|
version 1.377, 2021/01/30 21:47:44
|
version 1.383, 2021/05/28 01:26:02
|
|
Line 311 sub handler {
|
Line 311 sub handler {
|
| print => \&print_defaults, |
print => \&print_defaults, |
| modify => \&modify_defaults, |
modify => \&modify_defaults, |
| }, |
}, |
| 'wafproxy' => |
'wafproxy' => |
| { text => 'Web Application Firewall/Reverse Proxy', |
{ text => 'Web Application Firewall/Reverse Proxy', |
| help => 'Domain_Configuration_WAF_Proxy', |
help => 'Domain_Configuration_WAF_Proxy', |
| header => [{col1 => 'Domain server', |
header => [{col1 => 'Domain(s)', |
| col2 => 'Alias for WAF/Reverse Proxy', |
col2 => 'Servers and WAF/Reverse Proxy alias(es)', |
| }, |
}, |
| {col1 => 'Setting', |
{col1 => 'Domain(s)', |
| col2 => 'Value',}], |
col2 => 'WAF Configuration',}], |
| print => \&print_wafproxy, |
print => \&print_wafproxy, |
| modify => \&modify_wafproxy, |
modify => \&modify_wafproxy, |
| }, |
}, |
| 'passwords' => |
'passwords' => |
| { text => 'Passwords (Internal authentication)', |
{ text => 'Passwords (Internal authentication)', |
|
Line 855 sub print_config_box {
|
Line 855 sub print_config_box {
|
| $output .= <i_javascript($settings); |
$output .= <i_javascript($settings); |
| } elsif ($action eq 'proctoring') { |
} elsif ($action eq 'proctoring') { |
| $output .= &proctoring_javascript($settings); |
$output .= &proctoring_javascript($settings); |
| |
} elsif ($action eq 'wafproxy') { |
| |
$output .= &wafproxy_javascript($dom); |
| } |
} |
| $output .= |
$output .= |
| '<table class="LC_nested_outer"> |
'<table class="LC_nested_outer"> |
|
Line 2844 function toggleLTITools(form,setting,ite
|
Line 2846 function toggleLTITools(form,setting,ite
|
| ENDSCRIPT |
ENDSCRIPT |
| } |
} |
| |
|
| |
sub wafproxy_javascript { |
| |
my ($dom) = @_; |
| |
return <<"ENDSCRIPT"; |
| |
<script type="text/javascript"> |
| |
// <![CDATA[ |
| |
function updateWAF() { |
| |
if (document.getElementById('wafproxy_remoteip')) { |
| |
var wafremote = 0; |
| |
if (document.display.wafproxy_remoteip.options[document.display.wafproxy_remoteip.selectedIndex].value == 'h') { |
| |
wafremote = 1; |
| |
} |
| |
var fields = new Array('header','trust'); |
| |
for (var i=0; i<fields.length; i++) { |
| |
if (document.getElementById('wafproxy_'+fields[i])) { |
| |
if (wafremote == 1) { |
| |
document.getElementById('wafproxy_'+fields[i]).style.display = 'table-row'; |
| |
} |
| |
else { |
| |
document.getElementById('wafproxy_'+fields[i]).style.display = 'none'; |
| |
} |
| |
} |
| |
} |
| |
if (document.getElementById('wafproxyranges_$dom')) { |
| |
if (wafremote == 1) { |
| |
document.getElementById('wafproxyranges_$dom').style.display = 'inline-block'; |
| |
} else { |
| |
for (var i=0; i<document.display.wafproxy_vpnaccess.length; i++) { |
| |
if (document.display.wafproxy_vpnaccess[i].checked) { |
| |
if (document.display.wafproxy_vpnaccess[i].value == 0) { |
| |
document.getElementById('wafproxyranges_$dom').style.display = 'none'; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| |
return; |
| |
} |
| |
|
| |
function checkWAF() { |
| |
if (document.getElementById('wafproxy_remoteip')) { |
| |
var wafvpn = 0; |
| |
for (var i=0; i<document.display.wafproxy_vpnaccess.length; i++) { |
| |
if (document.display.wafproxy_vpnaccess[i].checked) { |
| |
if (document.display.wafproxy_vpnaccess[i].value == 1) { |
| |
wafvpn = 1; |
| |
} |
| |
break; |
| |
} |
| |
} |
| |
var vpn = new Array('vpnint','vpnext'); |
| |
for (var i=0; i<vpn.length; i++) { |
| |
if (document.getElementById('wafproxy_show_'+vpn[i])) { |
| |
if (wafvpn == 1) { |
| |
document.getElementById('wafproxy_show_'+vpn[i]).style.display = 'table-row'; |
| |
} |
| |
else { |
| |
document.getElementById('wafproxy_show_'+vpn[i]).style.display = 'none'; |
| |
} |
| |
} |
| |
} |
| |
if (document.getElementById('wafproxyranges_$dom')) { |
| |
if (wafvpn == 1) { |
| |
document.getElementById('wafproxyranges_$dom').style.display = 'inline-block'; |
| |
} |
| |
else if (document.display.wafproxy_remoteip.options[document.display.wafproxy_remoteip.selectedIndex].value != 'h') { |
| |
document.getElementById('wafproxyranges_$dom').style.display = 'none'; |
| |
} |
| |
} |
| |
} |
| |
return; |
| |
} |
| |
|
| |
function toggleWAF() { |
| |
if (document.getElementById('wafproxy_table')) { |
| |
var wafproxy = 0; |
| |
for (var i=0; i<document.display.wafproxy_${dom}.length; i++) { |
| |
if (document.display.wafproxy_${dom}[i].checked) { |
| |
if (document.display.wafproxy_${dom}[i].value == 1) { |
| |
wafproxy = 1; |
| |
break; |
| |
} |
| |
} |
| |
} |
| |
if (wafproxy == 1) { |
| |
document.getElementById('wafproxy_table').style.display='inline'; |
| |
} |
| |
else { |
| |
document.getElementById('wafproxy_table').style.display='none'; |
| |
} |
| |
if (document.getElementById('wafproxyrow_${dom}')) { |
| |
if (wafproxy == 1) { |
| |
document.getElementById('wafproxyrow_${dom}').style.display = 'table-row'; |
| |
} |
| |
else { |
| |
document.getElementById('wafproxyrow_${dom}').style.display = 'none'; |
| |
} |
| |
} |
| |
if (document.getElementById('nowafproxyrow_$dom')) { |
| |
if (wafproxy == 1) { |
| |
document.getElementById('nowafproxyrow_${dom}').style.display = 'none'; |
| |
} |
| |
else { |
| |
document.getElementById('nowafproxyrow_${dom}').style.display = 'table-row'; |
| |
} |
| |
} |
| |
} |
| |
return; |
| |
} |
| |
// ]]> |
| |
</script> |
| |
|
| |
ENDSCRIPT |
| |
} |
| |
|
| sub proctoring_javascript { |
sub proctoring_javascript { |
| my ($settings) = @_; |
my ($settings) = @_; |
| my (%ordered,$total,%jstext); |
my (%ordered,$total,%jstext); |
|
Line 3781 sub print_contacts {
|
Line 3898 sub print_contacts {
|
| \%choices,$rownum); |
\%choices,$rownum); |
| $datatable .= $reports; |
$datatable .= $reports; |
| } elsif ($position eq 'lower') { |
} elsif ($position eq 'lower') { |
| $css_class = $rownum%2?' class="LC_odd_row"':''; |
my (%current,%excluded,%weights); |
| my ($threshold,$sysmail,%excluded,%weights); |
|
| my ($defaults,$names) = &Apache::loncommon::lon_status_items(); |
my ($defaults,$names) = &Apache::loncommon::lon_status_items(); |
| if ($lonstatus{'threshold'} =~ /^\d+$/) { |
if ($lonstatus{'threshold'} =~ /^\d+$/) { |
| $threshold = $lonstatus{'threshold'}; |
$current{'errorthreshold'} = $lonstatus{'threshold'}; |
| } else { |
} else { |
| $threshold = $defaults->{'threshold'}; |
$current{'errorthreshold'} = $defaults->{'threshold'}; |
| } |
} |
| if ($lonstatus{'sysmail'} =~ /^\d+$/) { |
if ($lonstatus{'sysmail'} =~ /^\d+$/) { |
| $sysmail = $lonstatus{'sysmail'}; |
$current{'errorsysmail'} = $lonstatus{'sysmail'}; |
| } else { |
} else { |
| $sysmail = $defaults->{'sysmail'}; |
$current{'errorsysmail'} = $defaults->{'sysmail'}; |
| } |
} |
| if (ref($lonstatus{'weights'}) eq 'HASH') { |
if (ref($lonstatus{'weights'}) eq 'HASH') { |
| foreach my $type ('E','W','N','U') { |
foreach my $type ('E','W','N','U') { |
|
Line 3812 sub print_contacts {
|
Line 3928 sub print_contacts {
|
| map {$excluded{$_} = 1; } @{$lonstatus{'excluded'}}; |
map {$excluded{$_} = 1; } @{$lonstatus{'excluded'}}; |
| } |
} |
| } |
} |
| $datatable .= '<tr'.$css_class.'>'. |
foreach my $item ('errorthreshold','errorsysmail') { |
| '<td class="LC_left_item"><span class="LC_nobreak">'. |
$css_class = $rownum%2?' class="LC_odd_row"':''; |
| $titles->{'errorthreshold'}. |
$datatable .= '<tr'.$css_class.'>'. |
| '</span></td><td class="LC_left_item">'. |
'<td class="LC_left_item"><span class="LC_nobreak">'. |
| '<input type="text" name="errorthreshold" value="'. |
$titles->{$item}. |
| $threshold.'" size="5" /></td></tr>'; |
'</span></td><td class="LC_left_item">'. |
| $rownum ++; |
'<input type="text" name="'.$item.'" value="'. |
| |
$current{$item}.'" size="5" /></td></tr>'; |
| |
$rownum ++; |
| |
} |
| $css_class = $rownum%2?' class="LC_odd_row"':''; |
$css_class = $rownum%2?' class="LC_odd_row"':''; |
| $datatable .= '<tr'.$css_class.'>'. |
$datatable .= '<tr'.$css_class.'>'. |
| '<td class="LC_left_item">'. |
'<td class="LC_left_item">'. |
|
Line 3864 sub print_contacts {
|
Line 3983 sub print_contacts {
|
| } |
} |
| $datatable .= '</tr></table></td></tr>'; |
$datatable .= '</tr></table></td></tr>'; |
| $rownum ++; |
$rownum ++; |
| $css_class = $rownum%2?' class="LC_odd_row"':''; |
|
| $datatable .= '<tr'.$css_class.'>'. |
|
| '<td class="LC_left_item"><span class="LC_nobreak">'. |
|
| $titles->{'errorsysmail'}. |
|
| '</span></td><td class="LC_left_item">'. |
|
| '<input type="text" name="errorsysmail" value="'. |
|
| $sysmail.'" size="5" /></td></tr>'; |
|
| $rownum ++; |
|
| } elsif ($position eq 'bottom') { |
} elsif ($position eq 'bottom') { |
| my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); |
my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); |
| my (@posstypes,%usertypeshash); |
my (@posstypes,%usertypeshash); |
|
Line 6161 sub print_coursedefaults {
|
Line 6272 sub print_coursedefaults {
|
| my $currcanclone = 'none'; |
my $currcanclone = 'none'; |
| my $onclick; |
my $onclick; |
| my @cloneoptions = ('none','domain'); |
my @cloneoptions = ('none','domain'); |
| my %clonetitles = ( |
my %clonetitles = &Apache::lonlocal::texthash ( |
| none => 'No additional course requesters', |
none => 'No additional course requesters', |
| domain => "Any course requester in course's domain", |
domain => "Any course requester in course's domain", |
| instcode => 'Course requests for official courses ...', |
instcode => 'Course requests for official courses ...', |
|
Line 7184 sub print_wafproxy {
|
Line 7295 sub print_wafproxy {
|
| my $itemcount = 0; |
my $itemcount = 0; |
| my $datatable; |
my $datatable; |
| my %servers = &Apache::lonnet::internet_dom_servers($dom); |
my %servers = &Apache::lonnet::internet_dom_servers($dom); |
| my (%othercontrol,%otherdoms,%aliases,%values,$setdom); |
my (%othercontrol,%otherdoms,%aliases,%values,$setdom,$showdom); |
| my %lt = &wafproxy_titles(); |
my %lt = &wafproxy_titles(); |
| foreach my $server (sort(keys(%servers))) { |
foreach my $server (sort(keys(%servers))) { |
| my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server}); |
my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server}); |
| |
next if ($serverhome eq ''); |
| my $serverdom; |
my $serverdom; |
| if ($serverhome ne $server) { |
if ($serverhome ne $server) { |
| $serverdom = &Apache::lonnet::host_domain($serverhome); |
$serverdom = &Apache::lonnet::host_domain($serverhome); |
| $othercontrol{$server} = $serverdom; |
if (($serverdom ne '') && (&Apache::lonnet::domain($serverdom) ne '')) { |
| |
$othercontrol{$server} = $serverdom; |
| |
} |
| } else { |
} else { |
| $serverdom = &Apache::lonnet::host_domain($server); |
$serverdom = &Apache::lonnet::host_domain($server); |
| |
next if (($serverdom eq '') || (&Apache::lonnet::domain($serverdom) eq '')); |
| if ($serverdom ne $dom) { |
if ($serverdom ne $dom) { |
| $othercontrol{$server} = $serverdom; |
$othercontrol{$server} = $serverdom; |
| } else { |
} else { |
| $setdom = 1; |
$setdom = 1; |
| if (ref($settings) eq 'HASH') { |
if (ref($settings) eq 'HASH') { |
| %{$values{$dom}} = (); |
|
| if (ref($settings->{'alias'}) eq 'HASH') { |
if (ref($settings->{'alias'}) eq 'HASH') { |
| $aliases{$dom} = $settings->{'alias'}; |
$aliases{$dom} = $settings->{'alias'}; |
| } |
if ($aliases{$dom} ne '') { |
| foreach my $item ('ipheader','trusted','vpnint','vpnext') { |
$showdom = 1; |
| $values{$dom}{$item} = $settings->{$item}; |
} |
| } |
} |
| } |
} |
| } |
} |
| } |
} |
| } |
} |
| |
if ($setdom) { |
| |
%{$values{$dom}} = (); |
| |
if (ref($settings) eq 'HASH') { |
| |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { |
| |
$values{$dom}{$item} = $settings->{$item}; |
| |
} |
| |
} |
| |
} |
| if (keys(%othercontrol)) { |
if (keys(%othercontrol)) { |
| %otherdoms = reverse(%othercontrol); |
%otherdoms = reverse(%othercontrol); |
| foreach my $domain (keys(%otherdoms)) { |
foreach my $domain (keys(%otherdoms)) { |
| %{$values{$domain}} = (); |
%{$values{$domain}} = (); |
| my %config = &Apache::lonnet::get_dom('configuration',['wafproxy'],$domain); |
my %config = &Apache::lonnet::get_dom('configuration',['wafproxy'],$domain); |
| if (ref($config{$domain}) eq 'HASH') { |
if (ref($config{'wafproxy'}) eq 'HASH') { |
| if (ref($config{$domain}{'wafproxy'}) eq 'HASH') { |
$aliases{$domain} = $config{'wafproxy'}{'alias'}; |
| $aliases{$domain} = $config{$domain}{'wafproxy'}{'alias'}; |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { |
| foreach my $item ('ipheader','trusted','vpnint','vpnext') { |
$values{$domain}{$item} = $config{'wafproxy'}{$item}; |
| $values{$domain}{$item} = $config{$domain}{'wafproxy'}{$item}; |
|
| } |
|
| } |
} |
| } |
} |
| } |
} |
| } |
} |
| if ($position eq 'top') { |
if ($position eq 'top') { |
| my %servers = &Apache::lonnet::internet_dom_servers($dom); |
my %servers = &Apache::lonnet::internet_dom_servers($dom); |
| |
my %aliasinfo; |
| foreach my $server (sort(keys(%servers))) { |
foreach my $server (sort(keys(%servers))) { |
| $itemcount ++; |
$itemcount ++; |
| $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
my $dom_in_effect; |
| $datatable .= '<tr'.$css_class.'>'. |
my $aliasrows = '<tr>'. |
| '<td>'.&mt('Hostname').': '. |
'<td class="LC_left_item" style="vertical-align: baseline;">'. |
| &Apache::lonnet::hostname($server).'</td>'. |
&mt('Hostname').': '. |
| '<td class="LC_right_item">'; |
'<i>'.&Apache::lonnet::hostname($server).'</i></td><td> </td>'; |
| if ($othercontrol{$server}) { |
if ($othercontrol{$server}) { |
| |
$dom_in_effect = $othercontrol{$server}; |
| my $current; |
my $current; |
| if (ref($aliases{$othercontrol{$server}}) eq 'HASH') { |
if (ref($aliases{$dom_in_effect}) eq 'HASH') { |
| $current = $aliases{$othercontrol{$server}{$server}}; |
$current = $aliases{$dom_in_effect}{$server}; |
| } |
} |
| |
$aliasrows .= '<td class="LC_left_item" style="vertical-align: baseline;">'. |
| |
&mt('Alias').': '; |
| if ($current) { |
if ($current) { |
| $datatable .= $current; |
$aliasrows .= $current; |
| } else { |
} else { |
| $datatable .= &mt('None in effect'); |
$aliasrows .= &mt('None'); |
| } |
} |
| $datatable .= '<br /><span class="LC_small">('. |
$aliasrows .= ' <span class="LC_small">('. |
| &mt('WAF/Reverse Proxy controlled by domain: [_1]', |
&mt('controlled by domain: [_1]', |
| '<b>'.$othercontrol{$server}.'</b>').'</span>'; |
'<b>'.$dom_in_effect.'</b>').')</span></td>'; |
| } else { |
} else { |
| |
$dom_in_effect = $dom; |
| my $current; |
my $current; |
| if (ref($aliases{$dom}) eq 'HASH') { |
if (ref($aliases{$dom}) eq 'HASH') { |
| if ($aliases{$dom}{$server}) { |
if ($aliases{$dom}{$server}) { |
| $current = $aliases{$dom}{$server}; |
$current = $aliases{$dom}{$server}; |
| } |
} |
| } |
} |
| $datatable .= '<input type="text" name="wafproxy_alias_'.$server.'" '. |
$aliasrows .= '<td class="LC_left_item" style="vertical-align: baseline;">'. |
| 'value="'.$current.'" size="30" />'; |
&mt('Alias').': '. |
| |
'<input type="text" name="wafproxy_alias_'.$server.'" '. |
| |
'value="'.$current.'" size="30" /></td>'; |
| |
} |
| |
$aliasrows .= '</tr>'; |
| |
$aliasinfo{$dom_in_effect} .= $aliasrows; |
| |
} |
| |
if ($aliasinfo{$dom}) { |
| |
my ($onclick,$wafon,$wafoff,$showtable); |
| |
$onclick = ' onclick="javascript:toggleWAF();"'; |
| |
$wafoff = ' checked="checked"'; |
| |
$showtable = ' style="display:none";'; |
| |
if ($showdom) { |
| |
$wafon = $wafoff; |
| |
$wafoff = ''; |
| |
$showtable = ' style="display:inline;"'; |
| |
} |
| |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
| |
$datatable = '<tr'.$css_class.'>'. |
| |
'<td class="LC_left_item">'.&mt('Domain: [_1]','<b>'.$dom.'</b>').'<br />'. |
| |
'<span class="LC_nobreak">'.&mt('WAF in use?').' <label>'. |
| |
'<input type="radio" name="wafproxy_'.$dom.'" value="1"'.$wafon.$onclick.' />'. |
| |
&mt('Yes').'</label>'.(' 'x2).'<label>'. |
| |
'<input type="radio" name="wafproxy_'.$dom.'" value="0"'.$wafoff.$onclick.' />'. |
| |
&mt('No').'</label></span></td>'. |
| |
'<td class="LC_left_item">'. |
| |
'<table id="wafproxy_table"'.$showtable.'>'.$aliasinfo{$dom}. |
| |
'</table></td></tr>'; |
| |
$itemcount++; |
| |
} |
| |
if (keys(%otherdoms)) { |
| |
foreach my $key (sort(keys(%otherdoms))) { |
| |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
| |
$datatable .= '<tr'.$css_class.'>'. |
| |
'<td class="LC_left_item">'.&mt('Domain: [_1]','<b>'.$key.'</b>').'</td>'. |
| |
'<td class="LC_left_item"><table>'.$aliasinfo{$key}. |
| |
'</table></td></tr>'; |
| |
$itemcount++; |
| } |
} |
| $datatable .= '</td></tr>'; |
|
| } |
} |
| } else { |
} else { |
| |
my %ip_methods = &remoteip_methods(); |
| if ($setdom) { |
if ($setdom) { |
| $itemcount ++; |
$itemcount ++; |
| $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
| $datatable .= '<tr'.$css_class.'>'. |
my ($nowafstyle,$wafstyle,$curr_remotip,$currwafdisplay,$vpndircheck,$vpnaliascheck, |
| |
$currwafvpn,$wafrangestyle,$alltossl,$ssltossl); |
| |
$wafstyle = ' style="display:none;"'; |
| |
$nowafstyle = ' style="display:table-row;"'; |
| |
$currwafdisplay = ' style="display: none"'; |
| |
$wafrangestyle = ' style="display: none"'; |
| |
$curr_remotip = 'n'; |
| |
$ssltossl = ' checked="checked"'; |
| |
if ($showdom) { |
| |
$wafstyle = ' style="display:table-row;"'; |
| |
$nowafstyle = ' style="display:none;"'; |
| |
if (keys(%{$values{$dom}})) { |
| |
if ($values{$dom}{remoteip} =~ /^[nmh]$/) { |
| |
$curr_remotip = $values{$dom}{remoteip}; |
| |
} |
| |
if ($curr_remotip eq 'h') { |
| |
$currwafdisplay = ' style="display:table-row"'; |
| |
$wafrangestyle = ' style="display:inline-block;"'; |
| |
} |
| |
if ($values{$dom}{'sslopt'}) { |
| |
$alltossl = ' checked="checked"'; |
| |
$ssltossl = ''; |
| |
} |
| |
} |
| |
if (($values{$dom}{'vpnint'} ne '') || ($values{$dom}{'vpnext'} ne '')) { |
| |
$vpndircheck = ' checked="checked"'; |
| |
$currwafvpn = ' style="display:table-row;"'; |
| |
$wafrangestyle = ' style="display:inline-block;"'; |
| |
} else { |
| |
$vpnaliascheck = ' checked="checked"'; |
| |
$currwafvpn = ' style="display:none;"'; |
| |
} |
| |
} |
| |
$datatable .= '<tr'.$css_class.' id="nowafproxyrow_'.$dom.'"'.$wafstyle.'>'. |
| |
'<td class="LC_left_item">'.&mt('Domain: [_1]','<b>'.$dom.'</b>').'</td>'. |
| |
'<td class="LC_right_item">'.&mt('WAF not in use, nothing to set').'</td>'. |
| |
'</tr>'. |
| |
'<tr'.$css_class.' id="wafproxyrow_'.$dom.'"'.$wafstyle.'>'. |
| '<td class="LC_left_item">'.&mt('Domain: [_1]','<b>'.$dom.'</b>').'<br /><br />'. |
'<td class="LC_left_item">'.&mt('Domain: [_1]','<b>'.$dom.'</b>').'<br /><br />'. |
| &mt('Format for comma separated IP blocks').':<br />'. |
'<div id="wafproxyranges_'.$dom.'">'.&mt('Format for comma separated IP ranges').':<br />'. |
| &mt('A.B.C.D/N or A.B.C.D - E.F.G.H').'</td>'. |
&mt('A.B.C.D/N or A.B.C.D-E.F.G.H').'</div></td>'. |
| '<td class="LC_left_item"><table>'; |
'<td class="LC_left_item"><table>'. |
| foreach my $item ('ipheader','trusted','vpnint','vpnext') { |
'<tr>'. |
| $datatable .= '<tr>'. |
'<td valign="top">'.$lt{'remoteip'}.': '. |
| '<td valign="top">'.$lt{$item}.': '; |
'<select name="wafproxy_remoteip" id="wafproxy_remoteip" onchange="javascript:updateWAF();">'; |
| if ($item eq 'ipheader') { |
foreach my $option ('m','h','n') { |
| $datatable .= '<input type="text" value="'.$values{$dom}{$item}.'" '. |
my $sel; |
| 'name="wafproxy_'.$item.'" />'; |
if ($option eq $curr_remotip) { |
| |
$sel = ' selected="selected"'; |
| } else { |
} |
| $datatable .= '<textarea name="wafproxy_'.$item.'" rows="3" cols="80">'. |
$datatable .= '<option value="'.$option.'"'.$sel.'>'. |
| $values{$dom}{$item}.'</textarea>'; |
$ip_methods{$option}.'</option>'; |
| } |
} |
| $datatable .= '</td></tr>'; |
$datatable .= '</select></td></tr>'."\n". |
| } |
'<tr id="wafproxy_header"'.$currwafdisplay.'><td>'. |
| $datatable .= '</table></td></tr>'; |
$lt{'ipheader'}.': '. |
| |
'<input type="text" value="'.$values{$dom}{'ipheader'}.'" '. |
| |
'name="wafproxy_ipheader" />'. |
| |
'</td></tr>'."\n". |
| |
'<tr id="wafproxy_trust"'.$currwafdisplay.'><td>'. |
| |
$lt{'trusted'}.':<br />'. |
| |
'<textarea name="wafproxy_trusted" rows="3" cols="80">'. |
| |
$values{$dom}{'trusted'}.'</textarea>'. |
| |
'</td></tr>'."\n". |
| |
'<tr><td><hr /></td></tr>'."\n". |
| |
'<tr>'. |
| |
'<td valign="top">'.$lt{'vpnaccess'}.':<br /><span class="LC_nobreak">'. |
| |
'<label><input type="radio" name="wafproxy_vpnaccess"'.$vpndircheck.' value="1" onclick="javascript:checkWAF();" />'. |
| |
$lt{'vpndirect'}.'</label>'.(' 'x2). |
| |
'<label><input type="radio" name="wafproxy_vpnaccess"'.$vpnaliascheck.' value="0" onclick="javascript:checkWAF();" />'. |
| |
$lt{'vpnaliased'}.'</label></span></td></tr>'; |
| |
foreach my $item ('vpnint','vpnext') { |
| |
$datatable .= '<tr id="wafproxy_show_'.$item.'"'.$currwafvpn.'>'. |
| |
'<td valign="top">'.$lt{$item}.':<br />'. |
| |
'<textarea name="wafproxy_'.$item.'" rows="3" cols="80">'. |
| |
$values{$dom}{$item}.'</textarea>'. |
| |
'</td></tr>'."\n"; |
| |
} |
| |
$datatable .= '<tr><td><hr /></td></tr>'."\n". |
| |
'<tr>'. |
| |
'<td valign="top">'.$lt{'sslopt'}.':<br /><span class="LC_nobreak">'. |
| |
'<label><input type="radio" name="wafproxy_sslopt"'.$alltossl.' value="1" />'. |
| |
$lt{'alltossl'}.'</label>'.(' 'x2). |
| |
'<label><input type="radio" name="wafproxy_sslopt"'.$ssltossl.' value="0" />'. |
| |
$lt{'ssltossl'}.'</label></span></td></tr>'."\n". |
| |
'</table></td></tr>'; |
| } |
} |
| if (keys(%otherdoms)) { |
if (keys(%otherdoms)) { |
| foreach my $domain (sort(keys(%otherdoms))) { |
foreach my $domain (sort(keys(%otherdoms))) { |
| $itemcount ++; |
$itemcount ++; |
| $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
| $datatable .= '<tr'.$css_class.'>'. |
$datatable .= '<tr'.$css_class.'>'. |
| '<td class="LC_left_item">'.&mt('Domain: [_1]',$domain).'</td>'. |
'<td class="LC_left_item">'.&mt('Domain: [_1]','<b>'.$domain.'</b>').'</td>'. |
| '<td class="LC_left_item"><table>'; |
'<td class="LC_left_item"><table>'; |
| foreach my $item ('ipheader','trusted','vpnint','vpnext') { |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { |
| my $showval = &mt('None'); |
my $showval = &mt('None'); |
| |
if ($item eq 'ssl') { |
| |
$showval = $lt{'ssltossl'}; |
| |
} |
| if ($values{$domain}{$item}) { |
if ($values{$domain}{$item}) { |
| $showval = $values{$domain}{$item}; |
$showval = $values{$domain}{$item}; |
| |
if ($item eq 'ssl') { |
| |
$showval = $lt{'alltossl'}; |
| |
} elsif ($item eq 'remoteip') { |
| |
$showval = $ip_methods{$values{$domain}{$item}}; |
| |
} |
| } |
} |
| $datatable .= '<tr>'. |
$datatable .= '<tr>'. |
| '<td>'.$lt{$item}.': '.$showval.'</td></tr>'; |
'<td>'.$lt{$item}.': '.$showval.'</td></tr>'; |
| } |
} |
| $datatable .= '</table></td></tr>'; |
$datatable .= '</table></td></tr>'; |
| } |
} |
| } |
} |
| } |
} |
|
Line 7308 sub print_wafproxy {
|
Line 7545 sub print_wafproxy {
|
| |
|
| sub wafproxy_titles { |
sub wafproxy_titles { |
| return &Apache::lonlocal::texthash( |
return &Apache::lonlocal::texthash( |
| vpnint => 'Internal IP Range(s) for VPN sessions', |
remoteip => "Method for determining user's IP", |
| vpnext => 'IP Range for backend WAF connections', |
ipheader => 'Request header containing remote IP', |
| trusted => 'Trusted IP range(s)', |
trusted => 'Trusted IP range(s)', |
| ipheader => 'Custom request header', |
vpnaccess => 'Access from institutional VPN', |
| |
vpndirect => 'via regular hostname (no WAF)', |
| |
vpnaliased => 'via aliased hostname (WAF)', |
| |
vpnint => 'Internal IP Range(s) for VPN sessions', |
| |
vpnext => 'IP Range(s) for backend WAF connections', |
| |
sslopt => 'Forwarding http/https', |
| |
alltossl => 'WAF forwards both http and https requests to https', |
| |
ssltossl => 'WAF forwards http requests to http and https to https', |
| |
); |
| |
} |
| |
|
| |
sub remoteip_methods { |
| |
return &Apache::lonlocal::texthash( |
| |
m => 'Use Apache mod_remoteip', |
| |
h => 'Use headers parsed by LON-CAPA', |
| |
n => 'Not in use', |
| ); |
); |
| } |
} |
| |
|
|
Line 8350 sub contact_titles {
|
Line 8602 sub contact_titles {
|
| 'updatesmail' => 'E-mail from nightly check of LON-CAPA module integrity/updates', |
'updatesmail' => 'E-mail from nightly check of LON-CAPA module integrity/updates', |
| 'idconflictsmail' => 'E-mail from bi-nightly check for multiple users sharing same student/employee ID', |
'idconflictsmail' => 'E-mail from bi-nightly check for multiple users sharing same student/employee ID', |
| 'hostipmail' => 'E-mail from nightly check of hostname/IP network changes', |
'hostipmail' => 'E-mail from nightly check of hostname/IP network changes', |
| 'errorthreshold' => 'Error/warning threshold for status e-mail', |
'errorthreshold' => 'Error count threshold for status e-mail to admin(s)', |
| 'errorsysmail' => 'Error threshold for e-mail to core group', |
'errorsysmail' => 'Error count threshold for e-mail to developer group', |
| 'errorweights' => 'Weights used to compute error count', |
'errorweights' => 'Weights used to compute error count', |
| 'errorexcluded' => 'Servers with unsent updates excluded from count', |
'errorexcluded' => 'Servers with unsent updates excluded from count', |
| ); |
); |
|
Line 9401 sub print_defaults {
|
Line 9653 sub print_defaults {
|
| $datatable .= '</select> '.&mt('Internal ID:').' <b>'.$item.'</b> '. |
$datatable .= '</select> '.&mt('Internal ID:').' <b>'.$item.'</b> '. |
| '<input type="checkbox" name="inststatus_delete" value="'.$item.'" />'. |
'<input type="checkbox" name="inststatus_delete" value="'.$item.'" />'. |
| &mt('delete').'</span></td>'. |
&mt('delete').'</span></td>'. |
| '<td class="LC_left_item" colspan="2"><span class="LC_nobreak">'.&mt('Name displayed:'). |
'<td class="LC_left_item" colspan="2"><span class="LC_nobreak">'.&mt('Name displayed').':'. |
| '<input type="text" size="20" name="inststatus_title_'.$item.'" value="'.$title.'" />'. |
'<input type="text" size="20" name="inststatus_title_'.$item.'" value="'.$title.'" />'. |
| '</span></td></tr>'; |
'</span></td></tr>'; |
| } |
} |
|
Line 9421 sub print_defaults {
|
Line 9673 sub print_defaults {
|
| '<input type="text" size="10" name="addinststatus" value="" />'. |
'<input type="text" size="10" name="addinststatus" value="" />'. |
| ' '.&mt('(new)'). |
' '.&mt('(new)'). |
| '</span></td><td class="LC_left_item" colspan="2"><span class="LC_nobreak">'. |
'</span></td><td class="LC_left_item" colspan="2"><span class="LC_nobreak">'. |
| &mt('Name displayed:'). |
&mt('Name displayed').':'. |
| '<input type="text" size="20" name="addinststatus_title" value="" /></span></td>'. |
'<input type="text" size="20" name="addinststatus_title" value="" /></span></td>'. |
| '</tr>'."\n"; |
'</tr>'."\n"; |
| $rownum ++; |
$rownum ++; |
|
Line 10430 ENDSCRIPT
|
Line 10682 ENDSCRIPT
|
| sub initialize_categories { |
sub initialize_categories { |
| my ($itemcount) = @_; |
my ($itemcount) = @_; |
| my ($datatable,$css_class,$chgstr); |
my ($datatable,$css_class,$chgstr); |
| my %default_names = ( |
my %default_names = &Apache::lonlocal::texthash ( |
| instcode => 'Official courses (with institutional codes)', |
instcode => 'Official courses (with institutional codes)', |
| communities => 'Communities', |
communities => 'Communities', |
| placement => 'Placement Tests', |
placement => 'Placement Tests', |
|
Line 16372 sub modify_passwords {
|
Line 16624 sub modify_passwords {
|
| $resulttext .= '<li>'.&mt('E-mail address(es) in LON-CAPA used for verification will include: [_1]',join(', ',map { $titles{$_}; } @{$staticdefaults{'resetemail'}})).'</li>'; |
$resulttext .= '<li>'.&mt('E-mail address(es) in LON-CAPA used for verification will include: [_1]',join(', ',map { $titles{$_}; } @{$staticdefaults{'resetemail'}})).'</li>'; |
| } |
} |
| } else { |
} else { |
| $resulttext .= '<li>'.&mt('E-mail address(es) in LON-CAPA usedfor verification will include: [_1]',join(', ',map { $titles{$_}; } @{$staticdefaults{'resetemail'}})).'</li>'; |
$resulttext .= '<li>'.&mt('E-mail address(es) in LON-CAPA used for verification will include: [_1]',join(', ',map { $titles{$_}; } @{$staticdefaults{'resetemail'}})).'</li>'; |
| } |
} |
| if ($confighash{'passwords'}{'resetremove'}) { |
if ($confighash{'passwords'}{'resetremove'}) { |
| $resulttext .= '<li>'.&mt('Preamble to "Forgot Password" web form not shown').'</li>'; |
$resulttext .= '<li>'.&mt('Preamble to "Forgot Password" web form not shown').'</li>'; |
|
Line 19588 sub modify_wafproxy {
|
Line 19840 sub modify_wafproxy {
|
| my $serverdom = &Apache::lonnet::host_domain($server); |
my $serverdom = &Apache::lonnet::host_domain($server); |
| if ($serverdom eq $dom) { |
if ($serverdom eq $dom) { |
| $canset{$server} = 1; |
$canset{$server} = 1; |
| if (ref($domconfig{'wafproxy'}) eq 'HASH') { |
|
| %{$values{$dom}} = (); |
|
| if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { |
|
| %curralias = %{$domconfig{'wafproxy'}{'alias'}}; |
|
| } |
|
| foreach my $item ('ipheader','trusted','exempt') { |
|
| $currvalue{$item} = $domconfig{'wafproxy'}{$item}; |
|
| } |
|
| } |
|
| } |
} |
| } |
} |
| } |
} |
| |
if (ref($domconfig{'wafproxy'}) eq 'HASH') { |
| |
%{$values{$dom}} = (); |
| |
if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { |
| |
%curralias = %{$domconfig{'wafproxy'}{'alias'}}; |
| |
} |
| |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { |
| |
$currvalue{$item} = $domconfig{'wafproxy'}{$item}; |
| |
} |
| |
} |
| my $output; |
my $output; |
| if (keys(%canset)) { |
if (keys(%canset)) { |
| %{$wafproxy{'alias'}} = (); |
%{$wafproxy{'alias'}} = (); |
| foreach my $key (sort(keys(%canset))) { |
foreach my $key (sort(keys(%canset))) { |
| $wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key}; |
if ($env{'form.wafproxy_'.$dom}) { |
| $wafproxy{'alias'}{$key} =~ s/^\s+|\s+$//g; |
$wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key}; |
| if ($wafproxy{'alias'}{$key} ne $curralias{$key}) { |
$wafproxy{'alias'}{$key} =~ s/^\s+|\s+$//g; |
| $changes{'alias'} = 1; |
if ($wafproxy{'alias'}{$key} ne $curralias{$key}) { |
| |
$changes{'alias'} = 1; |
| |
} |
| |
} else { |
| |
$wafproxy{'alias'}{$key} = ''; |
| |
if ($curralias{$key}) { |
| |
$changes{'alias'} = 1; |
| |
} |
| } |
} |
| if ($wafproxy{'alias'}{$key} eq '') { |
if ($wafproxy{'alias'}{$key} eq '') { |
| if ($curralias{$key}) { |
if ($curralias{$key}) { |
|
Line 19622 sub modify_wafproxy {
|
Line 19881 sub modify_wafproxy {
|
| # Localization for values in %warn occus in &mt() calls separately. |
# Localization for values in %warn occus in &mt() calls separately. |
| my %warn = ( |
my %warn = ( |
| trusted => 'trusted IP range(s)', |
trusted => 'trusted IP range(s)', |
| exempt => 'exempt IP range(s)', |
vpnint => 'internal IP range(s) for VPN sessions(s)', |
| |
vpnext => 'IP range(s) for backend WAF connections', |
| ); |
); |
| foreach my $item ('ipheader','trusted','exempt') { |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { |
| my $possible = $env{'form.wafproxy_'.$item}; |
my $possible = $env{'form.wafproxy_'.$item}; |
| $possible =~ s/^\s+|\s+$//g; |
$possible =~ s/^\s+|\s+$//g; |
| if ($possible ne '') { |
if ($possible ne '') { |
| if ($item eq 'ipheader') { |
if ($item eq 'remoteip') { |
| $wafproxy{$item} = $possible; |
if ($possible =~ /^[mhn]$/) { |
| |
$wafproxy{$item} = $possible; |
| |
} |
| |
} elsif ($item eq 'ipheader') { |
| |
if ($wafproxy{'remoteip'} eq 'h') { |
| |
$wafproxy{$item} = $possible; |
| |
} |
| |
} elsif ($item eq 'sslopt') { |
| |
if ($possible =~ /^0|1$/) { |
| |
$wafproxy{$item} = $possible; |
| |
} |
| } else { |
} else { |
| my (@ok,$count); |
my (@ok,$count); |
| $possible =~ s/[\r\n]+/\s/g; |
if (($item eq 'vpnint') || ($item eq 'vpnext')) { |
| $possible =~ s/\s*-\s*/-/g; |
unless ($env{'form.wafproxy_vpnaccess'}) { |
| $possible =~ s/\s+/,/g; |
$possible = ''; |
| |
} |
| |
} elsif ($item eq 'trusted') { |
| |
unless ($wafproxy{'remoteip'} eq 'h') { |
| |
$possible = ''; |
| |
} |
| |
} |
| |
unless ($possible eq '') { |
| |
$possible =~ s/[\r\n]+/\s/g; |
| |
$possible =~ s/\s*-\s*/-/g; |
| |
$possible =~ s/\s+/,/g; |
| |
} |
| $count = 0; |
$count = 0; |
| if ($possible) { |
if ($possible ne '') { |
| foreach my $poss (split(/\,/,$possible)) { |
foreach my $poss (split(/\,/,$possible)) { |
| $count ++; |
$count ++; |
| if (&validate_ip_pattern($poss)) { |
if (&validate_ip_pattern($poss)) { |
|
Line 19653 sub modify_wafproxy {
|
Line 19934 sub modify_wafproxy {
|
| $diff,$warn{$item}). |
$diff,$warn{$item}). |
| '</li>'); |
'</li>'); |
| } |
} |
| if ($wafproxy{$item} ne $currvalue{$item}) { |
|
| $changes{$item} = 1; |
|
| } |
|
| } |
} |
| } |
} |
| } else { |
if ($wafproxy{$item} ne $currvalue{$item}) { |
| if ($currvalue{$item}) { |
|
| $changes{$item} = 1; |
$changes{$item} = 1; |
| } |
} |
| |
} elsif ($currvalue{$item}) { |
| |
$changes{$item} = 1; |
| |
} |
| |
} |
| |
} else { |
| |
if (keys(%curralias)) { |
| |
$changes{'alias'} = 1; |
| |
} |
| |
if (keys(%currvalue)) { |
| |
foreach my $key (keys(%currvalue)) { |
| |
$changes{$key} = 1; |
| } |
} |
| } |
} |
| } |
} |
|
Line 19674 sub modify_wafproxy {
|
Line 19962 sub modify_wafproxy {
|
| if ($putresult eq 'ok') { |
if ($putresult eq 'ok') { |
| my $cachetime = 24*60*60; |
my $cachetime = 24*60*60; |
| my (%domdefaults,$updatedomdefs); |
my (%domdefaults,$updatedomdefs); |
| foreach my $item ('ipheader','trusted','exempt') { |
foreach my $item ('ipheader','trusted','vpnint','vpnext','sslopt') { |
| if ($changes{$item}) { |
if ($changes{$item}) { |
| unless ($updatedomdefs) { |
unless ($updatedomdefs) { |
| %domdefaults = &Apache::lonnet::get_domain_defaults($dom); |
%domdefaults = &Apache::lonnet::get_domain_defaults($dom); |
|
Line 19711 sub modify_wafproxy {
|
Line 19999 sub modify_wafproxy {
|
| } |
} |
| } |
} |
| $output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'<ul>'; |
$output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'<ul>'; |
| foreach my $item ('alias','ipheader','trusted','exempt') { |
foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { |
| if ($changes{$item}) { |
if ($changes{$item}) { |
| if ($item eq 'alias') { |
if ($item eq 'alias') { |
| my $numaliased = 0; |
my $numaliased = 0; |
|
Line 19734 sub modify_wafproxy {
|
Line 20022 sub modify_wafproxy {
|
| $output .= '<li>'.&mt('Aliases deleted for hostnames').'</li>'; |
$output .= '<li>'.&mt('Aliases deleted for hostnames').'</li>'; |
| } |
} |
| } else { |
} else { |
| if ($item eq 'ipheader') { |
if ($item eq 'remoteip') { |
| |
my %ip_methods = &remoteip_methods(); |
| |
if ($wafproxy{$item} =~ /^[mh]$/) { |
| |
$output .= '<li>'.&mt("Method for determining user's IP set to: [_1]", |
| |
$ip_methods{$wafproxy{$item}}).'</li>'; |
| |
} else { |
| |
if (($env{'form.wafproxy_'.$dom}) && (ref($wafproxy{'alias'}) eq 'HASH')) { |
| |
$output .= '<li>'.&mt("No method in use to get user's real IP (will report IP used by WAF)."). |
| |
'</li>'; |
| |
} else { |
| |
$output .= '<li>'.&mt('WAF/Reverse Proxy not in use').'</li>'; |
| |
} |
| |
} |
| |
} elsif ($item eq 'ipheader') { |
| if ($wafproxy{$item}) { |
if ($wafproxy{$item}) { |
| $output .= '<li>'.&mt('Custom request header set to [_1]', |
$output .= '<li>'.&mt('Request header with remote IP set to: [_1]', |
| $wafproxy{$item}).'</li>'; |
$wafproxy{$item}).'</li>'; |
| } else { |
} else { |
| $output .= '<li>'.&mt('Custom request header deleted').'</li>'; |
$output .= '<li>'.&mt('Request header with remote IP deleted').'</li>'; |
| } |
} |
| } elsif ($item eq 'trusted') { |
} elsif ($item eq 'trusted') { |
| if ($wafproxy{$item}) { |
if ($wafproxy{$item}) { |
| $output .= '<li>'.&mt('Trusted IP range(s) set to [_1]', |
$output .= '<li>'.&mt('Trusted IP range(s) set to: [_1]', |
| $wafproxy{$item}).'</li>'; |
$wafproxy{$item}).'</li>'; |
| } else { |
} else { |
| $output .= '<li>'.&mt('Trusted IP range(s) deleted').'</li>'; |
$output .= '<li>'.&mt('Trusted IP range(s) deleted').'</li>'; |
| } |
} |
| } elsif ($item eq 'exempt') { |
} elsif ($item eq 'vpnint') { |
| |
if ($wafproxy{$item}) { |
| |
$output .= '<li>'.&mt('Internal IP Range(s) for VPN sessions set to: [_1]', |
| |
$wafproxy{$item}).'</li>'; |
| |
} else { |
| |
$output .= '<li>'.&mt('Internal IP Range(s) for VPN sessions deleted').'</li>'; |
| |
} |
| |
} elsif ($item eq 'vpnext') { |
| if ($wafproxy{$item}) { |
if ($wafproxy{$item}) { |
| $output .= '<li>'.&mt('Exempt IP range(s) set to [_1]', |
$output .= '<li>'.&mt('IP Range(s) for backend WAF connections set to: [_1]', |
| $wafproxy{$item}).'</li>'; |
$wafproxy{$item}).'</li>'; |
| } else { |
} else { |
| $output .= '<li>'.&mt('Exempt IP range(s) deleted').'</li>'; |
$output .= '<li>'.&mt('IP Range(s) for backend WAF connections deleted').'</li>'; |
| |
} |
| |
} elsif ($item eq 'sslopt') { |
| |
if ($wafproxy{$item}) { |
| |
$output .= '<li>'.&mt('WAF/Reverse Proxy expected to forward requests to https on LON-CAPA node, regardless of original protocol in web browser (http or https).').'</li>'; |
| |
} else { |
| |
$output .= '<li>'.&mt('WAF/Reverse Proxy expected to preserve original protocol in web browser (either http or https) when forwarding to LON-CAPA node.').'</li>'; |
| } |
} |
| } |
} |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to domainprefs.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / interface