[LON-CAPA-admin] Re: access problems

Stuart Peter Raeburn raeburn at msu.edu
Wed Mar 31 20:04:26 EST 2004 

Todd, 

The behavior you describe occurs with Internet Explorer running on the 
Windows platform when certain types of Adware or Parasiteware have been 
installed on a user's computer.  The most common varieties of this type of 
adware will cause the user to be redirected automatically to sites such as 
'Perfect Navigator' or 'Internet Optimizer' whenever a web server returns a 
403 HTTP response code. Adware is installed automatically when peer-to-peer 
sharing software such as Kazaa is insalled on a computer. 

LON-CAPA makes extensive use of the Apache web server's ability to use 
custom "Error Documents" whenever particular HTTP response codes are 
generated during processing of the user's request.  Unfortunately, adware 
hijacks the user's web browser, and intercepts the HTTP response code 
included in the HTTP header. Instead of displaying the LON-CAPA 
ErrorDocument page sent by the server (in this case the log-in page), it 
displays a locally generated page (e.g., an internet search page) whenever 
certain HTTP response codes are received by the browser in the HTTP header. 

This behavior occurs for loncapa.mines.edu/adm/roles requests because the 
directives for this location in locapa_apache.conf are: 

<Location /adm/roles>
PerlAccessHandler       Apache::lonacc
SetHandler perl-script
PerlHandler Apache::lonroles
ErrorDocument     403 /adm/login
ErrorDocument     500 /adm/errorhandler
</Location> 

The access handler, lonacc, is called early in the Apache request cycle.  If 
the user has yet to log-in (and therefore has no session ID), then lonacc 
will exit with HTTP_FORBIDDEN (response code 403), which will trigger the 
server to send the /adm/login page, along with an HTTP header containing the 
403 HTTP response code.  The adware intercepts the 403 code and displays the 
local page instead of the login page that was sent from the server. 

A similar thing occurs for loncapa.mines.edu/  because this is translated as 
a request for /home/httpd/html/index.html 

<html>
<head>
 <title>Welcome to the LearningOnline Network with CAPA</title>
 <meta HTTP-EQUIV="Refresh" CONTENT="0.5; url=/adm/roles">
 <meta name="keywords" content="LON-CAPA,lon-capa,LONCAPA,loncapa">
 <meta name="description" content="The LearningOnline Network with CAPA 
(LON-CAPA) Learning Content Management and Assessment System">
</head>
<body bgcolor="#006600" topmargin=0 leftmargin=0 marginwidth=0 
marginheight=0>
 <img src="/adm/lonIcons/header.gif" />
</body>
</html> 

which includes a refresh after 0.5s, and a redirect to 
loncapa.mines.edu/adm/roles 

The solution to use loncapa.mines.edu/adm/login works because the directives 
for this page:
<Location /adm/login>
SetHandler perl-script
PerlHandler Apache::lonlogin
</Location> 

only include the instruction to generate content by running lonlogin.pm.  As 
this code can only generate HTTP responses of OK (response code 200), the 
adware is never triggered and the login page sent by the server is displayed 
in the web browser as expected.  A potential disadvantage of this workaround 
is that, once a user has logged in if other pages visited by the user during 
the course of his/her session generate 403 (or 406?) response codes for 
legitimate reasons, the custom Error Document sent by the server will not be 
displayed, and the user will be bounced to the locally generated page by the 
adware application.  For this reason, the user is probably best advised to 
try to eliminate the adware/parasiteware. 

At MSU the following advice is typically given: 

"There are a number of applications which can be downloaded and run on the 
user's computer to try to eliminate adware and to restore the normal 
functioning of his/her web browser. Examples include: 

Ad-Aware 6.0   - http://www.lavasoft.de
Spybot Search & Destroy - http://www.safer-networking.org
SpywareGuard - http://www.wilderssecurity.net/spywareguard.html 

If a user needs to eliminate parasiteware he/she should download, install, 
update and run these applications. If Kazaa is the origin of the adware, the 
user may also wish to uninstall Kazaa, by using Kazaabegone 
(http://www.spychecker.com/program/kazaagone.html) to remove Kazaa from 
his/her system. As an alternative the user may also wish to consider using a 
different web browser (installing one if necessary), e.g., Mozilla or 
Netscape." 

Stuart 

Stuart Raeburn
MSU LON-CAPA support/development 


Todd Ruskell writes: 

> Hi, 
> 
> Here's an interesting one, at least to me.  I have a student with an
> apparently messed-up IE, but I'm not sure exactly how.  He also has
> kazaa, which I know can cause issues. 
> 
> When going to loncapa.mines.edu, or loncapa.mines.edu/adm/roles, the url
> bar changes to read: res://mshp.dll/http_403.htm
> and the page gives a basic site/page not found message. 
> 
> But, if he goes to loncapa.mines.edu/adm/login, everything works fine. 
> My guess is that there is still some kind of redirect, even going to
> /adm/roles that's not present with /adm/login.  Is that correct? 
> 
> Todd
> -- 
> Dr. Todd Ruskell			
> Lecturer, Department of Physics		Office: Meyer Hall 326
> Colorado School of Mines		Phone: 303-384-2080
> 1523 Illinois Street			Fax: 303-273-3919
> Golden, CO 80401 
> 
> _______________________________________________
> LON-CAPA-admin mailing list
> LON-CAPA-admin at mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin 
>

More information about the LON-CAPA-admin mailing list