|
version 1.380, 2021/03/06 13:39:54
|
version 1.381, 2021/04/18 02:08:46
|
|
Line 311 sub handler {
|
Line 311 sub handler {
|
| print => \&print_defaults, |
print => \&print_defaults, |
| modify => \&modify_defaults, |
modify => \&modify_defaults, |
| }, |
}, |
| 'wafproxy' => |
'wafproxy' => |
| { text => 'Web Application Firewall/Reverse Proxy', |
{ text => 'Web Application Firewall/Reverse Proxy', |
| help => 'Domain_Configuration_WAF_Proxy', |
help => 'Domain_Configuration_WAF_Proxy', |
| header => [{col1 => 'Domain server', |
header => [{col1 => 'Domain(s)', |
| col2 => 'Alias for WAF/Reverse Proxy', |
col2 => 'Servers and WAF/Reverse Proxy alias(es)', |
| }, |
}, |
| {col1 => 'Setting', |
{col1 => 'Domain(s)', |
| col2 => 'Value',}], |
col2 => 'WAF Configuration',}], |
| print => \&print_wafproxy, |
print => \&print_wafproxy, |
| modify => \&modify_wafproxy, |
modify => \&modify_wafproxy, |
| }, |
}, |
| 'passwords' => |
'passwords' => |
| { text => 'Passwords (Internal authentication)', |
{ text => 'Passwords (Internal authentication)', |
|
Line 855 sub print_config_box {
|
Line 855 sub print_config_box {
|
| $output .= <i_javascript($settings); |
$output .= <i_javascript($settings); |
| } elsif ($action eq 'proctoring') { |
} elsif ($action eq 'proctoring') { |
| $output .= &proctoring_javascript($settings); |
$output .= &proctoring_javascript($settings); |
| |
} elsif ($action eq 'wafproxy') { |
| |
$output .= &wafproxy_javascript($dom); |
| } |
} |
| $output .= |
$output .= |
| '<table class="LC_nested_outer"> |
'<table class="LC_nested_outer"> |
|
Line 2844 function toggleLTITools(form,setting,ite
|
Line 2846 function toggleLTITools(form,setting,ite
|
| ENDSCRIPT |
ENDSCRIPT |
| } |
} |
| |
|
| |
sub wafproxy_javascript { |
| |
my ($dom) = @_; |
| |
return <<"ENDSCRIPT"; |
| |
<script type="text/javascript"> |
| |
// <![CDATA[ |
| |
function updateWAF() { |
| |
if (document.getElementById('wafproxy_remoteip')) { |
| |
var wafremote = 0; |
| |
if (document.display.wafproxy_remoteip.options[document.display.wafproxy_remoteip.selectedIndex].value == 'h') { |
| |
wafremote = 1; |
| |
} |
| |
var fields = new Array('header','trust'); |
| |
for (var i=0; i<fields.length; i++) { |
| |
if (document.getElementById('wafproxy_'+fields[i])) { |
| |
if (wafremote == 1) { |
| |
document.getElementById('wafproxy_'+fields[i]).style.display = 'table-row'; |
| |
} |
| |
else { |
| |
document.getElementById('wafproxy_'+fields[i]).style.display = 'none'; |
| |
} |
| |
} |
| |
} |
| |
if (document.getElementById('wafproxyranges_$dom')) { |
| |
if (wafremote == 1) { |
| |
document.getElementById('wafproxyranges_$dom').style.display = 'inline-block'; |
| |
} else { |
| |
for (var i=0; i<document.display.wafproxy_vpnaccess.length; i++) { |
| |
if (document.display.wafproxy_vpnaccess[i].checked) { |
| |
if (document.display.wafproxy_vpnaccess[i].value == 0) { |
| |
document.getElementById('wafproxyranges_$dom').style.display = 'none'; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| |
return; |
| |
} |
| |
|
| |
function checkWAF() { |
| |
if (document.getElementById('wafproxy_remoteip')) { |
| |
var wafvpn = 0; |
| |
for (var i=0; i<document.display.wafproxy_vpnaccess.length; i++) { |
| |
if (document.display.wafproxy_vpnaccess[i].checked) { |
| |
if (document.display.wafproxy_vpnaccess[i].value == 1) { |
| |
wafvpn = 1; |
| |
} |
| |
break; |
| |
} |
| |
} |
| |
var vpn = new Array('vpnint','vpnext'); |
| |
for (var i=0; i<vpn.length; i++) { |
| |
if (document.getElementById('wafproxy_show_'+vpn[i])) { |
| |
if (wafvpn == 1) { |
| |
document.getElementById('wafproxy_show_'+vpn[i]).style.display = 'table-row'; |
| |
} |
| |
else { |
| |
document.getElementById('wafproxy_show_'+vpn[i]).style.display = 'none'; |
| |
} |
| |
} |
| |
} |
| |
if (document.getElementById('wafproxyranges_$dom')) { |
| |
if (wafvpn == 1) { |
| |
document.getElementById('wafproxyranges_$dom').style.display = 'inline-block'; |
| |
} |
| |
else if (document.display.wafproxy_remoteip.options[document.display.wafproxy_remoteip.selectedIndex].value != 'h') { |
| |
document.getElementById('wafproxyranges_$dom').style.display = 'none'; |
| |
} |
| |
} |
| |
} |
| |
return; |
| |
} |
| |
|
| |
function toggleWAF() { |
| |
if (document.getElementById('wafproxy_table')) { |
| |
var wafproxy = 0; |
| |
for (var i=0; i<document.display.wafproxy_${dom}.length; i++) { |
| |
if (document.display.wafproxy_${dom}[i].checked) { |
| |
if (document.display.wafproxy_${dom}[i].value == 1) { |
| |
wafproxy = 1; |
| |
break; |
| |
} |
| |
} |
| |
} |
| |
if (wafproxy == 1) { |
| |
document.getElementById('wafproxy_table').style.display='inline'; |
| |
} |
| |
else { |
| |
document.getElementById('wafproxy_table').style.display='none'; |
| |
} |
| |
if (document.getElementById('wafproxyrow_${dom}')) { |
| |
if (wafproxy == 1) { |
| |
document.getElementById('wafproxyrow_${dom}').style.display = 'table-row'; |
| |
} |
| |
else { |
| |
document.getElementById('wafproxyrow_${dom}').style.display = 'none'; |
| |
} |
| |
} |
| |
if (document.getElementById('nowafproxyrow_$dom')) { |
| |
if (wafproxy == 1) { |
| |
document.getElementById('nowafproxyrow_${dom}').style.display = 'none'; |
| |
} |
| |
else { |
| |
document.getElementById('nowafproxyrow_${dom}').style.display = 'table-row'; |
| |
} |
| |
} |
| |
} |
| |
return; |
| |
} |
| |
// ]]> |
| |
</script> |
| |
|
| |
ENDSCRIPT |
| |
} |
| |
|
| sub proctoring_javascript { |
sub proctoring_javascript { |
| my ($settings) = @_; |
my ($settings) = @_; |
| my (%ordered,$total,%jstext); |
my (%ordered,$total,%jstext); |
|
Line 7178 sub print_wafproxy {
|
Line 7295 sub print_wafproxy {
|
| my $itemcount = 0; |
my $itemcount = 0; |
| my $datatable; |
my $datatable; |
| my %servers = &Apache::lonnet::internet_dom_servers($dom); |
my %servers = &Apache::lonnet::internet_dom_servers($dom); |
| my (%othercontrol,%otherdoms,%aliases,%values,$setdom); |
my (%othercontrol,%otherdoms,%aliases,%values,$setdom,$showdom); |
| my %lt = &wafproxy_titles(); |
my %lt = &wafproxy_titles(); |
| foreach my $server (sort(keys(%servers))) { |
foreach my $server (sort(keys(%servers))) { |
| my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server}); |
my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server}); |
| |
next if ($serverhome eq ''); |
| my $serverdom; |
my $serverdom; |
| if ($serverhome ne $server) { |
if ($serverhome ne $server) { |
| $serverdom = &Apache::lonnet::host_domain($serverhome); |
$serverdom = &Apache::lonnet::host_domain($serverhome); |
| $othercontrol{$server} = $serverdom; |
if (($serverdom ne '') && (&Apache::lonnet::domain($serverdom) ne '')) { |
| |
$othercontrol{$server} = $serverdom; |
| |
} |
| } else { |
} else { |
| $serverdom = &Apache::lonnet::host_domain($server); |
$serverdom = &Apache::lonnet::host_domain($server); |
| |
next if (($serverdom eq '') || (&Apache::lonnet::domain($serverdom) eq '')); |
| if ($serverdom ne $dom) { |
if ($serverdom ne $dom) { |
| $othercontrol{$server} = $serverdom; |
$othercontrol{$server} = $serverdom; |
| } else { |
} else { |
| $setdom = 1; |
$setdom = 1; |
| if (ref($settings) eq 'HASH') { |
if (ref($settings) eq 'HASH') { |
| %{$values{$dom}} = (); |
|
| if (ref($settings->{'alias'}) eq 'HASH') { |
if (ref($settings->{'alias'}) eq 'HASH') { |
| $aliases{$dom} = $settings->{'alias'}; |
$aliases{$dom} = $settings->{'alias'}; |
| } |
if ($aliases{$dom} ne '') { |
| foreach my $item ('ipheader','trusted','vpnint','vpnext') { |
$showdom = 1; |
| $values{$dom}{$item} = $settings->{$item}; |
} |
| } |
} |
| } |
} |
| } |
} |
| } |
} |
| } |
} |
| |
if ($setdom) { |
| |
%{$values{$dom}} = (); |
| |
if (ref($settings) eq 'HASH') { |
| |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { |
| |
$values{$dom}{$item} = $settings->{$item}; |
| |
} |
| |
} |
| |
} |
| if (keys(%othercontrol)) { |
if (keys(%othercontrol)) { |
| %otherdoms = reverse(%othercontrol); |
%otherdoms = reverse(%othercontrol); |
| foreach my $domain (keys(%otherdoms)) { |
foreach my $domain (keys(%otherdoms)) { |
|
Line 7212 sub print_wafproxy {
|
Line 7340 sub print_wafproxy {
|
| if (ref($config{$domain}) eq 'HASH') { |
if (ref($config{$domain}) eq 'HASH') { |
| if (ref($config{$domain}{'wafproxy'}) eq 'HASH') { |
if (ref($config{$domain}{'wafproxy'}) eq 'HASH') { |
| $aliases{$domain} = $config{$domain}{'wafproxy'}{'alias'}; |
$aliases{$domain} = $config{$domain}{'wafproxy'}{'alias'}; |
| foreach my $item ('ipheader','trusted','vpnint','vpnext') { |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { |
| $values{$domain}{$item} = $config{$domain}{'wafproxy'}{$item}; |
$values{$domain}{$item} = $config{$domain}{'wafproxy'}{$item}; |
| } |
} |
| } |
} |
|
Line 7221 sub print_wafproxy {
|
Line 7349 sub print_wafproxy {
|
| } |
} |
| if ($position eq 'top') { |
if ($position eq 'top') { |
| my %servers = &Apache::lonnet::internet_dom_servers($dom); |
my %servers = &Apache::lonnet::internet_dom_servers($dom); |
| |
my %aliasinfo; |
| foreach my $server (sort(keys(%servers))) { |
foreach my $server (sort(keys(%servers))) { |
| $itemcount ++; |
$itemcount ++; |
| $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
my $dom_in_effect; |
| $datatable .= '<tr'.$css_class.'>'. |
my $aliasrows = '<tr>'. |
| '<td>'.&mt('Hostname').': '. |
'<td class="LC_left_item">'.&mt('Hostname').': '. |
| &Apache::lonnet::hostname($server).'</td>'. |
&Apache::lonnet::hostname($server).'</td>'; |
| '<td class="LC_right_item">'; |
|
| if ($othercontrol{$server}) { |
if ($othercontrol{$server}) { |
| |
$dom_in_effect = $othercontrol{$server}; |
| my $current; |
my $current; |
| if (ref($aliases{$othercontrol{$server}}) eq 'HASH') { |
if (ref($aliases{$othercontrol{$server}}) eq 'HASH') { |
| $current = $aliases{$othercontrol{$server}{$server}}; |
$current = $aliases{$othercontrol{$server}{$server}}; |
| } |
} |
| if ($current) { |
if ($current) { |
| $datatable .= $current; |
$aliasrows .= $current; |
| } else { |
} else { |
| $datatable .= &mt('None in effect'); |
$aliasrows .= &mt('None in effect'); |
| } |
} |
| $datatable .= '<br /><span class="LC_small">('. |
$aliasrows .= '<td class="LC_left_item"><span class="LC_small">('. |
| &mt('WAF/Reverse Proxy controlled by domain: [_1]', |
&mt('WAF/Reverse Proxy controlled by domain: [_1]', |
| '<b>'.$othercontrol{$server}.'</b>').'</span>'; |
'<b>'.$othercontrol{$server}.'</b>').'</span></td>'; |
| } else { |
} else { |
| |
$dom_in_effect = $dom; |
| my $current; |
my $current; |
| if (ref($aliases{$dom}) eq 'HASH') { |
if (ref($aliases{$dom}) eq 'HASH') { |
| if ($aliases{$dom}{$server}) { |
if ($aliases{$dom}{$server}) { |
| $current = $aliases{$dom}{$server}; |
$current = $aliases{$dom}{$server}; |
| } |
} |
| } |
} |
| $datatable .= '<input type="text" name="wafproxy_alias_'.$server.'" '. |
$aliasrows .= '<td class="LC_left_item">'.&mt('WAF/Reverse Proxy Alias').': '. |
| 'value="'.$current.'" size="30" />'; |
'<input type="text" name="wafproxy_alias_'.$server.'" '. |
| |
'value="'.$current.'" size="30" /></td>'; |
| |
} |
| |
$aliasrows .= '</tr>'; |
| |
$aliasinfo{$dom_in_effect} .= $aliasrows; |
| |
} |
| |
if ($aliasinfo{$dom}) { |
| |
my ($onclick,$wafon,$wafoff,$showtable); |
| |
$onclick = ' onclick="javascript:toggleWAF();"'; |
| |
$wafoff = ' checked="checked"'; |
| |
$showtable = ' style="display:none";'; |
| |
if ($showdom) { |
| |
$wafon = $wafoff; |
| |
$wafoff = ''; |
| |
$showtable = ' style="display:inline;"'; |
| |
} |
| |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
| |
$datatable = '<tr'.$css_class.'>'. |
| |
'<td class="LC_left_item">'.&mt('Domain: [_1]','<b>'.$dom.'</b>').'<br />'. |
| |
'<span class="LC_nobreak">'.&mt('WAF in use?').' <label>'. |
| |
'<input type="radio" name="wafproxy_'.$dom.'" value="1"'.$wafon.$onclick.' />'. |
| |
&mt('Yes').'</label>'.(' 'x2).'<label>'. |
| |
'<input type="radio" name="wafproxy_'.$dom.'" value="0"'.$wafoff.$onclick.' />'. |
| |
&mt('No').'</label></span></td>'. |
| |
'<td class="LC_left_item">'. |
| |
'<table id="wafproxy_table"'.$showtable.'>'.$aliasinfo{$dom}. |
| |
'</table></td></tr>'; |
| |
$itemcount++; |
| |
} |
| |
if (keys(%othercontrol)) { |
| |
foreach my $key (sort(keys(%othercontrol))) { |
| |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
| |
$datatable = '<tr'.$css_class.'>'. |
| |
'<td class="LC_left_item">'.&mt('Domain: [_1]','<b>'.$key.'</b>').'</td>'. |
| |
'<td class="LC_left_item"><table>'.$aliasinfo{$key}. |
| |
'</table></td></tr>'; |
| |
$itemcount++; |
| } |
} |
| $datatable .= '</td></tr>'; |
|
| } |
} |
| } else { |
} else { |
| if ($setdom) { |
if ($setdom) { |
| $itemcount ++; |
$itemcount ++; |
| $css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
| $datatable .= '<tr'.$css_class.'>'. |
my ($nowafstyle,$wafstyle,$curr_remotip,$currwafdisplay,$vpndircheck,$vpnaliascheck, |
| |
$currwafvpn,$wafrangestyle); |
| |
$wafstyle = ' style="display:none;"'; |
| |
$nowafstyle = ' style="display:table-row;"'; |
| |
$currwafdisplay = ' style="display: none"'; |
| |
$wafrangestyle = ' style="display: none"'; |
| |
$curr_remotip = 'n'; |
| |
if ($showdom) { |
| |
$wafstyle = ' style="display:table-row;"'; |
| |
$nowafstyle = ' style="display:none;"'; |
| |
if (keys(%{$values{$dom}})) { |
| |
if ($values{$dom}{remoteip} =~ /^[nmh]$/) { |
| |
$curr_remotip = $values{$dom}{remoteip}; |
| |
} |
| |
if ($curr_remotip eq 'h') { |
| |
$currwafdisplay = ' style="display:table-row"'; |
| |
$wafrangestyle = ' style="display:inline-block;"'; |
| |
} |
| |
} |
| |
if (($values{$dom}{'vpnint'} ne '') || ($values{$dom}{'vpnext'} ne '')) { |
| |
$vpndircheck = ' checked="checked"'; |
| |
$currwafvpn = ' style="display:table-row;"'; |
| |
$wafrangestyle = ' style="display:inline-block;"'; |
| |
} else { |
| |
$vpnaliascheck = ' checked="checked"'; |
| |
$currwafvpn = ' style="display:none;"'; |
| |
} |
| |
} |
| |
$datatable .= '<tr'.$css_class.' id="nowafproxyrow_'.$dom.'"'.$wafstyle.'>'. |
| |
'<td class="LC_left_item">'.&mt('Domain: [_1]','<b>'.$dom.'</b>').'</td>'. |
| |
'<td class="LC_right_item">'.&mt('WAF not in use, nothing to set').'</td>'. |
| |
'</tr>'. |
| |
'<tr'.$css_class.' id="wafproxyrow_'.$dom.'"'.$wafstyle.'>'. |
| '<td class="LC_left_item">'.&mt('Domain: [_1]','<b>'.$dom.'</b>').'<br /><br />'. |
'<td class="LC_left_item">'.&mt('Domain: [_1]','<b>'.$dom.'</b>').'<br /><br />'. |
| &mt('Format for comma separated IP blocks').':<br />'. |
'<div id="wafproxyranges_'.$dom.'">'.&mt('Format for comma separated IP ranges').':<br />'. |
| &mt('A.B.C.D/N or A.B.C.D - E.F.G.H').'</td>'. |
&mt('A.B.C.D/N or A.B.C.D-E.F.G.H').'</div></td>'. |
| '<td class="LC_left_item"><table>'; |
'<td class="LC_left_item"><table>'. |
| foreach my $item ('ipheader','trusted','vpnint','vpnext') { |
'<tr>'. |
| $datatable .= '<tr>'. |
'<td valign="top">'.$lt{'remoteip'}.': '. |
| '<td valign="top">'.$lt{$item}.': '; |
'<select name="wafproxy_remoteip" id="wafproxy_remoteip" onchange="javascript:updateWAF();">'; |
| if ($item eq 'ipheader') { |
my %ip_methods = &remoteip_methods(); |
| $datatable .= '<input type="text" value="'.$values{$dom}{$item}.'" '. |
foreach my $option ('m','h','n') { |
| 'name="wafproxy_'.$item.'" />'; |
my $sel; |
| |
if ($option eq $curr_remotip) { |
| } else { |
$sel = ' selected="selected"'; |
| $datatable .= '<textarea name="wafproxy_'.$item.'" rows="3" cols="80">'. |
} |
| $values{$dom}{$item}.'</textarea>'; |
$datatable .= '<option value="'.$option.'"'.$sel.'>'. |
| } |
$ip_methods{$option}.'</option>'; |
| $datatable .= '</td></tr>'; |
} |
| |
$datatable .= '</select></td></tr>'."\n". |
| |
'<tr id="wafproxy_header"'.$currwafdisplay.'><td>'. |
| |
$lt{'ipheader'}.': '. |
| |
'<input type="text" value="'.$values{$dom}{'ipheader'}.'" '. |
| |
'name="wafproxy_ipheader" />'. |
| |
'</td></tr>'."\n". |
| |
'<tr id="wafproxy_trust"'.$currwafdisplay.'><td>'. |
| |
$lt{'trusted'}.': '. |
| |
'<textarea name="wafproxy_trusted" rows="3" cols="80">'. |
| |
$values{$dom}{'trusted'}.'</textarea>'. |
| |
'</td></tr>'."\n". |
| |
'<tr><td><hr /></td></tr>'."\n". |
| |
'<tr>'. |
| |
'<td valign="top">'.$lt{'vpnaccess'}.':<br /><span class="LC_nobreak">'. |
| |
'<label><input type="radio" name="wafproxy_vpnaccess"'.$vpndircheck.' value="1" onclick="javascript:checkWAF();" />'. |
| |
$lt{'vpndirect'}.'</label>'.(' 'x2). |
| |
'<label><input type="radio" name="wafproxy_vpnaccess"'.$vpnaliascheck.' value="0" onclick="javascript:checkWAF();" />'. |
| |
$lt{'vpnaliased'}.'</label></span></td></tr>'; |
| |
foreach my $item ('vpnint','vpnext') { |
| |
$datatable .= '<tr id="wafproxy_show_'.$item.'"'.$currwafvpn.'>'. |
| |
'<td valign="top">'.$lt{$item}.': '. |
| |
'<textarea name="wafproxy_'.$item.'" rows="3" cols="80">'. |
| |
$values{$dom}{$item}.'</textarea>'. |
| |
'</td></tr>'."\n"; |
| } |
} |
| $datatable .= '</table></td></tr>'; |
$datatable .= '</table></td></tr>'; |
| } |
} |
|
Line 7284 sub print_wafproxy {
|
Line 7505 sub print_wafproxy {
|
| $datatable .= '<tr'.$css_class.'>'. |
$datatable .= '<tr'.$css_class.'>'. |
| '<td class="LC_left_item">'.&mt('Domain: [_1]',$domain).'</td>'. |
'<td class="LC_left_item">'.&mt('Domain: [_1]',$domain).'</td>'. |
| '<td class="LC_left_item"><table>'; |
'<td class="LC_left_item"><table>'; |
| foreach my $item ('ipheader','trusted','vpnint','vpnext') { |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { |
| my $showval = &mt('None'); |
my $showval = &mt('None'); |
| if ($values{$domain}{$item}) { |
if ($values{$domain}{$item}) { |
| $showval = $values{$domain}{$item}; |
$showval = $values{$domain}{$item}; |
| } |
} |
| $datatable .= '<tr>'. |
$datatable .= '<tr>'. |
| '<td>'.$lt{$item}.': '.$showval.'</td></tr>'; |
'<td>'.$lt{$item}.': '.$showval.'</td></tr>'; |
| } |
} |
| $datatable .= '</table></td></tr>'; |
$datatable .= '</table></td></tr>'; |
| } |
} |
| } |
} |
| } |
} |
|
Line 7302 sub print_wafproxy {
|
Line 7523 sub print_wafproxy {
|
| |
|
| sub wafproxy_titles { |
sub wafproxy_titles { |
| return &Apache::lonlocal::texthash( |
return &Apache::lonlocal::texthash( |
| vpnint => 'Internal IP Range(s) for VPN sessions', |
remoteip => "Method for determining user's IP", |
| vpnext => 'IP Range for backend WAF connections', |
ipheader => 'Request header containing remote IP', |
| trusted => 'Trusted IP range(s)', |
trusted => 'Trusted IP range(s)', |
| ipheader => 'Custom request header', |
vpnaccess => 'Access from institutional VPN', |
| |
vpndirect => 'via regular hostname (no WAF)', |
| |
vpnaliased => 'via aliased hostname (WAF)', |
| |
vpnint => 'Internal IP Range(s) for VPN sessions', |
| |
vpnext => 'IP Range(s) for backend WAF connections', |
| |
ssloptions => 'Forwarding http/https', |
| |
alltossl => 'WAF forwards both http and https requests to https', |
| |
ssltossl => 'WAF forwards http requests to http and https to https', |
| |
); |
| |
} |
| |
|
| |
sub remoteip_methods { |
| |
return &Apache::lonlocal::texthash( |
| |
m => 'Use Apache mod_remoteip', |
| |
h => 'Use headers parsed by LON-CAPA', |
| |
n => 'Not in use', |
| ); |
); |
| } |
} |
| |
|
|
Line 19582 sub modify_wafproxy {
|
Line 19818 sub modify_wafproxy {
|
| my $serverdom = &Apache::lonnet::host_domain($server); |
my $serverdom = &Apache::lonnet::host_domain($server); |
| if ($serverdom eq $dom) { |
if ($serverdom eq $dom) { |
| $canset{$server} = 1; |
$canset{$server} = 1; |
| if (ref($domconfig{'wafproxy'}) eq 'HASH') { |
|
| %{$values{$dom}} = (); |
|
| if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { |
|
| %curralias = %{$domconfig{'wafproxy'}{'alias'}}; |
|
| } |
|
| foreach my $item ('ipheader','trusted','exempt') { |
|
| $currvalue{$item} = $domconfig{'wafproxy'}{$item}; |
|
| } |
|
| } |
|
| } |
} |
| } |
} |
| } |
} |
| |
if (ref($domconfig{'wafproxy'}) eq 'HASH') { |
| |
%{$values{$dom}} = (); |
| |
if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { |
| |
%curralias = %{$domconfig{'wafproxy'}{'alias'}}; |
| |
} |
| |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { |
| |
$currvalue{$item} = $domconfig{'wafproxy'}{$item}; |
| |
} |
| |
} |
| my $output; |
my $output; |
| if (keys(%canset)) { |
if (keys(%canset)) { |
| %{$wafproxy{'alias'}} = (); |
%{$wafproxy{'alias'}} = (); |
| foreach my $key (sort(keys(%canset))) { |
foreach my $key (sort(keys(%canset))) { |
| $wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key}; |
if ($env{'form.wafproxy_'.$dom}) { |
| $wafproxy{'alias'}{$key} =~ s/^\s+|\s+$//g; |
$wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key}; |
| if ($wafproxy{'alias'}{$key} ne $curralias{$key}) { |
$wafproxy{'alias'}{$key} =~ s/^\s+|\s+$//g; |
| $changes{'alias'} = 1; |
if ($wafproxy{'alias'}{$key} ne $curralias{$key}) { |
| |
$changes{'alias'} = 1; |
| |
} |
| |
} else { |
| |
$wafproxy{'alias'}{$key} = ''; |
| |
if ($curralias{$key}) { |
| |
$changes{'alias'} = 1; |
| |
} |
| } |
} |
| if ($wafproxy{'alias'}{$key} eq '') { |
if ($wafproxy{'alias'}{$key} eq '') { |
| if ($curralias{$key}) { |
if ($curralias{$key}) { |
|
Line 19616 sub modify_wafproxy {
|
Line 19859 sub modify_wafproxy {
|
| # Localization for values in %warn occus in &mt() calls separately. |
# Localization for values in %warn occus in &mt() calls separately. |
| my %warn = ( |
my %warn = ( |
| trusted => 'trusted IP range(s)', |
trusted => 'trusted IP range(s)', |
| exempt => 'exempt IP range(s)', |
vpnint => 'internal IP range(s) for VPN sessions(s)', |
| |
vpnext => 'IP range(s) for backend WAF connections', |
| ); |
); |
| foreach my $item ('ipheader','trusted','exempt') { |
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') { |
| my $possible = $env{'form.wafproxy_'.$item}; |
my $possible = $env{'form.wafproxy_'.$item}; |
| $possible =~ s/^\s+|\s+$//g; |
$possible =~ s/^\s+|\s+$//g; |
| if ($possible ne '') { |
if ($possible ne '') { |
| if ($item eq 'ipheader') { |
if ($item eq 'remoteip') { |
| $wafproxy{$item} = $possible; |
if ($possible =~ /^[mhn]$/) { |
| |
$wafproxy{$item} = $possible; |
| |
} |
| |
} elsif ($item eq 'ipheader') { |
| |
if ($wafproxy{'remoteip'} eq 'h') { |
| |
$wafproxy{$item} = $possible; |
| |
} |
| } else { |
} else { |
| my (@ok,$count); |
my (@ok,$count); |
| $possible =~ s/[\r\n]+/\s/g; |
if (($item eq 'vpnint') || ($item eq 'vpnext')) { |
| $possible =~ s/\s*-\s*/-/g; |
unless ($env{'form.wafproxy_vpnaccess'}) { |
| $possible =~ s/\s+/,/g; |
$possible = ''; |
| |
} |
| |
} elsif ($item eq 'trusted') { |
| |
unless ($wafproxy{'remoteip'} eq 'h') { |
| |
$possible = ''; |
| |
} |
| |
} |
| |
unless ($possible eq '') { |
| |
$possible =~ s/[\r\n]+/\s/g; |
| |
$possible =~ s/\s*-\s*/-/g; |
| |
$possible =~ s/\s+/,/g; |
| |
} |
| $count = 0; |
$count = 0; |
| if ($possible) { |
if ($possible ne '') { |
| foreach my $poss (split(/\,/,$possible)) { |
foreach my $poss (split(/\,/,$possible)) { |
| $count ++; |
$count ++; |
| if (&validate_ip_pattern($poss)) { |
if (&validate_ip_pattern($poss)) { |
|
Line 19647 sub modify_wafproxy {
|
Line 19908 sub modify_wafproxy {
|
| $diff,$warn{$item}). |
$diff,$warn{$item}). |
| '</li>'); |
'</li>'); |
| } |
} |
| if ($wafproxy{$item} ne $currvalue{$item}) { |
|
| $changes{$item} = 1; |
|
| } |
|
| } |
} |
| } |
} |
| } else { |
if ($wafproxy{$item} ne $currvalue{$item}) { |
| if ($currvalue{$item}) { |
|
| $changes{$item} = 1; |
$changes{$item} = 1; |
| } |
} |
| |
} elsif ($currvalue{$item}) { |
| |
$changes{$item} = 1; |
| |
} |
| |
} |
| |
} else { |
| |
if (keys(%curralias)) { |
| |
$changes{'alias'} = 1; |
| |
} |
| |
if (keys(%currvalue)) { |
| |
foreach my $key (keys(%currvalue)) { |
| |
$changes{$key} = 1; |
| } |
} |
| } |
} |
| } |
} |
|
Line 19668 sub modify_wafproxy {
|
Line 19936 sub modify_wafproxy {
|
| if ($putresult eq 'ok') { |
if ($putresult eq 'ok') { |
| my $cachetime = 24*60*60; |
my $cachetime = 24*60*60; |
| my (%domdefaults,$updatedomdefs); |
my (%domdefaults,$updatedomdefs); |
| foreach my $item ('ipheader','trusted','exempt') { |
foreach my $item ('ipheader','trusted','vpnint','vpnext') { |
| if ($changes{$item}) { |
if ($changes{$item}) { |
| unless ($updatedomdefs) { |
unless ($updatedomdefs) { |
| %domdefaults = &Apache::lonnet::get_domain_defaults($dom); |
%domdefaults = &Apache::lonnet::get_domain_defaults($dom); |
|
Line 19705 sub modify_wafproxy {
|
Line 19973 sub modify_wafproxy {
|
| } |
} |
| } |
} |
| $output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'<ul>'; |
$output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'<ul>'; |
| foreach my $item ('alias','ipheader','trusted','exempt') { |
foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext') { |
| if ($changes{$item}) { |
if ($changes{$item}) { |
| if ($item eq 'alias') { |
if ($item eq 'alias') { |
| my $numaliased = 0; |
my $numaliased = 0; |
|
Line 19728 sub modify_wafproxy {
|
Line 19996 sub modify_wafproxy {
|
| $output .= '<li>'.&mt('Aliases deleted for hostnames').'</li>'; |
$output .= '<li>'.&mt('Aliases deleted for hostnames').'</li>'; |
| } |
} |
| } else { |
} else { |
| if ($item eq 'ipheader') { |
if ($item eq 'remoteip') { |
| |
my %ip_methods = &remoteip_methods(); |
| |
if ($wafproxy{$item} =~ /^[mh]$/) { |
| |
$output .= '<li>'.&mt("Method for determining user's IP set to: [_1]", |
| |
$ip_methods{$wafproxy{$item}}).'</li>'; |
| |
} else { |
| |
if (($env{'form.wafproxy_'.$dom}) && (ref($wafproxy{'alias'}) eq 'HASH')) { |
| |
$output .= '<li>'.&mt("No method in use to get user's real IP (will report IP used by WAF)."). |
| |
'</li>'; |
| |
} else { |
| |
$output .= '<li>'.&mt('WAF/Reverse Proxy not in use').'</li>'; |
| |
} |
| |
} |
| |
} elsif ($item eq 'ipheader') { |
| if ($wafproxy{$item}) { |
if ($wafproxy{$item}) { |
| $output .= '<li>'.&mt('Custom request header set to [_1]', |
$output .= '<li>'.&mt('Request header with remote IP set to: [_1]', |
| $wafproxy{$item}).'</li>'; |
$wafproxy{$item}).'</li>'; |
| } else { |
} else { |
| $output .= '<li>'.&mt('Custom request header deleted').'</li>'; |
$output .= '<li>'.&mt('Request header with remote IP deleted').'</li>'; |
| } |
} |
| } elsif ($item eq 'trusted') { |
} elsif ($item eq 'trusted') { |
| if ($wafproxy{$item}) { |
if ($wafproxy{$item}) { |
| $output .= '<li>'.&mt('Trusted IP range(s) set to [_1]', |
$output .= '<li>'.&mt('Trusted IP range(s) set to: [_1]', |
| $wafproxy{$item}).'</li>'; |
$wafproxy{$item}).'</li>'; |
| } else { |
} else { |
| $output .= '<li>'.&mt('Trusted IP range(s) deleted').'</li>'; |
$output .= '<li>'.&mt('Trusted IP range(s) deleted').'</li>'; |
| } |
} |
| } elsif ($item eq 'exempt') { |
} elsif ($item eq 'vpnint') { |
| |
if ($wafproxy{$item}) { |
| |
$output .= '<li>'.&mt('Internal IP Range(s) for VPN sessions set to: [_1]', |
| |
$wafproxy{$item}).'</li>'; |
| |
} else { |
| |
$output .= '<li>'.&mt('Internal IP Range(s) for VPN sessions deleted').'</li>'; |
| |
} |
| |
} elsif ($item eq 'vpnext') { |
| if ($wafproxy{$item}) { |
if ($wafproxy{$item}) { |
| $output .= '<li>'.&mt('Exempt IP range(s) set to [_1]', |
$output .= '<li>'.&mt('IP Range(s) for backend WAF connections set to: [_1]', |
| $wafproxy{$item}).'</li>'; |
$wafproxy{$item}).'</li>'; |
| } else { |
} else { |
| $output .= '<li>'.&mt('Exempt IP range(s) deleted').'</li>'; |
$output .= '<li>'.&mt('IP Range(s) for backend WAF connections deleted').'</li>'; |
| } |
} |
| } |
} |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to domainprefs.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / interface