Return to lontrans.pm CVS log

Up to [LON-CAPA] / loncom

- Retrieval of requestor's IP address centralized in lonnet::get_requestor_ip()
- Domain configuration to allow domain's LON-CAPA nodes to operate behind a
  WAF/Reverse Proxy using aliased hostname (CNAME).
- Web requests from other nodes bypass the WAF as their requests are made
  directly to the server hostname (A record); same for internal LON-CAPA
  connections for lonc -> lond.

    1: # The LearningOnline Network
    2: # URL translation for User Files
    3: #
    4: # $Id: lontrans.pm,v 1.27 2020/12/18 15:23:04 raeburn Exp $
    5: #
    6: # Copyright Michigan State University Board of Trustees
    7: #
    8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
    9: #
   10: # LON-CAPA is free software; you can redistribute it and/or modify
   11: # it under the terms of the GNU General Public License as published by
   12: # the Free Software Foundation; either version 2 of the License, or
   13: # (at your option) any later version.
   14: #
   15: # LON-CAPA is distributed in the hope that it will be useful,
   16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
   17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   18: # GNU General Public License for more details.
   19: #
   20: # You should have received a copy of the GNU General Public License
   21: # along with LON-CAPA; if not, write to the Free Software
   22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   23: #
   24: # /home/httpd/html/adm/gpl.txt
   25: #
   26: # http://www.lon-capa.org/
   27: #
   28: 
   29: package Apache::lontrans;
   30: 
   31: use strict;
   32: use Apache::Constants qw(:common :remotehost REDIRECT);
   33: use Apache::lonnet;
   34: use Apache::File();
   35: use LONCAPA qw(:DEFAULT :match);
   36: 
   37: sub handler {
   38:     my $r = shift;
   39:     # FIXME line remove when mod_perl fixes BUG#4948
   40:     $r->notes->set('error-notes' => '');
   41:     my $actualhost = $r->headers_in->get('Host');
   42:     if ($r->uri=~m{^/raw/}) {
   43:         if ($actualhost) {
   44:             unless ($host =~ /^internal\-/) {
   45:                 my $remote_ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP,1);
   46:                 my $lonhost = $r->dir_config('lonHostID');
   47:                 if (&redirect_raw($remote_ip,$lonhost)) {
   48:                     my $location = 'https://internal-'.$host.$r->uri;
   49:                     $r->headers_out->set(Location => $location);
   50:                     return REDIRECT;
   51:                 }
   52:             }
   53:         }
   54:     }
   55:     my $alias = &Apache::lonnet::get_proxy_alias();
   56:     if ($alias) {
   57:         my $lonhost = $r->dir_config('lonHostID');
   58:         my $expected_host = &Apache::lonnet::hostname($lonhost);
   59:         if (($actualhost eq $expected_host) && ($actualhost ne $alias)) {
   60:             my $remote_ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP,1);
   61:             unless ($remote_ip eq '127.0.0.1') {
   62:                 my $hostip = &Apache::lonnet::get_host_ip($lonhost);
   63:                 unless ($remote_ip eq $hostip) {
   64:                     my $do_redirect = 1;
   65:                     if ($r->uri=~m{^/raw/}){
   66:                         my %iphost = &Apache::lonnet::get_iphost();
   67:                         if (exists($iphost{$remote_ip})) {
   68:                             undef($do_redirect);
   69:                         }
   70:                     }
   71:                     if ($do_redirect) {
   72:                         my $uri = $r->uri;
   73:                         my $protocol = 'http';
   74:                         my $port = $r->get_server_port();
   75:                         if ($port eq '443') {
   76:                             $protocol = 'https';
   77:                         }
   78:                         $r->header_out(Location => $protocol.'://'.$alias.$uri);
   79:                         return REDIRECT;
   80:                     }
   81:                 }
   82:             }
   83:         }
   84:     }
   85:     if ($r->uri=~m|^(/raw)?/uploaded/|) {
   86:         my $fn = $r->uri();
   87:         $fn=~s/^\/raw//;
   88:         my (undef,undef,$udom,$uname,@ufile)=split(/\//,$fn);
   89: 	if (@ufile) { $ufile[-1]=~s/^[\~\.]+//; }
   90:         my $chome=&Apache::lonnet::homeserver($uname,$udom);
   91: 	my $allowed=0;
   92: 	my @ids=&Apache::lonnet::current_machine_ids();
   93: 	foreach my $id (@ids) { if ($id eq $chome) { $allowed=1; } }
   94: 	if ($allowed) {
   95: 	    $r->filename(&propath($udom,$uname).
   96: 			 '/userfiles/'.(join('/',@ufile)));
   97:         }
   98:         return OK;
   99:     } elsif ($r->uri =~ m{^\Q/adm/wrapper/ext/https:/\E[^/]}) {
  100:         my $uri = $r->uri;
  101:         $uri =~ s{^(\Q/adm/wrapper/ext/https:/\E)}{$1/};
  102:         $r->uri($uri);
  103:     }
  104:     return DECLINED;
  105: }
  106: 
  107: sub redirect_raw {
  108:     my ($remote_ip,$lonhost) = @_;
  109:     my @remhostids = &Apache::lonnet::get_hosts_from_ip($remote_ip);
  110:     my $redirect;
  111:     while (@remhostids) {
  112:         my $try_server = pop(@remhostids);
  113:         my $remhostname = &Apache::lonnet::hostname($try_server);
  114:         if ($remhostname) {
  115:             my $remoterev = &Apache::lonnet::get_server_loncaparev(undef,$try_server);
  116:             my ($remmajor,$remminor) = ($remoterev =~ /^(\d+)\.(\d+)/);
  117:             if (($remmajor > 2) || (($remmajor == 2) && $remminor >= 12)) {
  118:                 my $internet_names = &Apache::lonnet::get_internet_names($try_server);
  119:                 if (ref($internet_names) eq 'ARRAY') {
  120:                     my $intdom = &Apache::lonnet::internet_dom($lonhost);
  121:                     unless (grep(/^\Q$intdom\E$/,@{$internet_names})) {
  122:                         my $lonhostname = &Apache::lonnet::hostname($lonhost);
  123:                         my $serverhomeID = &Apache::lonnet::get_server_homeID($lonhostname);
  124:                         my $serverhomedom = &Apache::lonnet::host_domain($serverhomeID);
  125:                         my %domdefaults = &Apache::lonnet::get_domain_defaults($serverhomedom);
  126:                         my $replication = $domdefaults{'replication'};
  127:                         if (ref($replication) eq 'HASH') {
  128:                             my $remhomeID = &Apache::lonnet::get_server_homeID($remhostname);
  129:                             my $remhomedom = &Apache::lonnet::host_domain($remhomeID);
  130:                             my $remprimary = &Apache::lonnet::domain($remhomedom,'primary');
  131:                             my $remintdom = &Apache::lonnet::internet_dom($remprimary);
  132:                             if (ref($replication->{'certreq'}) eq 'ARRAY') {
  133:                                 if (grep(/^\Q$remintdom\E$/,@{$replication->{'certreq'}})) {
  134:                                     $redirect = 0;
  135:                                 } else {
  136:                                     $redirect = 1;
  137:                                 }
  138:                             }
  139:                             if (ref($replication->{'nocertreq'}) eq 'ARRAY') {
  140:                                 if (grep(/^\Q$remintdom\E$/,@{$replication->{'nocertreq'}})) {
  141:                                     $redirect = 1;
  142:                                 } else {
  143:                                     $redirect = 0;
  144:                                 }
  145:                             }
  146:                         }
  147:                     }
  148:                 }
  149:             }
  150:             last;
  151:         }
  152:     }
  153:     return $redirect;
  154: }
  155: 
  156: 1;
  157: __END__
  158: