--- loncom/lonnet/perl/lonnet.pm	2020/12/18 15:23:03	1.1434
+++ loncom/lonnet/perl/lonnet.pm	2021/01/02 19:31:11	1.1436
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.1434 2020/12/18 15:23:03 raeburn Exp $
+# $Id: lonnet.pm,v 1.1436 2021/01/02 19:31:11 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -8082,7 +8082,7 @@ sub allowed {
 
     if (defined($env{'allowed.'.$priv})) { return $env{'allowed.'.$priv}; }
 # Free bre access to adm and meta resources
-    if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard|ext\.tool)$})) 
+    if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard|viewclasslist|aboutme|ext\.tool)$})) 
 	 || (($uri=~/\.meta$/) && ($uri!~m|^uploaded/|) )) 
 	&& ($priv eq 'bre')) {
 	return 'F';
@@ -10332,7 +10332,7 @@ sub modifyuserauth {
     &log($udom,,$uname,$uhome,
         'Authentication changed by '.$env{'user.domain'}.', '.
                                      $env{'user.name'}.', '.$umode.
-         '(Remote '.$ENV{'REMOTE_ADDR'}.'): '.$reply);
+         '(Remote '.$ip.'): '.$reply);
     unless ($reply eq 'ok') {
         &logthis('Authentication mode error: '.$reply);
 	return 'error: '.$reply;
@@ -14309,10 +14309,10 @@ sub get_requestor_ip {
                     $xfor = $ENV{'HTTP_X_FORWARDED_FOR'};
                 }
                 if (($ip eq '') && ($xfor ne '')) {
-                    my @ips = reverse(split(/\s*,\s*/,$xfor));
                     foreach my $poss_ip (reverse(split(/\s*,\s*/,$xfor))) {
                         unless (&ip_match($poss_ip,$proxyinfo->{'trusted'})) {
                             $ip = $poss_ip;
+                            last;
                         }
                     }
                 }