'.
''.&mt('Domain: [_1]',''.$dom.' ').' '.
- ''.&mt('Format for comma separated IP ranges').':
'.
+ ''.
''.&mt('Domain: [_1]',$domain).' '.
'';
- foreach my $item ('ipheader','trusted','exempt') {
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
my $showval = &mt('None');
+ if ($item eq 'ssl') {
+ $showval = $lt{'ssltossl'};
+ }
if ($values{$domain}{$item}) {
- $showval = $values{$domain}{$item};
+ $showval = $values{$domain}{$item};
+ if ($item eq 'ssl') {
+ $showval = $lt{'alltossl'};
+ }
}
$datatable .= ''.
''.$lt{$item}.': '.$showval.' ';
}
- $datatable .= '
'.$item.' '.
''.&mt('Name displayed:').
+ ' '.&mt('Name displayed').':'.
' '.
- &mt('Name displayed:').
+ &mt('Name displayed').':'.
' '.&mt('E-mail address(es) in LON-CAPA used for verification will include: [_1]',join(', ',map { $titles{$_}; } @{$staticdefaults{'resetemail'}})).' ';
}
} else {
- $resulttext .= ''.&mt('E-mail address(es) in LON-CAPA usedfor verification will include: [_1]',join(', ',map { $titles{$_}; } @{$staticdefaults{'resetemail'}})).' ';
+ $resulttext .= ''.&mt('E-mail address(es) in LON-CAPA used for verification will include: [_1]',join(', ',map { $titles{$_}; } @{$staticdefaults{'resetemail'}})).' ';
}
if ($confighash{'passwords'}{'resetremove'}) {
$resulttext .= ''.&mt('Preamble to "Forgot Password" web form not shown').' ';
@@ -19587,26 +19836,33 @@ sub modify_wafproxy {
my $serverdom = &Apache::lonnet::host_domain($server);
if ($serverdom eq $dom) {
$canset{$server} = 1;
- if (ref($domconfig{'wafproxy'}) eq 'HASH') {
- %{$values{$dom}} = ();
- if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') {
- %curralias = %{$domconfig{'wafproxy'}{'alias'}};
- }
- foreach my $item ('ipheader','trusted','exempt') {
- $currvalue{$item} = $domconfig{'wafproxy'}{$item};
- }
- }
}
}
}
+ if (ref($domconfig{'wafproxy'}) eq 'HASH') {
+ %{$values{$dom}} = ();
+ if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') {
+ %curralias = %{$domconfig{'wafproxy'}{'alias'}};
+ }
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
+ $currvalue{$item} = $domconfig{'wafproxy'}{$item};
+ }
+ }
my $output;
if (keys(%canset)) {
%{$wafproxy{'alias'}} = ();
foreach my $key (sort(keys(%canset))) {
- $wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key};
- $wafproxy{'alias'}{$key} =~ s/^\s+|\s+$//g;
- if ($wafproxy{'alias'}{$key} ne $curralias{$key}) {
- $changes{'alias'} = 1;
+ if ($env{'form.wafproxy_'.$dom}) {
+ $wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key};
+ $wafproxy{'alias'}{$key} =~ s/^\s+|\s+$//g;
+ if ($wafproxy{'alias'}{$key} ne $curralias{$key}) {
+ $changes{'alias'} = 1;
+ }
+ } else {
+ $wafproxy{'alias'}{$key} = '';
+ if ($curralias{$key}) {
+ $changes{'alias'} = 1;
+ }
}
if ($wafproxy{'alias'}{$key} eq '') {
if ($curralias{$key}) {
@@ -19621,21 +19877,43 @@ sub modify_wafproxy {
# Localization for values in %warn occus in &mt() calls separately.
my %warn = (
trusted => 'trusted IP range(s)',
- exempt => 'exempt IP range(s)',
+ vpnint => 'internal IP range(s) for VPN sessions(s)',
+ vpnext => 'IP range(s) for backend WAF connections',
);
- foreach my $item ('ipheader','trusted','exempt') {
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
my $possible = $env{'form.wafproxy_'.$item};
$possible =~ s/^\s+|\s+$//g;
if ($possible ne '') {
- if ($item eq 'ipheader') {
- $wafproxy{$item} = $possible;
+ if ($item eq 'remoteip') {
+ if ($possible =~ /^[mhn]$/) {
+ $wafproxy{$item} = $possible;
+ }
+ } elsif ($item eq 'ipheader') {
+ if ($wafproxy{'remoteip'} eq 'h') {
+ $wafproxy{$item} = $possible;
+ }
+ } elsif ($item eq 'sslopt') {
+ if ($possible =~ /^0|1$/) {
+ $wafproxy{$item} = $possible;
+ }
} else {
my (@ok,$count);
- $possible =~ s/[\r\n]+/\s/g;
- $possible =~ s/\s*-\s*/-/g;
- $possible =~ s/\s+/,/g;
+ if (($item eq 'vpnint') || ($item eq 'vpnext')) {
+ unless ($env{'form.wafproxy_vpnaccess'}) {
+ $possible = '';
+ }
+ } elsif ($item eq 'trusted') {
+ unless ($wafproxy{'remoteip'} eq 'h') {
+ $possible = '';
+ }
+ }
+ unless ($possible eq '') {
+ $possible =~ s/[\r\n]+/\s/g;
+ $possible =~ s/\s*-\s*/-/g;
+ $possible =~ s/\s+/,/g;
+ }
$count = 0;
- if ($possible) {
+ if ($possible ne '') {
foreach my $poss (split(/\,/,$possible)) {
$count ++;
if (&validate_ip_pattern($poss)) {
@@ -19652,15 +19930,22 @@ sub modify_wafproxy {
$diff,$warn{$item}).
'');
}
- if ($wafproxy{$item} ne $currvalue{$item}) {
- $changes{$item} = 1;
- }
}
}
- } else {
- if ($currvalue{$item}) {
+ if ($wafproxy{$item} ne $currvalue{$item}) {
$changes{$item} = 1;
}
+ } elsif ($currvalue{$item}) {
+ $changes{$item} = 1;
+ }
+ }
+ } else {
+ if (keys(%curralias)) {
+ $changes{'alias'} = 1;
+ }
+ if (keys(%currvalue)) {
+ foreach my $key (keys(%currvalue)) {
+ $changes{$key} = 1;
}
}
}
@@ -19673,7 +19958,7 @@ sub modify_wafproxy {
if ($putresult eq 'ok') {
my $cachetime = 24*60*60;
my (%domdefaults,$updatedomdefs);
- foreach my $item ('ipheader','trusted','exempt') {
+ foreach my $item ('ipheader','trusted','vpnint','vpnext','sslopt') {
if ($changes{$item}) {
unless ($updatedomdefs) {
%domdefaults = &Apache::lonnet::get_domain_defaults($dom);
@@ -19710,7 +19995,7 @@ sub modify_wafproxy {
}
}
$output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'';
- foreach my $item ('alias','ipheader','trusted','exempt') {
+ foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
if ($changes{$item}) {
if ($item eq 'alias') {
my $numaliased = 0;
@@ -19733,26 +20018,52 @@ sub modify_wafproxy {
$output .= ''.&mt('Aliases deleted for hostnames').' ';
}
} else {
- if ($item eq 'ipheader') {
+ if ($item eq 'remoteip') {
+ my %ip_methods = &remoteip_methods();
+ if ($wafproxy{$item} =~ /^[mh]$/) {
+ $output .= ''.&mt("Method for determining user's IP set to: [_1]",
+ $ip_methods{$wafproxy{$item}}).' ';
+ } else {
+ if (($env{'form.wafproxy_'.$dom}) && (ref($wafproxy{'alias'}) eq 'HASH')) {
+ $output .= ''.&mt("No method in use to get user's real IP (will report IP used by WAF).").
+ ' ';
+ } else {
+ $output .= ''.&mt('WAF/Reverse Proxy not in use').' ';
+ }
+ }
+ } elsif ($item eq 'ipheader') {
if ($wafproxy{$item}) {
- $output .= ''.&mt('Custom request header set to [_1]',
+ $output .= ' '.&mt('Request header with remote IP set to: [_1]',
$wafproxy{$item}).' ';
} else {
- $output .= ''.&mt('Custom request header deleted').' ';
+ $output .= ''.&mt('Request header with remote IP deleted').' ';
}
} elsif ($item eq 'trusted') {
if ($wafproxy{$item}) {
- $output .= ''.&mt('Trusted IP range(s) set to [_1]',
+ $output .= ' '.&mt('Trusted IP range(s) set to: [_1]',
$wafproxy{$item}).' ';
} else {
$output .= ''.&mt('Trusted IP range(s) deleted').' ';
}
- } elsif ($item eq 'exempt') {
+ } elsif ($item eq 'vpnint') {
+ if ($wafproxy{$item}) {
+ $output .= ''.&mt('Internal IP Range(s) for VPN sessions set to: [_1]',
+ $wafproxy{$item}).' ';
+ } else {
+ $output .= ''.&mt('Internal IP Range(s) for VPN sessions deleted').' ';
+ }
+ } elsif ($item eq 'vpnext') {
if ($wafproxy{$item}) {
- $output .= ''.&mt('Exempt IP range(s) set to [_1]',
+ $output .= ' '.&mt('IP Range(s) for backend WAF connections set to: [_1]',
$wafproxy{$item}).' ';
} else {
- $output .= ''.&mt('Exempt IP range(s) deleted').' ';
+ $output .= ''.&mt('IP Range(s) for backend WAF connections deleted').' ';
+ }
+ } elsif ($item eq 'sslopt') {
+ if ($wafproxy{$item}) {
+ $output .= ''.&mt('WAF/Reverse Proxy expected to forward requests to https on LON-CAPA node, regardless of original protocol in web browser (http or https).').' ';
+ } else {
+ $output .= ''.&mt('WAF/Reverse Proxy expected to preserve original protocol in web browser (either http or https) when forwarding to LON-CAPA node.').' ';
}
}
}
500 Internal Server Error
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
Please contact the server administrator at
root@localhost to inform them of the time this error occurred,
and the actions you performed just before this error.
More information about this error may be available
in the server error log.