--- loncom/interface/domainprefs.pm 2021/03/06 13:39:54 1.380 +++ loncom/interface/domainprefs.pm 2021/09/01 00:21:52 1.385 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Handler to set domain-wide configuration settings # -# $Id: domainprefs.pm,v 1.380 2021/03/06 13:39:54 raeburn Exp $ +# $Id: domainprefs.pm,v 1.385 2021/09/01 00:21:52 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -223,7 +223,7 @@ sub handler { 'ltitools','ssl','trust','lti','privacy','passwords', 'proctoring','wafproxy'],$dom); my %encconfig = - &Apache::lonnet::get_dom('encconfig',['ltitools','lti','proctoring'],$dom); + &Apache::lonnet::get_dom('encconfig',['ltitools','lti','proctoring'],$dom,undef,1); if (ref($domconfig{'ltitools'}) eq 'HASH') { if (ref($encconfig{'ltitools'}) eq 'HASH') { foreach my $id (keys(%{$domconfig{'ltitools'}})) { @@ -311,16 +311,16 @@ sub handler { print => \&print_defaults, modify => \&modify_defaults, }, - 'wafproxy' => - { text => 'Web Application Firewall/Reverse Proxy', + 'wafproxy' => + { text => 'Web Application Firewall/Reverse Proxy', help => 'Domain_Configuration_WAF_Proxy', - header => [{col1 => 'Domain server', - col2 => 'Alias for WAF/Reverse Proxy', + header => [{col1 => 'Domain(s)', + col2 => 'Servers and WAF/Reverse Proxy alias(es)', }, - {col1 => 'Setting', - col2 => 'Value',}], + {col1 => 'Domain(s)', + col2 => 'WAF Configuration',}], print => \&print_wafproxy, - modify => \&modify_wafproxy, + modify => \&modify_wafproxy, }, 'passwords' => { text => 'Passwords (Internal authentication)', @@ -855,6 +855,10 @@ sub print_config_box { $output .= <i_javascript($settings); } elsif ($action eq 'proctoring') { $output .= &proctoring_javascript($settings); + } elsif ($action eq 'wafproxy') { + $output .= &wafproxy_javascript($dom); + } elsif ($action eq 'autoupdate') { + $output .= &autoupdate_javascript(); } $output .= ' @@ -2844,6 +2848,121 @@ function toggleLTITools(form,setting,ite ENDSCRIPT } +sub wafproxy_javascript { + my ($dom) = @_; + return <<"ENDSCRIPT"; + + +ENDSCRIPT +} + sub proctoring_javascript { my ($settings) = @_; my (%ordered,$total,%jstext); @@ -3194,6 +3313,41 @@ function toggleLTI(form,setting,item) { ENDSCRIPT } +sub autoupdate_javascript { + return <<"ENDSCRIPT"; + + +ENDSCRIPT +} + sub print_autoenroll { my ($dom,$settings,$rowtotal) = @_; my $autorun = &Apache::lonnet::auto_run(undef,$dom), @@ -3280,42 +3434,69 @@ sub print_autoenroll { sub print_autoupdate { my ($position,$dom,$settings,$rowtotal) = @_; - my $datatable; + my ($enable,$datatable); if ($position eq 'top') { + my %choices = &Apache::lonlocal::texthash ( + run => 'Auto-update active?', + classlists => 'Update information in classlists?', + unexpired => 'Skip updates for users without active or future roles?', + lastactive => 'Skip updates for inactive users?', + ); + my $itemcount = 0; my $updateon = ' '; my $updateoff = ' checked="checked" '; - my $classlistson = ' '; - my $classlistsoff = ' checked="checked" '; if (ref($settings) eq 'HASH') { if ($settings->{'run'} eq '1') { $updateon = $updateoff; $updateoff = ' '; } - if ($settings->{'classlists'} eq '1') { - $classlistson = $classlistsoff; - $classlistsoff = ' '; - } } - my %title = ( - run => 'Auto-update active?', - classlists => 'Update information in classlists?', - ); - $datatable = ''. - ''. - ''. + ''. + ''. - ''. - ''. - ''. + $updateon.'value="1" />'.&mt('Yes').''. ''; - $$rowtotal += 2; + my @toggles = ('classlists','unexpired'); + my %defaultchecked = ('classlists' => 'off', + 'unexpired' => 'off' + ); + $$rowtotal ++; + ($datatable,$itemcount) = &radiobutton_prefs($settings,\@toggles,\%defaultchecked, + \%choices,$itemcount,'','','left','no'); + $datatable = $enable.$datatable; + $$rowtotal += $itemcount; + my $lastactiveon = ' '; + my $lastactiveoff = ' checked="checked" '; + my $lastactivestyle = 'none'; + my $lastactivedays; + my $onclick = ' onclick="javascript:toggleLastActiveDays(this.form);"'; + if (ref($settings) eq 'HASH') { + if ($settings->{'lastactive'} =~ /^\d+$/) { + $lastactiveon = $lastactiveoff; + $lastactiveoff = ' '; + $lastactivestyle = 'inline-block'; + $lastactivedays = $settings->{'lastactive'}; + } + } + my $css_class = $itemcount%2?' class="LC_odd_row"':''; + $datatable .= ''. + ''. + ''. + ''; + $$rowtotal ++; } elsif ($position eq 'middle') { my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); my $numinrow = 3; @@ -4444,7 +4625,7 @@ sub helpdeskroles_access { sub radiobutton_prefs { my ($settings,$toggles,$defaultchecked,$choices,$itemcount,$onclick, - $additional,$align) = @_; + $additional,$align,$firstval) = @_; return unless ((ref($toggles) eq 'ARRAY') && (ref($defaultchecked) eq 'HASH') && (ref($choices) eq 'HASH')); @@ -4484,15 +4665,21 @@ sub radiobutton_prefs { } else { $datatable .= ''. - ''; + $datatable .= ''; + if ($firstval eq 'no') { + $datatable .= + ' '; + } else { + $datatable .= + ' '; + } + $datatable .= ''.$additional.''; $itemcount ++; } return ($datatable,$itemcount); @@ -7178,121 +7365,247 @@ sub print_wafproxy { my $itemcount = 0; my $datatable; my %servers = &Apache::lonnet::internet_dom_servers($dom); - my (%othercontrol,%otherdoms,%aliases,%values,$setdom); + my (%othercontrol,%otherdoms,%aliases,%values,$setdom,$showdom); my %lt = &wafproxy_titles(); foreach my $server (sort(keys(%servers))) { my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server}); + next if ($serverhome eq ''); my $serverdom; if ($serverhome ne $server) { $serverdom = &Apache::lonnet::host_domain($serverhome); - $othercontrol{$server} = $serverdom; + if (($serverdom ne '') && (&Apache::lonnet::domain($serverdom) ne '')) { + $othercontrol{$server} = $serverdom; + } } else { $serverdom = &Apache::lonnet::host_domain($server); + next if (($serverdom eq '') || (&Apache::lonnet::domain($serverdom) eq '')); if ($serverdom ne $dom) { $othercontrol{$server} = $serverdom; } else { $setdom = 1; if (ref($settings) eq 'HASH') { - %{$values{$dom}} = (); if (ref($settings->{'alias'}) eq 'HASH') { $aliases{$dom} = $settings->{'alias'}; - } - foreach my $item ('ipheader','trusted','vpnint','vpnext') { - $values{$dom}{$item} = $settings->{$item}; + if ($aliases{$dom} ne '') { + $showdom = 1; + } } } } } } + if ($setdom) { + %{$values{$dom}} = (); + if (ref($settings) eq 'HASH') { + foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { + $values{$dom}{$item} = $settings->{$item}; + } + } + } if (keys(%othercontrol)) { %otherdoms = reverse(%othercontrol); foreach my $domain (keys(%otherdoms)) { %{$values{$domain}} = (); my %config = &Apache::lonnet::get_dom('configuration',['wafproxy'],$domain); - if (ref($config{$domain}) eq 'HASH') { - if (ref($config{$domain}{'wafproxy'}) eq 'HASH') { - $aliases{$domain} = $config{$domain}{'wafproxy'}{'alias'}; - foreach my $item ('ipheader','trusted','vpnint','vpnext') { - $values{$domain}{$item} = $config{$domain}{'wafproxy'}{$item}; - } + if (ref($config{'wafproxy'}) eq 'HASH') { + $aliases{$domain} = $config{'wafproxy'}{'alias'}; + foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { + $values{$domain}{$item} = $config{'wafproxy'}{$item}; } } } } if ($position eq 'top') { my %servers = &Apache::lonnet::internet_dom_servers($dom); + my %aliasinfo; foreach my $server (sort(keys(%servers))) { - $itemcount ++; - $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; - $datatable .= ''. - ''. - ''. + ''; if ($othercontrol{$server}) { + $dom_in_effect = $othercontrol{$server}; my $current; - if (ref($aliases{$othercontrol{$server}}) eq 'HASH') { - $current = $aliases{$othercontrol{$server}{$server}}; + if (ref($aliases{$dom_in_effect}) eq 'HASH') { + $current = $aliases{$dom_in_effect}{$server}; } + $aliasrows .= ''; } else { + $dom_in_effect = $dom; my $current; if (ref($aliases{$dom}) eq 'HASH') { if ($aliases{$dom}{$server}) { $current = $aliases{$dom}{$server}; } } - $datatable .= ''; + $aliasrows .= ''; + } + $aliasrows .= ''; + $aliasinfo{$dom_in_effect} .= $aliasrows; + } + if ($aliasinfo{$dom}) { + my ($onclick,$wafon,$wafoff,$showtable); + $onclick = ' onclick="javascript:toggleWAF();"'; + $wafoff = ' checked="checked"'; + $showtable = ' style="display:none";'; + if ($showdom) { + $wafon = $wafoff; + $wafoff = ''; + $showtable = ' style="display:inline;"'; + } + $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; + $datatable = ''. + ''. + ''; + $itemcount++; + } + if (keys(%otherdoms)) { + foreach my $key (sort(keys(%otherdoms))) { + $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; + $datatable .= ''. + ''. + ''; + $itemcount++; } - $datatable .= ''; } } else { + my %ip_methods = &remoteip_methods(); if ($setdom) { $itemcount ++; $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; - $datatable .= ''. + my ($nowafstyle,$wafstyle,$curr_remotip,$currwafdisplay,$vpndircheck,$vpnaliascheck, + $currwafvpn,$wafrangestyle,$alltossl,$ssltossl); + $wafstyle = ' style="display:none;"'; + $nowafstyle = ' style="display:table-row;"'; + $currwafdisplay = ' style="display: none"'; + $wafrangestyle = ' style="display: none"'; + $curr_remotip = 'n'; + $ssltossl = ' checked="checked"'; + if ($showdom) { + $wafstyle = ' style="display:table-row;"'; + $nowafstyle = ' style="display:none;"'; + if (keys(%{$values{$dom}})) { + if ($values{$dom}{remoteip} =~ /^[nmh]$/) { + $curr_remotip = $values{$dom}{remoteip}; + } + if ($curr_remotip eq 'h') { + $currwafdisplay = ' style="display:table-row"'; + $wafrangestyle = ' style="display:inline-block;"'; + } + if ($values{$dom}{'sslopt'}) { + $alltossl = ' checked="checked"'; + $ssltossl = ''; + } + } + if (($values{$dom}{'vpnint'} ne '') || ($values{$dom}{'vpnext'} ne '')) { + $vpndircheck = ' checked="checked"'; + $currwafvpn = ' style="display:table-row;"'; + $wafrangestyle = ' style="display:inline-block;"'; + } else { + $vpnaliascheck = ' checked="checked"'; + $currwafvpn = ' style="display:none;"'; + } + } + $datatable .= ''. + ''. + ''. + ''. + ''. ''. - ''; + '
'.&mt('Format for comma separated IP ranges').':
'. + &mt('A.B.C.D/N or A.B.C.D-E.F.G.H').'
'. + ''; } if (keys(%otherdoms)) { foreach my $domain (sort(keys(%otherdoms))) { $itemcount ++; $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; $datatable .= ''. - ''. + ''. ''; + $datatable .= '
'.&mt($title{'run'}).'
'.$choices{'run'}.' '. + $updateoff.' value="0" />'.&mt('No').' '. '
'.&mt($title{'classlists'}).''. - ' '. - '
'.$choices{'lastactive'}.''. + ' '. + '
'. + ': '.&mt('inactive = no activity in last [_1] days', + ''). + '
'; } - $datatable .= - ''. - ' '. - ''.$additional. - '
'.&mt('Hostname').': '. - &Apache::lonnet::hostname($server).''; + $itemcount ++; + my $dom_in_effect; + my $aliasrows = '
'. + &mt('Hostname').': '. + ''.&Apache::lonnet::hostname($server).' '. + &mt('Alias').': '; if ($current) { - $datatable .= $current; + $aliasrows .= $current; } else { - $datatable .= &mt('None in effect'); + $aliasrows .= &mt('None'); } - $datatable .= '
('. - &mt('WAF/Reverse Proxy controlled by domain: [_1]', - ''.$othercontrol{$server}.'').''; + $aliasrows .= ' ('. + &mt('controlled by domain: [_1]', + ''.$dom_in_effect.'').')		'. + &mt('Alias').': '. + '
'.&mt('Domain: [_1]',''.$dom.'').'
'. + ''.&mt('WAF in use?').' '.(' 'x2).'		'. + ''.$aliasinfo{$dom}. + '
'.&mt('Domain: [_1]',''.$key.'').''.$aliasinfo{$key}. + '
'.&mt('Domain: [_1]',''.$dom.'').''.&mt('WAF not in use, nothing to set').'
'.&mt('Domain: [_1]',''.$dom.'').'

'. - &mt('Format for comma separated IP blocks').':
'. - &mt('A.B.C.D/N or A.B.C.D - E.F.G.H').'		'; - foreach my $item ('ipheader','trusted','vpnint','vpnext') { - $datatable .= ''. - ''; - } - $datatable .= '
'.$lt{$item}.': '; - if ($item eq 'ipheader') { - $datatable .= ''; - - } else { - $datatable .= ''; - } - $datatable .= '
'. + ''. + ''."\n". + ''."\n". + ''."\n". + ''."\n". + ''. + ''; + foreach my $item ('vpnint','vpnext') { + $datatable .= ''. + ''."\n"; + } + $datatable .= ''."\n". + ''. + ''."\n". + '
'.$lt{'remoteip'}.': '. + '
'. + $lt{'ipheader'}.': '. + ''. + '
'. + $lt{'trusted'}.':
'. + ''. + '
'.$lt{'vpnaccess'}.':
'. + ''.(' 'x2). + '
'.$lt{$item}.':
'. + ''. + '
'.$lt{'sslopt'}.':
'. + ''.(' 'x2). + '
'.&mt('Domain: [_1]',$domain).''.&mt('Domain: [_1]',''.$domain.'').''; - foreach my $item ('ipheader','trusted','vpnint','vpnext') { + foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { my $showval = &mt('None'); + if ($item eq 'ssl') { + $showval = $lt{'ssltossl'}; + } if ($values{$domain}{$item}) { - $showval = $values{$domain}{$item}; + $showval = $values{$domain}{$item}; + if ($item eq 'ssl') { + $showval = $lt{'alltossl'}; + } elsif ($item eq 'remoteip') { + $showval = $ip_methods{$values{$domain}{$item}}; + } } $datatable .= ''. ''; } - $datatable .= '
'.$lt{$item}.': '.$showval.'
'; } } } @@ -7302,10 +7615,25 @@ sub print_wafproxy { sub wafproxy_titles { return &Apache::lonlocal::texthash( - vpnint => 'Internal IP Range(s) for VPN sessions', - vpnext => 'IP Range for backend WAF connections', - trusted => 'Trusted IP range(s)', - ipheader => 'Custom request header', + remoteip => "Method for determining user's IP", + ipheader => 'Request header containing remote IP', + trusted => 'Trusted IP range(s)', + vpnaccess => 'Access from institutional VPN', + vpndirect => 'via regular hostname (no WAF)', + vpnaliased => 'via aliased hostname (WAF)', + vpnint => 'Internal IP Range(s) for VPN sessions', + vpnext => 'IP Range(s) for backend WAF connections', + sslopt => 'Forwarding http/https', + alltossl => 'WAF forwards both http and https requests to https', + ssltossl => 'WAF forwards http requests to http and https to https', + ); +} + +sub remoteip_methods { + return &Apache::lonlocal::texthash( + m => 'Use Apache mod_remoteip', + h => 'Use headers parsed by LON-CAPA', + n => 'Not in use', ); } @@ -13269,7 +13597,7 @@ sub modify_ltitools { my %ltienchash = ( $action => { %encconfig } ); - &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom); + &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom,undef,1); if (keys(%changes) > 0) { my $cachetime = 24*60*60; my %ltiall = %confhash; @@ -13843,7 +14171,7 @@ sub modify_proctoring { my %proc_enchash = ( $action => { %encconfhash } ); - &Apache::lonnet::put_dom('encconfig',\%proc_enchash,$dom); + &Apache::lonnet::put_dom('encconfig',\%proc_enchash,$dom,undef,1); if (keys(%changes) > 0) { my $cachetime = 24*60*60; my %procall = %confhash; @@ -14335,7 +14663,7 @@ sub modify_lti { my %ltienchash = ( $action => { %encconfig } ); - &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom); + &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom,undef,1); if (keys(%changes) > 0) { my $cachetime = 24*60*60; my %ltiall = %confhash; @@ -14677,8 +15005,10 @@ sub modify_autoupdate { } my @offon = ('off','on'); my %title = &Apache::lonlocal::texthash ( - run => 'Auto-update:', - classlists => 'Updates to user information in classlists?' + run => 'Auto-update:', + classlists => 'Updates to user information in classlists?', + unexpired => 'Skip updates for users without active or future roles?', + lastactive => 'Skip updates for inactive users?', ); my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom); my %fieldtitles = &Apache::lonlocal::texthash ( @@ -14722,12 +15052,23 @@ sub modify_autoupdate { my %updatehash = ( autoupdate => { run => $env{'form.autoupdate_run'}, classlists => $env{'form.classlists'}, + unexpired => $env{'form.unexpired'}, fields => {%fields}, lockablenames => \@lockablenames, } ); + my $lastactivedays; + if ($env{'form.lastactive'}) { + $lastactivedays = $env{'form.lastactivedays'}; + $lastactivedays =~ s/^\s+|\s+$//g; + unless ($lastactivedays =~ /^\d+$/) { + undef($lastactivedays); + $env{'form.lastactive'} = 0; + } + } + $updatehash{'autoupdate'}{'lastactive'} = $lastactivedays; foreach my $key (keys(%currautoupdate)) { - if (($key eq 'run') || ($key eq 'classlists')) { + if (($key eq 'run') || ($key eq 'classlists') || ($key eq 'unexpired') || ($key eq 'lastactive')) { if (exists($updatehash{autoupdate}{$key})) { if ($currautoupdate{$key} ne $updatehash{autoupdate}{$key}) { $changes{$key} = 1; @@ -14773,6 +15114,16 @@ sub modify_autoupdate { $changes{'lockablenames'} = 1; } } + unless (grep(/^unexpired$/,keys(%currautoupdate))) { + if ($updatehash{'autoupdate'}{'unexpired'}) { + $changes{'unexpired'} = 1; + } + } + unless (grep(/^lastactive$/,keys(%currautoupdate))) { + if ($updatehash{'autoupdate'}{'lastactive'} ne '') { + $changes{'lastactive'} = 1; + } + } foreach my $item (@{$types},'default') { if (defined($fields{$item})) { if (ref($currautoupdate{'fields'}) eq 'HASH') { @@ -14835,6 +15186,11 @@ sub modify_autoupdate { my $newvalue; if ($key eq 'run') { $newvalue = $offon[$env{'form.autoupdate_run'}]; + } elsif ($key eq 'lastactive') { + $newvalue = $offon[$env{'form.lastactive'}]; + unless ($lastactivedays eq '') { + $newvalue .= '; '.&mt('inactive = no activity in last [quant,_1,day]',$lastactivedays); + } } else { $newvalue = $offon[$env{'form.'.$key}]; } @@ -19582,26 +19938,33 @@ sub modify_wafproxy { my $serverdom = &Apache::lonnet::host_domain($server); if ($serverdom eq $dom) { $canset{$server} = 1; - if (ref($domconfig{'wafproxy'}) eq 'HASH') { - %{$values{$dom}} = (); - if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { - %curralias = %{$domconfig{'wafproxy'}{'alias'}}; - } - foreach my $item ('ipheader','trusted','exempt') { - $currvalue{$item} = $domconfig{'wafproxy'}{$item}; - } - } } } } + if (ref($domconfig{'wafproxy'}) eq 'HASH') { + %{$values{$dom}} = (); + if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { + %curralias = %{$domconfig{'wafproxy'}{'alias'}}; + } + foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { + $currvalue{$item} = $domconfig{'wafproxy'}{$item}; + } + } my $output; if (keys(%canset)) { %{$wafproxy{'alias'}} = (); foreach my $key (sort(keys(%canset))) { - $wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key}; - $wafproxy{'alias'}{$key} =~ s/^\s+|\s+$//g; - if ($wafproxy{'alias'}{$key} ne $curralias{$key}) { - $changes{'alias'} = 1; + if ($env{'form.wafproxy_'.$dom}) { + $wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key}; + $wafproxy{'alias'}{$key} =~ s/^\s+|\s+$//g; + if ($wafproxy{'alias'}{$key} ne $curralias{$key}) { + $changes{'alias'} = 1; + } + } else { + $wafproxy{'alias'}{$key} = ''; + if ($curralias{$key}) { + $changes{'alias'} = 1; + } } if ($wafproxy{'alias'}{$key} eq '') { if ($curralias{$key}) { @@ -19616,21 +19979,43 @@ sub modify_wafproxy { # Localization for values in %warn occus in &mt() calls separately. my %warn = ( trusted => 'trusted IP range(s)', - exempt => 'exempt IP range(s)', + vpnint => 'internal IP range(s) for VPN sessions(s)', + vpnext => 'IP range(s) for backend WAF connections', ); - foreach my $item ('ipheader','trusted','exempt') { + foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { my $possible = $env{'form.wafproxy_'.$item}; $possible =~ s/^\s+|\s+$//g; if ($possible ne '') { - if ($item eq 'ipheader') { - $wafproxy{$item} = $possible; + if ($item eq 'remoteip') { + if ($possible =~ /^[mhn]$/) { + $wafproxy{$item} = $possible; + } + } elsif ($item eq 'ipheader') { + if ($wafproxy{'remoteip'} eq 'h') { + $wafproxy{$item} = $possible; + } + } elsif ($item eq 'sslopt') { + if ($possible =~ /^0|1$/) { + $wafproxy{$item} = $possible; + } } else { my (@ok,$count); - $possible =~ s/[\r\n]+/\s/g; - $possible =~ s/\s*-\s*/-/g; - $possible =~ s/\s+/,/g; + if (($item eq 'vpnint') || ($item eq 'vpnext')) { + unless ($env{'form.wafproxy_vpnaccess'}) { + $possible = ''; + } + } elsif ($item eq 'trusted') { + unless ($wafproxy{'remoteip'} eq 'h') { + $possible = ''; + } + } + unless ($possible eq '') { + $possible =~ s/[\r\n]+/\s/g; + $possible =~ s/\s*-\s*/-/g; + $possible =~ s/\s+/,/g; + } $count = 0; - if ($possible) { + if ($possible ne '') { foreach my $poss (split(/\,/,$possible)) { $count ++; if (&validate_ip_pattern($poss)) { @@ -19647,15 +20032,22 @@ sub modify_wafproxy { $diff,$warn{$item}). ''); } - if ($wafproxy{$item} ne $currvalue{$item}) { - $changes{$item} = 1; - } } } - } else { - if ($currvalue{$item}) { + if ($wafproxy{$item} ne $currvalue{$item}) { $changes{$item} = 1; } + } elsif ($currvalue{$item}) { + $changes{$item} = 1; + } + } + } else { + if (keys(%curralias)) { + $changes{'alias'} = 1; + } + if (keys(%currvalue)) { + foreach my $key (keys(%currvalue)) { + $changes{$key} = 1; } } } @@ -19668,7 +20060,7 @@ sub modify_wafproxy { if ($putresult eq 'ok') { my $cachetime = 24*60*60; my (%domdefaults,$updatedomdefs); - foreach my $item ('ipheader','trusted','exempt') { + foreach my $item ('ipheader','trusted','vpnint','vpnext','sslopt') { if ($changes{$item}) { unless ($updatedomdefs) { %domdefaults = &Apache::lonnet::get_domain_defaults($dom); @@ -19705,7 +20097,7 @@ sub modify_wafproxy { } } $output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'