[LON-CAPA-cvs] cvs: loncom / lontrans.pm

raeburn raeburn at source.lon-capa.org
Sun Aug 8 16:51:33 EDT 2021


raeburn		Sun Aug  8 20:51:33 2021 EDT

  Modified files:              
    /loncom	lontrans.pm 
  Log:
  - Bug 6914. Running LON-CAPA behind web application firewall/reverse proxy (WAF)
    - Requests for /adm/lti/* and /adm/launch/* should not be redirected to an
      alias (if in use).
    - Requests for /adm/dns/* from other nodes in the network do not require
      to an alias (if in use).
  
  
Index: loncom/lontrans.pm
diff -u loncom/lontrans.pm:1.33 loncom/lontrans.pm:1.34
--- loncom/lontrans.pm:1.33	Sat Jul 17 21:48:27 2021
+++ loncom/lontrans.pm	Sun Aug  8 20:51:33 2021
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # URL translation for User Files
 #
-# $Id: lontrans.pm,v 1.33 2021/07/17 21:48:27 raeburn Exp $
+# $Id: lontrans.pm,v 1.34 2021/08/08 20:51:33 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -67,7 +67,8 @@
             my ($redirect,$remote_ip);
             if ($hdrhost eq $alias) {
                 $remote_ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP);
-                if ($vpnext && &Apache::lonnet::ip_match($remote_ip,$vpnext)) {
+                if (($vpnext && &Apache::lonnet::ip_match($remote_ip,$vpnext)) &&
+                    ($r->uri !~ m{^/adm/(lti|launch)/})) {
                     $redirect = $hostname;
                     if ($redirect eq $hdrhost) {
                         undef($redirect);
@@ -77,9 +78,10 @@
                 $remote_ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP,1);
                 unless (($remote_ip eq '127.0.0.1') || ($remote_ip eq '::1') ||
                         ($remote_ip eq &Apache::lonnet::get_host_ip($lonhost)) ||
+                        ($r->uri=~m{^/adm/(lti|launch)/}) ||
                         ($vpnint && &Apache::lonnet::ip_match($remote_ip,$vpnint))) {
                     $redirect = $alias;
-                    if (($r->uri=~m{^/raw/}) || ($r->uri=~m{^/adm/dns/(hosts|domain)$})) {
+                    if (($r->uri=~m{^/raw/}) || ($r->uri=~m{^/adm/dns/})) {
                         my %iphost = &Apache::lonnet::get_iphost();
                         if (exists($iphost{$remote_ip})) {
                             undef($redirect);




More information about the LON-CAPA-cvs mailing list