--- loncom/loncapa_apache.conf	2020/09/10 21:16:17	1.215.2.27
+++ loncom/loncapa_apache.conf	2023/09/07 19:36:15	1.215.2.30.2.5
@@ -2,7 +2,7 @@
 ## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file
 ##
 
-# $Id: loncapa_apache.conf,v 1.215.2.27 2020/09/10 21:16:17 raeburn Exp $
+# $Id: loncapa_apache.conf,v 1.215.2.30.2.5 2023/09/07 19:36:15 raeburn Exp $
 
 #
 # LON-CAPA Section (extensions to httpd.conf daemon configuration)
@@ -150,6 +150,10 @@ ErrorDocument     406 /adm/roles
 ErrorDocument	  500 /adm/errorhandler
 </LocationMatch>
 
+<LocationMatch "^/+uploaded/.+/.+/(portfolio|feedback|docs|groups|supplemental)/.+">
+   Options +FollowSymLinks -Includes
+</LocationMatch>
+
 <LocationMatch "^/+editupload.*">
 AuthType LONCAPA
 Require valid-user
@@ -271,6 +275,20 @@ ErrorDocument     406 /adm/notinit.html
 ErrorDocument	  500 /adm/errorhandler
 </LocationMatch>
 
+<LocationMatch "^/adm/.*/ext\.tool$">
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler        Apache::lonacc
+SetHandler              perl-script
+PerlHandler             Apache::lonslotcheck
+PerlHandler             Apache::londatecheck
+PerlHandler             Apache::lonipcheck
+PerlHandler             Apache::lonexttool
+ErrorDocument     404 /adm/notfound.html
+ErrorDocument     406 /adm/notinit.html
+ErrorDocument     500 /adm/errorhandler
+</LocationMatch>
+
 <Location /adm/exturlcheck>
 AuthType LONCAPA
 Require valid-user
@@ -639,11 +657,52 @@ ErrorDocument     406 /adm/roles
 ErrorDocument     500 /adm/errorhandler
 </Location>
 
+<Location /adm/courseuser>
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::loncourseuser
+ErrorDocument     403 /adm/login
+ErrorDocument     406 /adm/roles
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
 <Location /adm/login>
 SetHandler perl-script
 PerlHandler Apache::lonlogin
 </Location>
 
+<LocationMatch "^/+adm/launch/tiny/[\w.-]+/\w+">
+SetHandler perl-script
+PerlHandler Apache::ltiauth
+</LocationMatch>
+
+<Location /adm/relaunch>
+SetHandler perl-script
+PerlHandler Apache::lonrelaunch
+</Location>
+
+<LocationMatch "^/+adm/lti($|/)">
+SetHandler perl-script
+PerlHandler Apache::ltiauth
+</LocationMatch>
+
+<Location /adm/service/passback>
+SetHandler perl-script
+PerlHandler Apache::ltipassback
+</Location>
+
+<Location /adm/service/roster>
+SetHandler perl-script
+PerlHandler Apache::ltiroster
+</Location>
+
+<LocationMatch "^/adm/service/logout/\w+$">
+SetHandler perl-script
+PerlHandler Apache::ltilogout
+</LocationMatch>
+
 <Location /adm/restrictedaccess>
 PerlAccessHandler      Apache::publiccheck
 AuthType LONCAPA
@@ -664,6 +723,17 @@ PerlHandler Apache::blockedaccess
 ErrorDocument     500 /adm/errorhandler
 </Location>
 
+<Location /adm/protected>
+PerlAccessHandler      Apache::publiccheck
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lonprotected
+ErrorDocument     403 /adm/login
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
 <Location /adm/logout>
 AuthType LONCAPA
 Require valid-user
@@ -696,6 +766,7 @@ PerlHandler Apache::migrateuser
 </Location>
 
 <Location /adm/sso>
+  Header set Cache-Control "private,no-store,no-cache,max-age=0"
   <IfModule mod_shib>
     AuthType shibboleth
     ShibUseEnvironment On
@@ -704,12 +775,25 @@ PerlHandler Apache::migrateuser
     require valid-user
     PerlAuthzHandler       Apache::lonshibacc
     PerlAuthzHandler       Apache::lonacc
+    ErrorDocument     403 /adm/login
+    ErrorDocument     500 /adm/errorhandler
   </IfModule>
   <IfModule !mod_shib>
     PerlTypeHandler        Apache::lonnoshib
   </IfModule>
 </Location>
 
+<Location /adm/linkexit>
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lonlinkexit
+ErrorDocument     403 /adm/login
+ErrorDocument     409 /adm/preferences?action=lockwarning
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
 <Location /adm/annotations>
 AuthType LONCAPA
 Require valid-user
@@ -1452,6 +1536,16 @@ PerlHandler Apache::spellcheck
 </LocationMatch>
 
 
+<LocationMatch "^/tiny/[\w.-]+/\w+$">
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lontiny
+ErrorDocument     403 /adm/login
+ErrorDocument     406 /adm/roles
+ErrorDocument     500 /adm/errorhandler
+</LocationMatch>
 
 # ------------------------------------------------- Backdoor Adm Tests/Programs
 
@@ -1576,10 +1670,6 @@ AllowOverride None
    DirectoryIndex disabled
 </DirectoryMatch>
 
-<DirectoryMatch "^/home/httpd/lonUsers/*">
-   Options +FollowSymLinks -Includes
-</DirectoryMatch>
-
 # ============================================================= Access Handlers
 
 # ------------------------------------------------- Allow server-status reports
@@ -1631,6 +1721,8 @@ PerlSetVar       lonIncludes  /home/http
 PerlSetVar       lonZipDir    /home/httpd/zipspool
 PerlSetVar       lonCaptchaDir     /home/httpd/captchaspool
 PerlSetVar       lonCaptchaDb     /home/httpd/captchadb 
+PerlSetVar       lonLTIDir    /home/httpd/lonLTItmp
+PerlSetVar       ltiIDsDir    /home/httpd/ltiIDs
 PerlSetVar       lonFontsDir     /home/httpd/html/adm/fonts
 # & separated list of % separated fields in order of
 # - internal name to call it,