[LON-CAPA-cvs] cvs: loncom / lontrans.pm /interface domainprefs.pm /lonnet/perl lonnet.pm
raeburn
raeburn at source.lon-capa.org
Mon Jan 4 23:23:46 EST 2021
raeburn Tue Jan 5 04:23:46 2021 EDT
Modified files:
/loncom lontrans.pm
/loncom/interface domainprefs.pm
/loncom/lonnet/perl lonnet.pm
Log:
- Bug 6914. Consistent naming of domain configuration key: wafproxy.
Rename exempt key in inner hash as 'vpnint', and add vpnext key to inner
hash (required where VPN users will not use WAF, but other users will).
Index: loncom/lontrans.pm
diff -u loncom/lontrans.pm:1.28 loncom/lontrans.pm:1.29
--- loncom/lontrans.pm:1.28 Wed Dec 23 22:03:42 2020
+++ loncom/lontrans.pm Tue Jan 5 04:23:45 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network
# URL translation for User Files
#
-# $Id: lontrans.pm,v 1.28 2020/12/23 22:03:42 raeburn Exp $
+# $Id: lontrans.pm,v 1.29 2021/01/05 04:23:45 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -58,15 +58,15 @@
my $hostname = &Apache::lonnet::hostname($lonhost);
if (($hdrhost eq $alias) || ($hdrhost eq $hostname)) {
my $proxyinfo = &Apache::lonnet::get_proxy_settings($r->dir_config('lonDefDomain'));
- my ($vpnpriv,$vpnnat);
+ my ($vpnint,$vpnext);
if (ref($proxyinfo) eq 'HASH') {
- $vpnpriv = $proxyinfo->{'exempt'};
- $vpnnat = '35.12.16.96-35.12.16.111';
+ $vpnint = $proxyinfo->{'vpnint'};
+ $vpnext = $proxyinfo->{'vpnext'};
}
my $redirect;
if ($hdrhost eq $alias) {
my $remote_ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP);
- if ($vpnnat && &Apache::lonnet::ip_match($remote_ip,$vpnnat)) {
+ if ($vpnext && &Apache::lonnet::ip_match($remote_ip,$vpnext)) {
$redirect = $hostname;
if ($redirect eq $hdrhost) {
undef($redirect);
@@ -74,9 +74,9 @@
}
} elsif ($hdrhost eq $hostname) {
my $remote_ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP,1);
- unless (($remote_ip eq '127.0.0.1') ||
+ unless (($remote_ip eq '127.0.0.1') || ($remote_ip eq '::1') ||
($remote_ip eq &Apache::lonnet::get_host_ip($lonhost)) ||
- ($vpnpriv && &Apache::lonnet::ip_match($remote_ip,$vpnpriv))) {
+ ($vpnint && &Apache::lonnet::ip_match($remote_ip,$vpnint))) {
$redirect = $alias;
if ($r->uri=~m{^/raw/}){
my %iphost = &Apache::lonnet::get_iphost();
Index: loncom/interface/domainprefs.pm
diff -u loncom/interface/domainprefs.pm:1.375 loncom/interface/domainprefs.pm:1.376
--- loncom/interface/domainprefs.pm:1.375 Fri Jan 1 14:45:38 2021
+++ loncom/interface/domainprefs.pm Tue Jan 5 04:23:45 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to set domain-wide configuration settings
#
-# $Id: domainprefs.pm,v 1.375 2021/01/01 14:45:38 raeburn Exp $
+# $Id: domainprefs.pm,v 1.376 2021/01/05 04:23:45 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -7203,7 +7203,7 @@
if (ref($settings->{'alias'}) eq 'HASH') {
$aliases{$dom} = $settings->{'alias'};
}
- foreach my $item ('ipheader','trusted','exempt') {
+ foreach my $item ('ipheader','trusted','vpnint','vpnext') {
$values{$dom}{$item} = $settings->{$item};
}
}
@@ -7218,7 +7218,7 @@
if (ref($config{$domain}) eq 'HASH') {
if (ref($config{$domain}{'wafproxy'}) eq 'HASH') {
$aliases{$domain} = $config{$domain}{'wafproxy'}{'alias'};
- foreach my $item ('ipheader','trusted','exempt') {
+ foreach my $item ('ipheader','trusted','vpnint','vpnext') {
$values{$domain}{$item} = $config{$domain}{'wafproxy'}{$item};
}
}
@@ -7268,7 +7268,7 @@
&mt('Format for comma separated IP blocks').':<br />'.
&mt('A.B.C.D/N or A.B.C.D - E.F.G.H').'</td>'.
'<td class="LC_left_item"><table>';
- foreach my $item ('ipheader','trusted','exempt') {
+ foreach my $item ('ipheader','trusted','vpnint','vpnext') {
$datatable .= '<tr>'.
'<td valign="top">'.$lt{$item}.': ';
if ($item eq 'ipheader') {
@@ -7290,7 +7290,7 @@
$datatable .= '<tr'.$css_class.'>'.
'<td class="LC_left_item">'.&mt('Domain: [_1]',$domain).'</td>'.
'<td class="LC_left_item"><table>';
- foreach my $item ('ipheader','trusted','exempt') {
+ foreach my $item ('ipheader','trusted','vpnint','vpnext') {
my $showval = &mt('None');
if ($values{$domain}{$item}) {
$showval = $values{$domain}{$item};
@@ -7308,7 +7308,8 @@
sub wafproxy_titles {
return &Apache::lonlocal::texthash(
- exempt => 'Exempt IP range(s)',
+ vpnint => 'Internal IP Range(s) for VPN sessions',
+ vpnext => 'IP Range for backend WAF connections',
trusted => 'Trusted IP range(s)',
ipheader => 'Custom request header',
);
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1436 loncom/lonnet/perl/lonnet.pm:1.1437
--- loncom/lonnet/perl/lonnet.pm:1.1436 Sat Jan 2 19:31:11 2021
+++ loncom/lonnet/perl/lonnet.pm Tue Jan 5 04:23:46 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1436 2021/01/02 19:31:11 raeburn Exp $
+# $Id: lonnet.pm,v 1.1437 2021/01/05 04:23:46 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -2757,7 +2757,7 @@
}
}
if (ref($domconfig{'wafproxy'}) eq 'HASH') {
- foreach my $item ('ipheader','trusted','exempt') {
+ foreach my $item ('ipheader','trusted','vpnint','vpnext') {
if ($domconfig{'wafproxy'}{$item}) {
$domdefaults{'waf_'.$item} = $domconfig{'wafproxy'}{$item};
}
@@ -14288,8 +14288,8 @@
my $dom_in_use = $Apache::lonnet::perlvar{'lonDefDomain'};
my $proxyinfo = &get_proxy_settings($dom_in_use);
if ((ref($proxyinfo) eq 'HASH') && ($from_ip)) {
- if ($proxyinfo->{'exempt'}) {
- if (&ip_match($from_ip,$proxyinfo->{'exempt'})) {
+ if ($proxyinfo->{'vpnint'}) {
+ if (&ip_match($from_ip,$proxyinfo->{'vpnint'})) {
return $from_ip;
}
}
@@ -14331,7 +14331,8 @@
my $proxyinfo = {
ipheader => $domdefaults{'waf_ipheader'},
trusted => $domdefaults{'waf_trusted'},
- exempt => $domdefaults{'waf_exempt'},
+ vpnint => $domdefaults{'waf_vpnint'},
+ vpnext => $domdefaults{'waf_vpnext'};
};
return $proxyinfo;
}
@@ -14356,11 +14357,11 @@
if ($dom ne '') {
my $cachetime = 60*60*24;
my %domconfig =
- &Apache::lonnet::get_dom('configuration',['proxy'],$dom);
+ &Apache::lonnet::get_dom('configuration',['wafproxy'],$dom);
my $alias;
- if (ref($domconfig{'proxy'}) eq 'HASH') {
- if (ref($domconfig{'proxy'}{'alias'}) eq 'HASH') {
- $alias = $domconfig{'proxy'}{'alias'}{$lonhost};
+ if (ref($domconfig{'wafproxy'}) eq 'HASH') {
+ if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') {
+ $alias = $domconfig{'wafproxy'}{'alias'}{$lonhost};
}
}
return &do_cache_new('proxyalias',$lonhost,$alias,$cachetime);
More information about the LON-CAPA-cvs
mailing list