--- loncom/loncapa_apache.conf	2016/04/02 04:30:29	1.244
+++ loncom/loncapa_apache.conf	2020/09/10 20:52:17	1.271
@@ -2,7 +2,7 @@
 ## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file
 ##
 
-# $Id: loncapa_apache.conf,v 1.244 2016/04/02 04:30:29 raeburn Exp $
+# $Id: loncapa_apache.conf,v 1.271 2020/09/10 20:52:17 raeburn Exp $
 
 #
 # LON-CAPA Section (extensions to httpd.conf daemon configuration)
@@ -131,6 +131,7 @@ ErrorDocument     500 /adm/errorhandler
 </Location>
 
 <LocationMatch "^/+userfiles.*">
+Options +FollowSymLinks -Includes
 PerlAccessHandler       Apache::lontokacc
 PerlCleanupHandler	Apache::lontokacc::removefile
 PerlCleanupHandler	Apache::lonacc::cleanup
@@ -270,7 +271,7 @@ ErrorDocument     406 /adm/notinit.html
 ErrorDocument	  500 /adm/errorhandler
 </LocationMatch>
 
-<LocationMatch "^/adm/.*/exttools?$">
+<LocationMatch "^/adm/.*/ext\.tool$">
 AuthType LONCAPA
 Require valid-user
 PerlAuthzHandler        Apache::lonacc
@@ -294,6 +295,18 @@ ErrorDocument     406 /adm/notinit.html
 ErrorDocument     500 /adm/errorhandler
 </LocationMatch>
 
+<Location /adm/exturlcheck>
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler  Apache::lonacc
+SetHandler        perl-script
+PerlHandler       Apache::lonexturlcheck
+ErrorDocument     403 /adm/login
+ErrorDocument     404 /adm/notfound.html
+ErrorDocument     406 /adm/unauthorized
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
 <LocationMatch "^/+priv/.*">
 AuthType LONCAPA
 Require valid-user
@@ -469,7 +482,7 @@ SetHandler perl-script
 PerlHandler Apache::lonxml
 </LocationMatch>
 
-<LocationMatch "^/daxe(page|open)/priv/">
+<LocationMatch "^/daxepage/priv/">
 AuthType LONCAPA
 Require valid-user
 PerlAuthzHandler       Apache::loncacc
@@ -479,6 +492,12 @@ ErrorDocument     406 /adm/unauthorized
 ErrorDocument     500 /adm/errorhandler
 </LocationMatch>
 
+<LocationMatch "^/daxeopen/">
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+</LocationMatch>
+
 <LocationMatch "^/daxe(page|open)/uploaded/">
 AuthType LONCAPA
 Require valid-user
@@ -504,7 +523,12 @@ SetHandler perl-script
 PerlHandler Apache::daxeopen
 </LocationMatch>
 
-<LocationMatch "^/daxeopen/priv/.*/$">
+<LocationMatch "^/daxeopen/$">
+SetHandler perl-script
+PerlHandler Apache::daxeopen
+</LocationMatch>
+
+<LocationMatch "^/daxeopen/(res|priv)/(.+/)?$">
 SetHandler perl-script
 PerlHandler Apache::daxeopen
 </LocationMatch>
@@ -514,10 +538,19 @@ SetHandler perl-script
 PerlHandler Apache::daxeopen
 </LocationMatch>
 
+<LocationMatch "(?i)^/daxeopen/priv/.+\.(?!task$|problem$|exam$|quiz$|assess$|survey$|library$|xml$|html$|htm$|xhtml$|xhtm$)[^.]*$">
 <IfModule mod_rewrite.c>
   RewriteEngine on
-  RewriteRule ^/daxeopen/(.*) /$1
+  RewriteRule /daxeopen/(.*) /$1
 </IfModule>
+</LocationMatch>
+
+<LocationMatch "(?i)^/daxeopen/(res/.*\.(jpg|jpeg|gif|png|svg))$">
+<IfModule mod_rewrite.c>
+  RewriteEngine on
+  RewriteRule /daxeopen/(.*) /$1
+</IfModule>
+</LocationMatch>
 
 <LocationMatch "^/daxesave$">
 AuthType LONCAPA
@@ -527,6 +560,16 @@ SetHandler perl-script
 PerlHandler Apache::daxesave
 </LocationMatch>
 
+<Location /adm/coursepub>
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::loncoursepub
+ErrorDocument     404 /adm/notfound.html
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
 <LocationMatch "^/adm/wrapper/">
 AuthType LONCAPA
 Require valid-user
@@ -723,6 +766,26 @@ SetHandler perl-script
 PerlHandler Apache::lonlogin
 </Location>
 
+<LocationMatch "^/+adm/lti($|/)">
+SetHandler perl-script
+PerlHandler Apache::ltiauth
+</LocationMatch>
+
+<Location /adm/service/passback>
+SetHandler perl-script
+PerlHandler Apache::ltipassback
+</Location>
+
+<Location /adm/service/roster>
+SetHandler perl-script
+PerlHandler Apache::ltiroster
+</Location>
+
+<LocationMatch "^/adm/service/logout/\w+$">
+SetHandler perl-script
+PerlHandler Apache::ltilogout
+</LocationMatch>
+
 <Location /adm/restrictedaccess>
 PerlAccessHandler      Apache::publiccheck
 AuthType LONCAPA
@@ -743,6 +806,17 @@ PerlHandler Apache::blockedaccess
 ErrorDocument     500 /adm/errorhandler
 </Location>
 
+<Location /adm/protected>
+PerlAccessHandler      Apache::publiccheck
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lonprotected
+ErrorDocument     403 /adm/login
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
 <Location /adm/logout>
 AuthType LONCAPA
 Require valid-user
@@ -799,6 +873,16 @@ ErrorDocument     403 /adm/login
 ErrorDocument	  500 /adm/errorhandler
 </Location>
 
+<Location /adm/annotation>
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::admannotations
+ErrorDocument     403 /adm/login
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
 <Location /adm/spellcheck>
 AuthType LONCAPA
 Require valid-user
@@ -1394,6 +1478,7 @@ PerlHandler Apache::groupsort
 PerlCleanupHandler Apache::groupsort::cleanup
 PerlCleanupHandler	Apache::lonacc::cleanup
 ErrorDocument     403 /adm/login
+ErrorDocument     406 /adm/roles
 ErrorDocument	  500 /adm/errorhandler
 </Location>
 
@@ -1428,6 +1513,17 @@ SetHandler             perl-script
 PerlHandler            Apache::lonblockingstatus
 </Location>
 
+<Location /adm/accesstimes>
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+SetHandler             perl-script
+PerlHandler            Apache::lonaccesstimes
+ErrorDocument     403 /adm/login
+ErrorDocument     406 /adm/roles
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
 <Location /adm/errorhandler>
 SetHandler perl-script
 PerlHandler Apache::lonerrorhandler
@@ -1508,7 +1604,16 @@ SetHandler perl-script
 PerlHandler Apache::spellcheck
 </LocationMatch>
 
-
+<LocationMatch "^/tiny/[\w.-]+/\w+$">
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lontiny
+ErrorDocument     403 /adm/login
+ErrorDocument     406 /adm/roles
+ErrorDocument     500 /adm/errorhandler
+</LocationMatch>
 
 # ------------------------------------------------- Backdoor Adm Tests/Programs
 
@@ -1544,7 +1649,7 @@ AllowOverride None
 # Allow uploaded files to be served
 
 <Directory "/home/httpd/lonUsers">
-Options Includes FollowSymLinks
+Options FollowSymLinks
 AllowOverride None
 <IfModule mod_authz_core.c>
   Require all granted
@@ -1555,24 +1660,10 @@ AllowOverride None
 </IfModule>
 </Directory>
  
-# Allow construction space files to be served
-
-<Directory "/home/*/public_html/" >
-Options Includes FollowSymLinks
-AllowOverride
-<IfModule mod_authz_core.c>
-  Require all granted
-</IfModule>
-<IfModule !mod_authz_core.c>
-  order allow,deny
-  allow from all
-</IfModule>
-</Directory>
-
 # Yes to symbolic links and server-side includes
 
 <Directory /home/httpd/html>
-Options Includes FollowSymLinks
+Options FollowSymLinks
 AllowOverride None
 <IfModule mod_authz_core.c>
   Require all granted
@@ -1600,7 +1691,7 @@ Options ExecCGI FollowSymLinks
 # Allow serving of files in prtspool
 
 <Directory "/home/httpd/prtspool/">
-Options Includes FollowSymLinks
+Options FollowSymLinks
 AllowOverride None
 <IfModule mod_authz_core.c>
   Require all granted
@@ -1614,7 +1705,7 @@ AllowOverride None
 # Allow serving of files in zipspool
 
 <Directory "/home/httpd/zipspool/">
-Options Includes FollowSymLinks
+Options FollowSymLinks
 AllowOverride None
 <IfModule mod_authz_core.c>
   Require all granted
@@ -1628,7 +1719,7 @@ AllowOverride None
 # Allow serving of files in captchaspool
 
 <Directory "/home/httpd/captchaspool/">
-Options Includes FollowSymLinks
+Options FollowSymLinks
 AllowOverride None
 <IfModule mod_authz_core.c>
   Require all granted
@@ -1647,6 +1738,10 @@ AllowOverride None
    DirectoryIndex disabled
 </DirectoryMatch>
 
+<DirectoryMatch "^/home/httpd/lonUsers/*">
+   Options +FollowSymLinks -Includes
+</DirectoryMatch>
+
 # ============================================================= Access Handlers
 
 # ------------------------------------------------- Allow server-status reports
@@ -1681,6 +1776,7 @@ Options Indexes FollowSymLinks
 
 PerlSetVar	 lonVersion  '<!-- VERSION -->'
 PerlSetVar       lonIDsDir    /home/httpd/lonIDs
+PerlSetVar       lonBalanceDir /home/httpd/balanceIDs
 PerlSetVar       lonDAVsessDir /home/httpd/webdav/sessionIDs
 PerlSetVar       lonTabDir    /home/httpd/lonTabs
 PerlSetVar       lonUsersDir  /home/httpd/lonUsers
@@ -1697,6 +1793,8 @@ PerlSetVar       lonIncludes  /home/http
 PerlSetVar       lonZipDir    /home/httpd/zipspool
 PerlSetVar       lonCaptchaDir     /home/httpd/captchaspool
 PerlSetVar       lonCaptchaDb     /home/httpd/captchadb 
+PerlSetVar       lonLTIDir    /home/httpd/lonLTItmp
+PerlSetVar       ltiIDsDir    /home/httpd/ltiIDs
 PerlSetVar       lonFontsDir     /home/httpd/html/adm/fonts
 # & separated list of % separated fields in order of
 # - internal name to call it, 
@@ -1711,7 +1809,7 @@ PerlSetVar       lonBrowsDet  explorer%m
 PerlSetVar       lonTextBrowsers windows\s+ce:lynx
 PerlSetVar       lonScansDir  /home/httpd/scantron
 PerlSetVar       lonScriptTimeout 10
-PerlSetVar	 BugzillaHost	http://bugs.lon-capa.org/
+PerlSetVar	 BugzillaHost	https://bugs.loncapa.org/
 PerlSetVar	 FAQHost	http://help.lon-capa.org/
 # -----------------------------------------------------------------------------
 # NOTE: lonSqlAccess key is the password for the MySQL user
@@ -1751,6 +1849,8 @@ PerlSetVar lonCertificateDirectory /home
 
 PerlSetVar lonnetCertificateAuthority loncapaCA.pem
 PerlSetVar lonnetCertificate          lonhostcert.pem
+PerlSetVar lonnetHostnameCertificate  lonhostnamecert.pem
+PerlSetVar lonnetCertRevocationList   loncapaCAcrl.pem
 
 #
 #  To generate the request for a certificate, and to negotiate the