="display:inline-block;"'; |
$wafrangestyle = ' style="display:inline-block;"'; |
} |
} |
|
if ($values{$dom}{'sslopt'}) { |
|
$alltossl = ' checked="checked"'; |
|
$ssltossl = ''; |
|
} |
} |
} |
if (($values{$dom}{'vpnint'} ne '') || ($values{$dom}{'vpnext'} ne '')) { |
if (($values{$dom}{'vpnint'} ne '') || ($values{$dom}{'vpnext'} ne '')) { |
$vpndircheck = ' checked="checked"'; |
$vpndircheck = ' checked="checked"'; |
Line 7462 sub print_wafproxy {
|
Line 7470 sub print_wafproxy {
|
'<tr>'. |
'<tr>'. |
'<td valign="top">'.$lt{'remoteip'}.': '. |
'<td valign="top">'.$lt{'remoteip'}.': '. |
'<select name="wafproxy_remoteip" id="wafproxy_remoteip" onchange="javascript:updateWAF();">'; |
'<select name="wafproxy_remoteip" id="wafproxy_remoteip" onchange="javascript:updateWAF();">'; |
my %ip_methods = &remoteip_methods(); |
|
foreach my $option ('m','h','n') { |
foreach my $option ('m','h','n') { |
my $sel; |
my $sel; |
if ($option eq $curr_remotip) { |
if ($option eq $curr_remotip) { |
Line 7478 sub print_wafproxy {
|
Line 7485 sub print_wafproxy {
|
'name="wafproxy_ipheader" />'. |
'name="wafproxy_ipheader" />'. |
'</td></tr>'."\n". |
'</td></tr>'."\n". |
'<tr id="wafproxy_trust"'.$currwafdisplay.'><td>'. |
'<tr id="wafproxy_trust"'.$currwafdisplay.'><td>'. |
$lt{'trusted'}.': '. |
$lt{'trusted'}.':<br />'. |
'<textarea name="wafproxy_trusted" rows="3" cols="80">'. |
'<textarea name="wafproxy_trusted" rows="3" cols="80">'. |
$values{$dom}{'trusted'}.'</textarea>'. |
$values{$dom}{'trusted'}.'</textarea>'. |
'</td></tr>'."\n". |
'</td></tr>'."\n". |
Line 7491 sub print_wafproxy {
|
Line 7498 sub print_wafproxy {
|
$lt{'vpnaliased'}.'</label></span></td></tr>'; |
$lt{'vpnaliased'}.'</label></span></td></tr>'; |
foreach my $item ('vpnint','vpnext') { |
foreach my $item ('vpnint','vpnext') { |
$datatable .= '<tr id="wafproxy_show_'.$item.'"'.$currwafvpn.'>'. |
$datatable .= '<tr id="wafproxy_show_'.$item.'"'.$currwafvpn.'>'. |
'<td valign="top">'.$lt{$item}.': '. |
'<td valign="top">'.$lt{$item}.':<br />'. |
'<textarea name="wafproxy_'.$item.'" rows="3" cols="80">'. |
'<textarea name="wafproxy_'.$item.'" rows="3" cols="80">'. |
$values{$dom}{$item}.'</textarea>'. |
$values{$dom}{$item}.'</textarea>'. |
'</td></tr>'."\n"; |
'</td></tr>'."\n"; |
} |
} |
$datatable .= '</table></td></tr>'; |
$datatable .= '<tr><td><hr /></td></tr>'."\n". |
|
'<tr>'. |
|
'<td valign="top">'.$lt{'sslopt'}.':<br /><span class="LC_nobreak">'. |
|
'<label><input type="radio" name="wafproxy_sslopt"'.$alltossl.' value="1" />'. |
|
$lt{'alltossl'}.'</label>'.(' 'x2). |
|
'<label><input type="radio" name="wafproxy_sslopt"'.$ssltossl.' value="0" />'. |
|
$lt{'ssltossl'}.'</label></span></td></tr>'."\n". |
|
'</table></td></tr>'; |
} |
} |
if (keys(%otherdoms)) { |
if (keys(%otherdoms)) { |
foreach my $domain (sort(keys(%otherdoms))) { |
foreach my $domain (sort(keys(%otherdoms))) { |
$itemcount ++; |
$itemcount ++; |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
$datatable .= '<tr'.$css_class.'>'. |
$datatable .= '<tr'.$css_class.'>'. |
'<td class="LC_left_item">'.&mt('Domain: [_1]',$domain).'</td>'. |
'<td class="LC_left_item">'.&mt('Domain: [_1]','<b>'.$domain.'</b>').'</td>'. |
'<td class="LC_left_item"><table>'; |
'<td class="LC_left_item"><table>'; |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { |
my $showval = &mt('None'); |
my $showval = &mt('None'); |
|
if ($item eq 'ssl') { |
|
$showval = $lt{'ssltossl'}; |
|
} |
if ($values{$domain}{$item}) { |
if ($values{$domain}{$item}) { |
$showval = $values{$domain}{$item}; |
$showval = $values{$domain}{$item}; |
|
if ($item eq 'ssl') { |
|
$showval = $lt{'alltossl'}; |
|
} elsif ($item eq 'remoteip') { |
|
$showval = $ip_methods{$values{$domain}{$item}}; |
|
} |
} |
} |
$datatable .= '<tr>'. |
$datatable .= '<tr>'. |
'<td>'.$lt{$item}.': '.$showval.'</td></tr>'; |
'<td>'.$lt{$item}.': '.$showval.'</td></tr>'; |
Line 7531 sub wafproxy_titles {
|
Line 7553 sub wafproxy_titles {
|
vpnaliased => 'via aliased hostname (WAF)', |
vpnaliased => 'via aliased hostname (WAF)', |
vpnint => 'Internal IP Range(s) for VPN sessions', |
vpnint => 'Internal IP Range(s) for VPN sessions', |
vpnext => 'IP Range(s) for backend WAF connections', |
vpnext => 'IP Range(s) for backend WAF connections', |
ssloptions => 'Forwarding http/https', |
sslopt => 'Forwarding http/https', |
alltossl => 'WAF forwards both http and https requests to https', |
alltossl => 'WAF forwards both http and https requests to https', |
ssltossl => 'WAF forwards http requests to http and https to https', |
ssltossl => 'WAF forwards http requests to http and https to https', |
); |
); |
Line 13505 sub modify_ltitools {
|
Line 13527 sub modify_ltitools {
|
my %ltienchash = ( |
my %ltienchash = ( |
$action => { %encconfig } |
$action => { %encconfig } |
); |
); |
&Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom); |
&Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom,undef,1); |
if (keys(%changes) > 0) { |
if (keys(%changes) > 0) { |
my $cachetime = 24*60*60; |
my $cachetime = 24*60*60; |
my %ltiall = %confhash; |
my %ltiall = %confhash; |
Line 14079 sub modify_proctoring {
|
Line 14101 sub modify_proctoring {
|
my %proc_enchash = ( |
my %proc_enchash = ( |
$action => { %encconfhash } |
$action => { %encconfhash } |
); |
); |
&Apache::lonnet::put_dom('encconfig',\%proc_enchash,$dom); |
&Apache::lonnet::put_dom('encconfig',\%proc_enchash,$dom,undef,1); |
if (keys(%changes) > 0) { |
if (keys(%changes) > 0) { |
my $cachetime = 24*60*60; |
my $cachetime = 24*60*60; |
my %procall = %confhash; |
my %procall = %confhash; |
Line 14571 sub modify_lti {
|
Line 14593 sub modify_lti {
|
my %ltienchash = ( |
my %ltienchash = ( |
$action => { %encconfig } |
$action => { %encconfig } |
); |
); |
&Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom); |
&Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom,undef,1); |
if (keys(%changes) > 0) { |
if (keys(%changes) > 0) { |
my $cachetime = 24*60*60; |
my $cachetime = 24*60*60; |
my %ltiall = %confhash; |
my %ltiall = %confhash; |
Line 19826 sub modify_wafproxy {
|
Line 19848 sub modify_wafproxy {
|
if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { |
if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { |
%curralias = %{$domconfig{'wafproxy'}{'alias'}}; |
%curralias = %{$domconfig{'wafproxy'}{'alias'}}; |
} |
} |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { |
$currvalue{$item} = $domconfig{'wafproxy'}{$item}; |
$currvalue{$item} = $domconfig{'wafproxy'}{$item}; |
} |
} |
} |
} |
Line 19862 sub modify_wafproxy {
|
Line 19884 sub modify_wafproxy {
|
vpnint => 'internal IP range(s) for VPN sessions(s)', |
vpnint => 'internal IP range(s) for VPN sessions(s)', |
vpnext => 'IP range(s) for backend WAF connections', |
vpnext => 'IP range(s) for backend WAF connections', |
); |
); |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { |
my $possible = $env{'form.wafproxy_'.$item}; |
my $possible = $env{'form.wafproxy_'.$item}; |
$possible =~ s/^\s+|\s+$//g; |
$possible =~ s/^\s+|\s+$//g; |
if ($possible ne '') { |
if ($possible ne '') { |
Line 19874 sub modify_wafproxy {
|
Line 19896 sub modify_wafproxy {
|
if ($wafproxy{'remoteip'} eq 'h') { |
if ($wafproxy{'remoteip'} eq 'h') { |
$wafproxy{$item} = $possible; |
$wafproxy{$item} = $possible; |
} |
} |
|
} elsif ($item eq 'sslopt') { |
|
if ($possible =~ /^0|1$/) { |
|
$wafproxy{$item} = $possible; |
|
} |
} else { |
} else { |
my (@ok,$count); |
my (@ok,$count); |
if (($item eq 'vpnint') || ($item eq 'vpnext')) { |
if (($item eq 'vpnint') || ($item eq 'vpnext')) { |
Line 19936 sub modify_wafproxy {
|
Line 19962 sub modify_wafproxy {
|
if ($putresult eq 'ok') { |
if ($putresult eq 'ok') { |
my $cachetime = 24*60*60; |
my $cachetime = 24*60*60; |
my (%domdefaults,$updatedomdefs); |
my (%domdefaults,$updatedomdefs); |
foreach my $item ('ipheader','trusted','vpnint','vpnext') { |
foreach my $item ('ipheader','trusted','vpnint','vpnext','sslopt') { |
if ($changes{$item}) { |
if ($changes{$item}) { |
unless ($updatedomdefs) { |
unless ($updatedomdefs) { |
%domdefaults = &Apache::lonnet::get_domain_defaults($dom); |
%domdefaults = &Apache::lonnet::get_domain_defaults($dom); |
Line 19973 sub modify_wafproxy {
|
Line 19999 sub modify_wafproxy {
|
} |
} |
} |
} |
$output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'<ul>'; |
$output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'<ul>'; |
foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext') { |
foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { |
if ($changes{$item}) { |
if ($changes{$item}) { |
if ($item eq 'alias') { |
if ($item eq 'alias') { |
my $numaliased = 0; |
my $numaliased = 0; |
Line 20037 sub modify_wafproxy {
|
Line 20063 sub modify_wafproxy {
|
} else { |
} else { |
$output .= '<li>'.&mt('IP Range(s) for backend WAF connections deleted').'</li>'; |
$output .= '<li>'.&mt('IP Range(s) for backend WAF connections deleted').'</li>'; |
} |
} |
|
} elsif ($item eq 'sslopt') { |
|
if ($wafproxy{$item}) { |
|
$output .= '<li>'.&mt('WAF/Reverse Proxy expected to forward requests to https on LON-CAPA node, regardless of original protocol in web browser (http or https).').'</li>'; |
|
} else { |
|
$output .= '<li>'.&mt('WAF/Reverse Proxy expected to preserve original protocol in web browser (either http or https) when forwarding to LON-CAPA node.').'</li>'; |
|
} |
} |
} |
} |
} |
} |
} |