--- loncom/loncapa_apache.conf	2019/08/01 18:46:00	1.215.2.25
+++ loncom/loncapa_apache.conf	2023/12/22 13:38:02	1.285
@@ -2,7 +2,7 @@
 ## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file
 ##
 
-# $Id: loncapa_apache.conf,v 1.215.2.25 2019/08/01 18:46:00 raeburn Exp $
+# $Id: loncapa_apache.conf,v 1.285 2023/12/22 13:38:02 raeburn Exp $
 
 #
 # LON-CAPA Section (extensions to httpd.conf daemon configuration)
@@ -68,7 +68,7 @@ PerlAuthzHandler	'sub { return OK }'
 </LocationMatch>
 
 # Send proper expires header to avoid unnecessary HTTP request for static content
-<LocationMatch "^(/adm/lonIcons|/adm/jQuery|/res/adm/pages|/ckeditor|/adm/jpicker|/adm/countdown|/adm/spellchecker|/adm/nicescroll|/adm/MathJax)">
+<LocationMatch "^(/adm/lonIcons|/adm/jQuery|/res/adm/pages|/ckeditor|/adm/jpicker|/adm/countdown|/adm/spellchecker|/adm/nicescroll|/adm/MathJax|/adm/daxe)">
         ExpiresActive On
         ExpiresDefault "access plus 12 hours"
         Header set Cache-Control "public, no-transform"
@@ -131,6 +131,7 @@ ErrorDocument     500 /adm/errorhandler
 </Location>
 
 <LocationMatch "^/+userfiles.*">
+Options +FollowSymLinks -Includes
 PerlAccessHandler       Apache::lontokacc
 PerlCleanupHandler	Apache::lontokacc::removefile
 PerlCleanupHandler	Apache::lonacc::cleanup
@@ -149,6 +150,10 @@ ErrorDocument     406 /adm/roles
 ErrorDocument	  500 /adm/errorhandler
 </LocationMatch>
 
+<LocationMatch "^/+uploaded/.+/.+/(portfolio|feedback|docs|groups|supplemental)/.+">
+   Options +FollowSymLinks -Includes
+</LocationMatch>
+
 <LocationMatch "^/+editupload.*">
 AuthType LONCAPA
 Require valid-user
@@ -188,6 +193,13 @@ SetHandler perl-script
 PerlHandler Apache::lonsequence
 </LocationMatch>
 
+<LocationMatch "^/+uploaded/.*/.*/docs/.*\.tex$">
+SetHandler perl-script
+PerlHandler Apache::londatecheck
+PerlHandler Apache::lonipcheck
+PerlHandler Apache::lontex
+</LocationMatch>
+
 <LocationMatch "^/+public/.*/syllabus$">
 PerlAccessHandler      Apache::publiccheck
 AuthType LONCAPA
@@ -270,6 +282,31 @@ ErrorDocument     406 /adm/notinit.html
 ErrorDocument	  500 /adm/errorhandler
 </LocationMatch>
 
+<LocationMatch "^/adm/.*/ext\.tool$">
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler        Apache::lonacc
+SetHandler              perl-script
+PerlHandler             Apache::lonslotcheck
+PerlHandler             Apache::londatecheck
+PerlHandler             Apache::lonipcheck
+PerlHandler             Apache::lonexttool
+ErrorDocument     404 /adm/notfound.html
+ErrorDocument     406 /adm/notinit.html
+ErrorDocument     500 /adm/errorhandler
+</LocationMatch>
+
+<LocationMatch "^/adm/placement$">
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler        Apache::lonacc
+SetHandler              perl-script
+PerlHandler             Apache::lonplacementtest
+ErrorDocument     404 /adm/notfound.html
+ErrorDocument     406 /adm/notinit.html
+ErrorDocument     500 /adm/errorhandler
+</LocationMatch>
+
 <Location /adm/exturlcheck>
 AuthType LONCAPA
 Require valid-user
@@ -403,7 +440,7 @@ PerlCleanupHandler Apache::lonindexer::c
 PerlCleanupHandler	Apache::lonacc::cleanup
 </LocationMatch>
 
-<LocationMatch "^/+res.*\.tex$">
+<LocationMatch "^/+res/.*\.tex$">
 SetHandler perl-script
 PerlHandler Apache::lontex
 </LocationMatch>
@@ -457,6 +494,121 @@ SetHandler perl-script
 PerlHandler Apache::lonxml
 </LocationMatch>
 
+<LocationMatch "^/daxepage/priv/">
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::loncacc
+ErrorDocument     403 /adm/login
+ErrorDocument     404 /adm/notfound.html
+ErrorDocument     406 /adm/unauthorized
+ErrorDocument     500 /adm/errorhandler
+</LocationMatch>
+
+<LocationMatch "^/daxeopen/">
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+</LocationMatch>
+
+<LocationMatch "^/daxeopen/priv/[^/]+/[^/]+/">
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::loncacc
+</LocationMatch>
+
+<LocationMatch "^/daxeopen/(res/|$)">
+ErrorDocument     403 /adm/login
+ErrorDocument     404 /adm/notfound.html
+ErrorDocument     406 /adm/roles
+ErrorDocument     500 /adm/errorhandler
+</LocationMatch>
+
+<LocationMatch "^/daxeopen/priv/">
+ErrorDocument     403 /adm/login
+ErrorDocument     404 /adm/notfound.html
+ErrorDocument     406 /adm/unauthorized
+ErrorDocument     500 /adm/errorhandler
+</LocationMatch>
+
+<LocationMatch "^/daxe(page|open)/uploaded/">
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+ErrorDocument     403 /adm/login
+ErrorDocument     404 /adm/notfound.html
+ErrorDocument     406 /adm/roles
+ErrorDocument     500 /adm/errorhandler
+</LocationMatch>
+
+<LocationMatch "^/daxepage/priv/.*\.(task|problem|exam|quiz|assess|survey|library|xml|html|htm|xhtml|xhtm)$">
+SetHandler perl-script
+PerlHandler Apache::daxepage
+</LocationMatch>
+
+<LocationMatch "^/daxepage/uploaded/[^/]+/[^/]+/(docs|supplemental)/.*html?$">
+SetHandler perl-script
+PerlHandler Apache::daxepage
+</LocationMatch>
+
+<LocationMatch "^/daxeopen/priv/.*\.(task|problem|exam|quiz|assess|survey|library|xml|html|htm|xhtml|xhtm)$">
+SetHandler perl-script
+PerlHandler Apache::daxeopen
+</LocationMatch>
+
+<LocationMatch "^/daxeopen/$">
+SetHandler perl-script
+PerlHandler Apache::daxeopen
+</LocationMatch>
+
+<LocationMatch "^/daxeopen/(res|priv|uploaded)/(.+/)?$">
+SetHandler perl-script
+PerlHandler Apache::daxeopen
+</LocationMatch>
+
+<LocationMatch "^/daxeopen/uploaded/[^/]+/[^/]+/(docs|supplemental)/.*html?$">
+SetHandler perl-script
+PerlHandler Apache::daxeopen
+</LocationMatch>
+
+<LocationMatch "(?i)^/daxeopen/priv/.+\.(?!task$|problem$|exam$|quiz$|assess$|survey$|library$|xml$|html$|htm$|xhtml$|xhtm$)[^.]*$">
+<IfModule mod_rewrite.c>
+  RewriteEngine on
+  RewriteRule /daxeopen/(.*) /$1
+</IfModule>
+</LocationMatch>
+
+<LocationMatch "(?i)^/daxeopen/uploaded/.+\.(?!html$|htm$|xhtml$|xhtm$)[^.]*$">
+<IfModule mod_rewrite.c>
+  RewriteEngine on
+  RewriteRule /daxeopen/(.*) /$1
+</IfModule>
+</LocationMatch>
+
+<LocationMatch "(?i)^/daxeopen/(res/.*\.(jpg|jpeg|gif|png|svg))$">
+<IfModule mod_rewrite.c>
+  RewriteEngine on
+  RewriteRule /daxeopen/(.*) /$1
+</IfModule>
+</LocationMatch>
+
+<LocationMatch "^/daxesave$">
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::daxesave
+</LocationMatch>
+
+<Location /adm/coursepub>
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::loncoursepub
+ErrorDocument     404 /adm/notfound.html
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
 <LocationMatch "^/adm/wrapper/">
 AuthType LONCAPA
 Require valid-user
@@ -523,6 +675,16 @@ ErrorDocument     403 /adm/login
 ErrorDocument     500 /adm/errorhandler
 </Location>
 
+<Location /adm/indexcourse>
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lonindexcourse
+ErrorDocument     403 /adm/login
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
 <Location /adm/statistics>
 AuthType LONCAPA
 Require valid-user
@@ -566,12 +728,12 @@ ErrorDocument     403 /adm/login
 ErrorDocument	  500 /adm/errorhandler
 </Location>
 
-<Location /adm/remote>
+<Location /adm/pickresource>
 AuthType LONCAPA
 Require valid-user
 PerlAuthzHandler       Apache::lonacc
 SetHandler perl-script
-PerlHandler Apache::lonremote
+PerlHandler Apache::lonpickresource
 ErrorDocument     403 /adm/login
 ErrorDocument     500 /adm/errorhandler
 </Location>
@@ -638,11 +800,63 @@ ErrorDocument     406 /adm/roles
 ErrorDocument     500 /adm/errorhandler
 </Location>
 
+<Location /adm/courseauthor>
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::loncourseauthor
+ErrorDocument     403 /adm/login
+ErrorDocument     406 /adm/roles
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
+<Location /adm/courseuser>
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::loncourseuser
+ErrorDocument     403 /adm/login
+ErrorDocument     406 /adm/roles
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
 <Location /adm/login>
 SetHandler perl-script
 PerlHandler Apache::lonlogin
 </Location>
 
+<LocationMatch "^/+adm/launch/tiny/[\w.-]+/\w+">
+SetHandler perl-script
+PerlHandler Apache::ltiauth
+</LocationMatch>
+
+<Location /adm/relaunch>
+SetHandler perl-script
+PerlHandler Apache::lonrelaunch
+</Location>
+
+<LocationMatch "^/+adm/lti($|/)">
+SetHandler perl-script
+PerlHandler Apache::ltiauth
+</LocationMatch>
+
+<Location /adm/service/passback>
+SetHandler perl-script
+PerlHandler Apache::ltipassback
+</Location>
+
+<Location /adm/service/roster>
+SetHandler perl-script
+PerlHandler Apache::ltiroster
+</Location>
+
+<LocationMatch "^/adm/service/logout/\w+$">
+SetHandler perl-script
+PerlHandler Apache::ltilogout
+</LocationMatch>
+
 <Location /adm/restrictedaccess>
 PerlAccessHandler      Apache::publiccheck
 AuthType LONCAPA
@@ -663,6 +877,17 @@ PerlHandler Apache::blockedaccess
 ErrorDocument     500 /adm/errorhandler
 </Location>
 
+<Location /adm/protected>
+PerlAccessHandler      Apache::publiccheck
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lonprotected
+ErrorDocument     403 /adm/login
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
 <Location /adm/logout>
 AuthType LONCAPA
 Require valid-user
@@ -695,6 +920,7 @@ PerlHandler Apache::migrateuser
 </Location>
 
 <Location /adm/sso>
+  Header set Cache-Control "private,no-store,no-cache,max-age=0"
   <IfModule mod_shib>
     AuthType shibboleth
     ShibUseEnvironment On
@@ -703,12 +929,25 @@ PerlHandler Apache::migrateuser
     require valid-user
     PerlAuthzHandler       Apache::lonshibacc
     PerlAuthzHandler       Apache::lonacc
+    ErrorDocument     403 /adm/login
+    ErrorDocument     500 /adm/errorhandler
   </IfModule>
   <IfModule !mod_shib>
     PerlTypeHandler        Apache::lonnoshib
   </IfModule>
 </Location>
 
+<Location /adm/linkexit>
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lonlinkexit
+ErrorDocument     403 /adm/login
+ErrorDocument     409 /adm/preferences?action=lockwarning
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
 <Location /adm/annotations>
 AuthType LONCAPA
 Require valid-user
@@ -1270,6 +1509,17 @@ ErrorDocument     403 /adm/login
 ErrorDocument	  500 /adm/errorhandler
 </Location>
 
+<Location /adm/viewcoauthors>
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+SetHandler             perl-script
+PerlHandler            Apache::lonviewcoauthors
+ErrorDocument     403 /adm/login
+ErrorDocument     406 /adm/roles
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
 <Location /adm/communicate>
 AuthType LONCAPA
 Require valid-user
@@ -1336,7 +1586,7 @@ SetHandler perl-script
 PerlHandler Apache::lonwishlistdisplay
 ErrorDocument     403 /adm/login
 ErrorDocument     406 /adm/roles
-ErrorDocument     500 /adm/errorhandler
+ErrorDocument	  500 /adm/errorhandler
 </Location>
 
 <Location /adm/setblock>
@@ -1450,7 +1700,16 @@ SetHandler perl-script
 PerlHandler Apache::spellcheck
 </LocationMatch>
 
-
+<LocationMatch "^/tiny/[\w.-]+/\w+$">
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lontiny
+ErrorDocument     403 /adm/login
+ErrorDocument     406 /adm/roles
+ErrorDocument     500 /adm/errorhandler
+</LocationMatch>
 
 # ------------------------------------------------- Backdoor Adm Tests/Programs
 
@@ -1607,7 +1866,7 @@ Options Indexes FollowSymLinks
 # ******** THESE "SHOULD" NEVER BE ALTERED BY THE USER ************************
 # ====================================== Internal Settings / Perl Configuration
 
-PerlSetVar	 lonVersion   '<!-- VERSION -->'
+PerlSetVar	 lonVersion  '<!-- VERSION -->'
 PerlSetVar       lonIDsDir    /home/httpd/lonIDs
 PerlSetVar       lonBalanceDir /home/httpd/balanceIDs
 PerlSetVar       lonDAVsessDir /home/httpd/webdav/sessionIDs
@@ -1626,6 +1885,8 @@ PerlSetVar       lonIncludes  /home/http
 PerlSetVar       lonZipDir    /home/httpd/zipspool
 PerlSetVar       lonCaptchaDir     /home/httpd/captchaspool
 PerlSetVar       lonCaptchaDb     /home/httpd/captchadb 
+PerlSetVar       lonLTIDir    /home/httpd/lonLTItmp
+PerlSetVar       ltiIDsDir    /home/httpd/ltiIDs
 PerlSetVar       lonFontsDir     /home/httpd/html/adm/fonts
 # & separated list of % separated fields in order of
 # - internal name to call it, 
@@ -1640,7 +1901,7 @@ PerlSetVar       lonBrowsDet  explorer%m
 PerlSetVar       lonTextBrowsers windows\s+ce:lynx
 PerlSetVar       lonScansDir  /home/httpd/scantron
 PerlSetVar       lonScriptTimeout 10
-PerlSetVar	 BugzillaHost	http://bugs.lon-capa.org/
+PerlSetVar	 BugzillaHost	https://bugs.loncapa.org/
 PerlSetVar	 FAQHost	http://help.lon-capa.org/
 # -----------------------------------------------------------------------------
 # NOTE: lonSqlAccess key is the password for the MySQL user
@@ -1680,6 +1941,8 @@ PerlSetVar lonCertificateDirectory /home
 
 PerlSetVar lonnetCertificateAuthority loncapaCA.pem
 PerlSetVar lonnetCertificate          lonhostcert.pem
+PerlSetVar lonnetHostnameCertificate  lonhostnamecert.pem
+PerlSetVar lonnetCertRevocationList   loncapaCAcrl.pem
 
 #
 #  To generate the request for a certificate, and to negotiate the