--- loncom/interface/domainprefs.pm 2021/04/18 02:08:46 1.381
+++ loncom/interface/domainprefs.pm 2021/08/01 19:28:10 1.384
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to set domain-wide configuration settings
#
-# $Id: domainprefs.pm,v 1.381 2021/04/18 02:08:46 raeburn Exp $
+# $Id: domainprefs.pm,v 1.384 2021/08/01 19:28:10 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -223,7 +223,7 @@ sub handler {
'ltitools','ssl','trust','lti','privacy','passwords',
'proctoring','wafproxy'],$dom);
my %encconfig =
- &Apache::lonnet::get_dom('encconfig',['ltitools','lti','proctoring'],$dom);
+ &Apache::lonnet::get_dom('encconfig',['ltitools','lti','proctoring'],$dom,undef,1);
if (ref($domconfig{'ltitools'}) eq 'HASH') {
if (ref($encconfig{'ltitools'}) eq 'HASH') {
foreach my $id (keys(%{$domconfig{'ltitools'}})) {
@@ -7337,12 +7337,10 @@ sub print_wafproxy {
foreach my $domain (keys(%otherdoms)) {
%{$values{$domain}} = ();
my %config = &Apache::lonnet::get_dom('configuration',['wafproxy'],$domain);
- if (ref($config{$domain}) eq 'HASH') {
- if (ref($config{$domain}{'wafproxy'}) eq 'HASH') {
- $aliases{$domain} = $config{$domain}{'wafproxy'}{'alias'};
- foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') {
- $values{$domain}{$item} = $config{$domain}{'wafproxy'}{$item};
- }
+ if (ref($config{'wafproxy'}) eq 'HASH') {
+ $aliases{$domain} = $config{'wafproxy'}{'alias'};
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') {
+ $values{$domain}{$item} = $config{'wafproxy'}{$item};
}
}
}
@@ -7354,22 +7352,25 @@ sub print_wafproxy {
$itemcount ++;
my $dom_in_effect;
my $aliasrows = '
'.
- ''.&mt('Hostname').': '.
- &Apache::lonnet::hostname($server).' | ';
+ ''.
+ &mt('Hostname').': '.
+ ''.&Apache::lonnet::hostname($server).' | | ';
if ($othercontrol{$server}) {
$dom_in_effect = $othercontrol{$server};
my $current;
- if (ref($aliases{$othercontrol{$server}}) eq 'HASH') {
- $current = $aliases{$othercontrol{$server}{$server}};
+ if (ref($aliases{$dom_in_effect}) eq 'HASH') {
+ $current = $aliases{$dom_in_effect}{$server};
}
+ $aliasrows .= ''.
+ &mt('Alias').': ';
if ($current) {
$aliasrows .= $current;
} else {
- $aliasrows .= &mt('None in effect');
+ $aliasrows .= &mt('None');
}
- $aliasrows .= ' | ('.
- &mt('WAF/Reverse Proxy controlled by domain: [_1]',
- ''.$othercontrol{$server}.'').' | ';
+ $aliasrows .= ' ('.
+ &mt('controlled by domain: [_1]',
+ ''.$dom_in_effect.'').')';
} else {
$dom_in_effect = $dom;
my $current;
@@ -7378,7 +7379,8 @@ sub print_wafproxy {
$current = $aliases{$dom}{$server};
}
}
- $aliasrows .= ''.&mt('WAF/Reverse Proxy Alias').': '.
+ $aliasrows .= ' | '.
+ &mt('Alias').': '.
' | ';
}
@@ -7408,27 +7410,29 @@ sub print_wafproxy {
'
';
$itemcount++;
}
- if (keys(%othercontrol)) {
- foreach my $key (sort(keys(%othercontrol))) {
+ if (keys(%otherdoms)) {
+ foreach my $key (sort(keys(%otherdoms))) {
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
- $datatable = ''.
- ''.&mt('Domain: [_1]',''.$key.'').' | '.
- ' |
';
+ $datatable .= ''.
+ ''.&mt('Domain: [_1]',''.$key.'').' | '.
+ ' |
';
$itemcount++;
}
}
} else {
+ my %ip_methods = &remoteip_methods();
if ($setdom) {
$itemcount ++;
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
my ($nowafstyle,$wafstyle,$curr_remotip,$currwafdisplay,$vpndircheck,$vpnaliascheck,
- $currwafvpn,$wafrangestyle);
+ $currwafvpn,$wafrangestyle,$alltossl,$ssltossl);
$wafstyle = ' style="display:none;"';
$nowafstyle = ' style="display:table-row;"';
$currwafdisplay = ' style="display: none"';
$wafrangestyle = ' style="display: none"';
$curr_remotip = 'n';
+ $ssltossl = ' checked="checked"';
if ($showdom) {
$wafstyle = ' style="display:table-row;"';
$nowafstyle = ' style="display:none;"';
@@ -7440,6 +7444,10 @@ sub print_wafproxy {
$currwafdisplay = ' style="display:table-row"';
$wafrangestyle = ' style="display:inline-block;"';
}
+ if ($values{$dom}{'sslopt'}) {
+ $alltossl = ' checked="checked"';
+ $ssltossl = '';
+ }
}
if (($values{$dom}{'vpnint'} ne '') || ($values{$dom}{'vpnext'} ne '')) {
$vpndircheck = ' checked="checked"';
@@ -7462,7 +7470,6 @@ sub print_wafproxy {
''.
''.$lt{'remoteip'}.': '.
' |
'."\n".
''.
- $lt{'trusted'}.': '.
+ $lt{'trusted'}.': '.
''.
' |
'."\n".
@@ -7491,24 +7498,39 @@ sub print_wafproxy {
$lt{'vpnaliased'}.'';
foreach my $item ('vpnint','vpnext') {
$datatable .= ''.
- ''.$lt{$item}.': '.
+ ' | '.$lt{$item}.': '.
''.
' |
'."\n";
}
- $datatable .= '';
+ $datatable .= '
|
'."\n".
+ ''.
+ ''.$lt{'sslopt'}.': '.
+ ''.(' 'x2).
+ ' |
'."\n".
+ '';
}
if (keys(%otherdoms)) {
foreach my $domain (sort(keys(%otherdoms))) {
$itemcount ++;
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
$datatable .= ''.
- ''.&mt('Domain: [_1]',$domain).' | '.
+ ''.&mt('Domain: [_1]',''.$domain.'').' | '.
'';
- foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') {
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
my $showval = &mt('None');
+ if ($item eq 'ssl') {
+ $showval = $lt{'ssltossl'};
+ }
if ($values{$domain}{$item}) {
$showval = $values{$domain}{$item};
+ if ($item eq 'ssl') {
+ $showval = $lt{'alltossl'};
+ } elsif ($item eq 'remoteip') {
+ $showval = $ip_methods{$values{$domain}{$item}};
+ }
}
$datatable .= ''.
''.$lt{$item}.': '.$showval.' | ';
@@ -7531,7 +7553,7 @@ sub wafproxy_titles {
vpnaliased => 'via aliased hostname (WAF)',
vpnint => 'Internal IP Range(s) for VPN sessions',
vpnext => 'IP Range(s) for backend WAF connections',
- ssloptions => 'Forwarding http/https',
+ sslopt => 'Forwarding http/https',
alltossl => 'WAF forwards both http and https requests to https',
ssltossl => 'WAF forwards http requests to http and https to https',
);
@@ -13505,7 +13527,7 @@ sub modify_ltitools {
my %ltienchash = (
$action => { %encconfig }
);
- &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom);
+ &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom,undef,1);
if (keys(%changes) > 0) {
my $cachetime = 24*60*60;
my %ltiall = %confhash;
@@ -14079,7 +14101,7 @@ sub modify_proctoring {
my %proc_enchash = (
$action => { %encconfhash }
);
- &Apache::lonnet::put_dom('encconfig',\%proc_enchash,$dom);
+ &Apache::lonnet::put_dom('encconfig',\%proc_enchash,$dom,undef,1);
if (keys(%changes) > 0) {
my $cachetime = 24*60*60;
my %procall = %confhash;
@@ -14571,7 +14593,7 @@ sub modify_lti {
my %ltienchash = (
$action => { %encconfig }
);
- &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom);
+ &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom,undef,1);
if (keys(%changes) > 0) {
my $cachetime = 24*60*60;
my %ltiall = %confhash;
@@ -19826,7 +19848,7 @@ sub modify_wafproxy {
if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') {
%curralias = %{$domconfig{'wafproxy'}{'alias'}};
}
- foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') {
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
$currvalue{$item} = $domconfig{'wafproxy'}{$item};
}
}
@@ -19862,7 +19884,7 @@ sub modify_wafproxy {
vpnint => 'internal IP range(s) for VPN sessions(s)',
vpnext => 'IP range(s) for backend WAF connections',
);
- foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') {
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
my $possible = $env{'form.wafproxy_'.$item};
$possible =~ s/^\s+|\s+$//g;
if ($possible ne '') {
@@ -19874,6 +19896,10 @@ sub modify_wafproxy {
if ($wafproxy{'remoteip'} eq 'h') {
$wafproxy{$item} = $possible;
}
+ } elsif ($item eq 'sslopt') {
+ if ($possible =~ /^0|1$/) {
+ $wafproxy{$item} = $possible;
+ }
} else {
my (@ok,$count);
if (($item eq 'vpnint') || ($item eq 'vpnext')) {
@@ -19936,7 +19962,7 @@ sub modify_wafproxy {
if ($putresult eq 'ok') {
my $cachetime = 24*60*60;
my (%domdefaults,$updatedomdefs);
- foreach my $item ('ipheader','trusted','vpnint','vpnext') {
+ foreach my $item ('ipheader','trusted','vpnint','vpnext','sslopt') {
if ($changes{$item}) {
unless ($updatedomdefs) {
%domdefaults = &Apache::lonnet::get_domain_defaults($dom);
@@ -19973,7 +19999,7 @@ sub modify_wafproxy {
}
}
$output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'';
- foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext') {
+ foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
if ($changes{$item}) {
if ($item eq 'alias') {
my $numaliased = 0;
@@ -20037,6 +20063,12 @@ sub modify_wafproxy {
} else {
$output .= '- '.&mt('IP Range(s) for backend WAF connections deleted').'
';
}
+ } elsif ($item eq 'sslopt') {
+ if ($wafproxy{$item}) {
+ $output .= '- '.&mt('WAF/Reverse Proxy expected to forward requests to https on LON-CAPA node, regardless of original protocol in web browser (http or https).').'
';
+ } else {
+ $output .= '- '.&mt('WAF/Reverse Proxy expected to preserve original protocol in web browser (either http or https) when forwarding to LON-CAPA node.').'
';
+ }
}
}
}
|