--- loncom/interface/domainprefs.pm 2021/04/18 02:08:46 1.381 +++ loncom/interface/domainprefs.pm 2021/05/28 01:26:02 1.383 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Handler to set domain-wide configuration settings # -# $Id: domainprefs.pm,v 1.381 2021/04/18 02:08:46 raeburn Exp $ +# $Id: domainprefs.pm,v 1.383 2021/05/28 01:26:02 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -7337,12 +7337,10 @@ sub print_wafproxy { foreach my $domain (keys(%otherdoms)) { %{$values{$domain}} = (); my %config = &Apache::lonnet::get_dom('configuration',['wafproxy'],$domain); - if (ref($config{$domain}) eq 'HASH') { - if (ref($config{$domain}{'wafproxy'}) eq 'HASH') { - $aliases{$domain} = $config{$domain}{'wafproxy'}{'alias'}; - foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { - $values{$domain}{$item} = $config{$domain}{'wafproxy'}{$item}; - } + if (ref($config{'wafproxy'}) eq 'HASH') { + $aliases{$domain} = $config{'wafproxy'}{'alias'}; + foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { + $values{$domain}{$item} = $config{'wafproxy'}{$item}; } } } @@ -7354,22 +7352,25 @@ sub print_wafproxy { $itemcount ++; my $dom_in_effect; my $aliasrows = ''. - ''.&mt('Hostname').': '. - &Apache::lonnet::hostname($server).''; + ''. + &mt('Hostname').': '. + ''.&Apache::lonnet::hostname($server).' '; if ($othercontrol{$server}) { $dom_in_effect = $othercontrol{$server}; my $current; - if (ref($aliases{$othercontrol{$server}}) eq 'HASH') { - $current = $aliases{$othercontrol{$server}{$server}}; + if (ref($aliases{$dom_in_effect}) eq 'HASH') { + $current = $aliases{$dom_in_effect}{$server}; } + $aliasrows .= ''. + &mt('Alias').': '; if ($current) { $aliasrows .= $current; } else { - $aliasrows .= &mt('None in effect'); + $aliasrows .= &mt('None'); } - $aliasrows .= '('. - &mt('WAF/Reverse Proxy controlled by domain: [_1]', - ''.$othercontrol{$server}.'').''; + $aliasrows .= ' ('. + &mt('controlled by domain: [_1]', + ''.$dom_in_effect.'').')'; } else { $dom_in_effect = $dom; my $current; @@ -7378,7 +7379,8 @@ sub print_wafproxy { $current = $aliases{$dom}{$server}; } } - $aliasrows .= ''.&mt('WAF/Reverse Proxy Alias').': '. + $aliasrows .= ''. + &mt('Alias').': '. ''; } @@ -7408,27 +7410,29 @@ sub print_wafproxy { ''; $itemcount++; } - if (keys(%othercontrol)) { - foreach my $key (sort(keys(%othercontrol))) { + if (keys(%otherdoms)) { + foreach my $key (sort(keys(%otherdoms))) { $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; - $datatable = ''. - ''.&mt('Domain: [_1]',''.$key.'').''. - ''.$aliasinfo{$key}. - '
'; + $datatable .= ''. + ''.&mt('Domain: [_1]',''.$key.'').''. + ''.$aliasinfo{$key}. + '
'; $itemcount++; } } } else { + my %ip_methods = &remoteip_methods(); if ($setdom) { $itemcount ++; $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; my ($nowafstyle,$wafstyle,$curr_remotip,$currwafdisplay,$vpndircheck,$vpnaliascheck, - $currwafvpn,$wafrangestyle); + $currwafvpn,$wafrangestyle,$alltossl,$ssltossl); $wafstyle = ' style="display:none;"'; $nowafstyle = ' style="display:table-row;"'; $currwafdisplay = ' style="display: none"'; $wafrangestyle = ' style="display: none"'; $curr_remotip = 'n'; + $ssltossl = ' checked="checked"'; if ($showdom) { $wafstyle = ' style="display:table-row;"'; $nowafstyle = ' style="display:none;"'; @@ -7440,6 +7444,10 @@ sub print_wafproxy { $currwafdisplay = ' style="display:table-row"'; $wafrangestyle = ' style="display:inline-block;"'; } + if ($values{$dom}{'sslopt'}) { + $alltossl = ' checked="checked"'; + $ssltossl = ''; + } } if (($values{$dom}{'vpnint'} ne '') || ($values{$dom}{'vpnext'} ne '')) { $vpndircheck = ' checked="checked"'; @@ -7462,7 +7470,6 @@ sub print_wafproxy { ''. ''.$lt{'remoteip'}.': '. ''. ''."\n". @@ -7491,24 +7498,39 @@ sub print_wafproxy { $lt{'vpnaliased'}.''; foreach my $item ('vpnint','vpnext') { $datatable .= ''. - ''.$lt{$item}.': '. + ''.$lt{$item}.':
'. ''. ''."\n"; } - $datatable .= ''; + $datatable .= '
'."\n". + ''. + ''.$lt{'sslopt'}.':
'. + ''.(' 'x2). + ''."\n". + ''; } if (keys(%otherdoms)) { foreach my $domain (sort(keys(%otherdoms))) { $itemcount ++; $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; $datatable .= ''. - ''.&mt('Domain: [_1]',$domain).''. + ''.&mt('Domain: [_1]',''.$domain.'').''. ''; - foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { + foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { my $showval = &mt('None'); + if ($item eq 'ssl') { + $showval = $lt{'ssltossl'}; + } if ($values{$domain}{$item}) { $showval = $values{$domain}{$item}; + if ($item eq 'ssl') { + $showval = $lt{'alltossl'}; + } elsif ($item eq 'remoteip') { + $showval = $ip_methods{$values{$domain}{$item}}; + } } $datatable .= ''. ''; @@ -7531,7 +7553,7 @@ sub wafproxy_titles { vpnaliased => 'via aliased hostname (WAF)', vpnint => 'Internal IP Range(s) for VPN sessions', vpnext => 'IP Range(s) for backend WAF connections', - ssloptions => 'Forwarding http/https', + sslopt => 'Forwarding http/https', alltossl => 'WAF forwards both http and https requests to https', ssltossl => 'WAF forwards http requests to http and https to https', ); @@ -19826,7 +19848,7 @@ sub modify_wafproxy { if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { %curralias = %{$domconfig{'wafproxy'}{'alias'}}; } - foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { + foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { $currvalue{$item} = $domconfig{'wafproxy'}{$item}; } } @@ -19862,7 +19884,7 @@ sub modify_wafproxy { vpnint => 'internal IP range(s) for VPN sessions(s)', vpnext => 'IP range(s) for backend WAF connections', ); - foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { + foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { my $possible = $env{'form.wafproxy_'.$item}; $possible =~ s/^\s+|\s+$//g; if ($possible ne '') { @@ -19874,6 +19896,10 @@ sub modify_wafproxy { if ($wafproxy{'remoteip'} eq 'h') { $wafproxy{$item} = $possible; } + } elsif ($item eq 'sslopt') { + if ($possible =~ /^0|1$/) { + $wafproxy{$item} = $possible; + } } else { my (@ok,$count); if (($item eq 'vpnint') || ($item eq 'vpnext')) { @@ -19936,7 +19962,7 @@ sub modify_wafproxy { if ($putresult eq 'ok') { my $cachetime = 24*60*60; my (%domdefaults,$updatedomdefs); - foreach my $item ('ipheader','trusted','vpnint','vpnext') { + foreach my $item ('ipheader','trusted','vpnint','vpnext','sslopt') { if ($changes{$item}) { unless ($updatedomdefs) { %domdefaults = &Apache::lonnet::get_domain_defaults($dom); @@ -19973,7 +19999,7 @@ sub modify_wafproxy { } } $output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'
    '; - foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext') { + foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext','sslopt') { if ($changes{$item}) { if ($item eq 'alias') { my $numaliased = 0; @@ -20037,6 +20063,12 @@ sub modify_wafproxy { } else { $output .= '
  • '.&mt('IP Range(s) for backend WAF connections deleted').'
    • '; } + } elsif ($item eq 'sslopt') { + if ($wafproxy{$item}) { + $output .= '
  • '.&mt('WAF/Reverse Proxy expected to forward requests to https on LON-CAPA node, regardless of original protocol in web browser (http or https).').'
    • '; + } else { + $output .= '
  • '.&mt('WAF/Reverse Proxy expected to preserve original protocol in web browser (either http or https) when forwarding to LON-CAPA node.').'
    • '; + } } } }
'.$lt{$item}.': '.$showval.'