[LON-CAPA-cvs] cvs: loncom / lontrans.pm
raeburn
raeburn at source.lon-capa.org
Wed Dec 23 17:03:42 EST 2020
raeburn Wed Dec 23 22:03:42 2020 EDT
Modified files:
/loncom lontrans.pm
Log:
- Bug 6914. Support selective use of WAF/Reverse Proxy, e.g., VPN users
connect directly (no WAF), whereas non-VPN users must connect via WAF.
Index: loncom/lontrans.pm
diff -u loncom/lontrans.pm:1.27 loncom/lontrans.pm:1.28
--- loncom/lontrans.pm:1.27 Fri Dec 18 15:23:04 2020
+++ loncom/lontrans.pm Wed Dec 23 22:03:42 2020
@@ -1,7 +1,7 @@
# The LearningOnline Network
# URL translation for User Files
#
-# $Id: lontrans.pm,v 1.27 2020/12/18 15:23:04 raeburn Exp $
+# $Id: lontrans.pm,v 1.28 2020/12/23 22:03:42 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -38,14 +38,14 @@
my $r = shift;
# FIXME line remove when mod_perl fixes BUG#4948
$r->notes->set('error-notes' => '');
- my $actualhost = $r->headers_in->get('Host');
+ my $hdrhost = $r->headers_in->get('Host');
if ($r->uri=~m{^/raw/}) {
- if ($actualhost) {
- unless ($host =~ /^internal\-/) {
+ if ($hdrhost) {
+ unless ($hdrhost =~ /^internal\-/) {
my $remote_ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP,1);
my $lonhost = $r->dir_config('lonHostID');
if (&redirect_raw($remote_ip,$lonhost)) {
- my $location = 'https://internal-'.$host.$r->uri;
+ my $location = 'https://internal-'.$hdrhost.$r->uri;
$r->headers_out->set(Location => $location);
return REDIRECT;
}
@@ -55,31 +55,49 @@
my $alias = &Apache::lonnet::get_proxy_alias();
if ($alias) {
my $lonhost = $r->dir_config('lonHostID');
- my $expected_host = &Apache::lonnet::hostname($lonhost);
- if (($actualhost eq $expected_host) && ($actualhost ne $alias)) {
- my $remote_ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP,1);
- unless ($remote_ip eq '127.0.0.1') {
- my $hostip = &Apache::lonnet::get_host_ip($lonhost);
- unless ($remote_ip eq $hostip) {
- my $do_redirect = 1;
+ my $hostname = &Apache::lonnet::hostname($lonhost);
+ if (($hdrhost eq $alias) || ($hdrhost eq $hostname)) {
+ my $proxyinfo = &Apache::lonnet::get_proxy_settings($r->dir_config('lonDefDomain'));
+ my ($vpnpriv,$vpnnat);
+ if (ref($proxyinfo) eq 'HASH') {
+ $vpnpriv = $proxyinfo->{'exempt'};
+ $vpnnat = '35.12.16.96-35.12.16.111';
+ }
+ my $redirect;
+ if ($hdrhost eq $alias) {
+ my $remote_ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP);
+ if ($vpnnat && &Apache::lonnet::ip_match($remote_ip,$vpnnat)) {
+ $redirect = $hostname;
+ if ($redirect eq $hdrhost) {
+ undef($redirect);
+ }
+ }
+ } elsif ($hdrhost eq $hostname) {
+ my $remote_ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP,1);
+ unless (($remote_ip eq '127.0.0.1') ||
+ ($remote_ip eq &Apache::lonnet::get_host_ip($lonhost)) ||
+ ($vpnpriv && &Apache::lonnet::ip_match($remote_ip,$vpnpriv))) {
+ $redirect = $alias;
if ($r->uri=~m{^/raw/}){
my %iphost = &Apache::lonnet::get_iphost();
if (exists($iphost{$remote_ip})) {
- undef($do_redirect);
+ undef($redirect);
}
}
- if ($do_redirect) {
- my $uri = $r->uri;
- my $protocol = 'http';
- my $port = $r->get_server_port();
- if ($port eq '443') {
- $protocol = 'https';
- }
- $r->header_out(Location => $protocol.'://'.$alias.$uri);
- return REDIRECT;
- }
}
}
+ if ($redirect) {
+ my $uri = $r->uri;
+ my $protocol = 'http';
+ my $port = $r->get_server_port();
+ if ($port eq '443') {
+ $protocol = 'https';
+ }
+# FIXME should check if logged in, and if so use switchserver/migrateuser approach,
+# possibly moved to Access Handler?
+ $r->header_out(Location => $protocol.'://'.$redirect.$uri);
+ return REDIRECT;
+ }
}
}
if ($r->uri=~m|^(/raw)?/uploaded/|) {
More information about the LON-CAPA-cvs
mailing list