--- loncom/lontrans.pm	2019/01/20 02:42:35	1.25
+++ loncom/lontrans.pm	2020/12/18 15:23:04	1.27
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # URL translation for User Files
 #
-# $Id: lontrans.pm,v 1.25 2019/01/20 02:42:35 raeburn Exp $
+# $Id: lontrans.pm,v 1.27 2020/12/18 15:23:04 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -38,11 +38,11 @@ sub handler {
     my $r = shift;
     # FIXME line remove when mod_perl fixes BUG#4948
     $r->notes->set('error-notes' => '');
+    my $actualhost = $r->headers_in->get('Host');
     if ($r->uri=~m{^/raw/}) {
-        my $host = $r->headers_in->get('Host');
-        if ($host) {
+        if ($actualhost) {
             unless ($host =~ /^internal\-/) {
-                my $remote_ip = $r->get_remote_host();
+                my $remote_ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP,1);
                 my $lonhost = $r->dir_config('lonHostID');
                 if (&redirect_raw($remote_ip,$lonhost)) {
                     my $location = 'https://internal-'.$host.$r->uri;
@@ -52,6 +52,36 @@ sub handler {
             }
         }
     }
+    my $alias = &Apache::lonnet::get_proxy_alias();
+    if ($alias) {
+        my $lonhost = $r->dir_config('lonHostID');
+        my $expected_host = &Apache::lonnet::hostname($lonhost);
+        if (($actualhost eq $expected_host) && ($actualhost ne $alias)) {
+            my $remote_ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP,1);
+            unless ($remote_ip eq '127.0.0.1') {
+                my $hostip = &Apache::lonnet::get_host_ip($lonhost);
+                unless ($remote_ip eq $hostip) {
+                    my $do_redirect = 1;
+                    if ($r->uri=~m{^/raw/}){
+                        my %iphost = &Apache::lonnet::get_iphost();
+                        if (exists($iphost{$remote_ip})) {
+                            undef($do_redirect);
+                        }
+                    }
+                    if ($do_redirect) {
+                        my $uri = $r->uri;
+                        my $protocol = 'http';
+                        my $port = $r->get_server_port();
+                        if ($port eq '443') {
+                            $protocol = 'https';
+                        }
+                        $r->header_out(Location => $protocol.'://'.$alias.$uri);
+                        return REDIRECT;
+                    }
+                }
+            }
+        }
+    }
     if ($r->uri=~m|^(/raw)?/uploaded/|) {
         my $fn = $r->uri();
         $fn=~s/^\/raw//;
@@ -66,9 +96,12 @@ sub handler {
 			 '/userfiles/'.(join('/',@ufile)));
         }
         return OK;
-    } else {
-        return DECLINED;
+    } elsif ($r->uri =~ m{^\Q/adm/wrapper/ext/https:/\E[^/]}) {
+        my $uri = $r->uri;
+        $uri =~ s{^(\Q/adm/wrapper/ext/https:/\E)}{$1/};
+        $r->uri($uri);
     }
+    return DECLINED;
 }
 
 sub redirect_raw {