--- loncom/loncapa_apache.conf 2013/02/13 17:22:43 1.215.2.8 +++ loncom/loncapa_apache.conf 2015/08/26 14:32:18 1.235 @@ -2,7 +2,7 @@ ## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file ## -# $Id: loncapa_apache.conf,v 1.215.2.8 2013/02/13 17:22:43 raeburn Exp $ +# $Id: loncapa_apache.conf,v 1.235 2015/08/26 14:32:18 raeburn Exp $ # # LON-CAPA Section (extensions to httpd.conf daemon configuration) @@ -30,7 +30,7 @@ PerlSetVar MODPERL2 1 # =============================================================== Miscellaneous -ServerAdmin korte@lite.msu.edu +ServerAdmin consortium@loncapa.org ExtendedStatus On # # LON-CAPA Section (extensions to srm.conf name space servicing) @@ -64,11 +64,11 @@ PerlSetVar lonOtherAuthen no #PerlWarn On -PerlAuthenHandler 'sub { return OK }' +PerlAuthzHandler 'sub { return OK }' # Send proper expires header to avoid unnecessary HTTP request for static content - + ExpiresActive On ExpiresDefault "access plus 12 hours" Header set Cache-Control "public, no-transform" @@ -281,7 +281,7 @@ ErrorDocument 406 /adm/unauthorized ErrorDocument 500 /adm/errorhandler - + AuthType Basic @@ -416,8 +416,8 @@ ErrorDocument 413 /adm/overloaded.tx AuthType LONCAPA Require valid-user -SetHandler perl-script PerlAuthzHandler Apache::lonacc +SetHandler perl-script PerlHandler Apache::lonmeta @@ -511,6 +511,16 @@ ErrorDocument 403 /adm/login ErrorDocument 500 /adm/errorhandler + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::lonindexcourse +ErrorDocument 403 /adm/login +ErrorDocument 500 /adm/errorhandler + + AuthType LONCAPA Require valid-user @@ -554,12 +564,12 @@ ErrorDocument 403 /adm/login ErrorDocument 500 /adm/errorhandler - + AuthType LONCAPA Require valid-user PerlAuthzHandler Apache::lonacc SetHandler perl-script -PerlHandler Apache::lonremote +PerlHandler Apache::lonpickresource ErrorDocument 403 /adm/login ErrorDocument 500 /adm/errorhandler @@ -635,8 +645,8 @@ PerlHandler Apache::lonlogin PerlAccessHandler Apache::publiccheck AuthType LONCAPA Require valid-user -SetHandler perl-script PerlAuthzHandler Apache::lonacc +SetHandler perl-script PerlHandler Apache::restrictedaccess ErrorDocument 500 /adm/errorhandler @@ -645,8 +655,8 @@ ErrorDocument 500 /adm/errorhandler PerlAccessHandler Apache::publiccheck AuthType LONCAPA Require valid-user -SetHandler perl-script PerlAuthzHandler Apache::lonacc +SetHandler perl-script PerlHandler Apache::blockedaccess ErrorDocument 500 /adm/errorhandler @@ -1313,7 +1323,7 @@ SetHandler perl-script PerlHandler Apache::lonwishlistdisplay ErrorDocument 403 /adm/login ErrorDocument 406 /adm/roles -ErrorDocument 500 /adm/errorhandler +ErrorDocument 500 /adm/errorhandler @@ -1417,6 +1427,7 @@ PerlHandler Apache::spellcheck + # ------------------------------------------------- Backdoor Adm Tests/Programs @@ -1439,8 +1450,13 @@ PerlChildExitHandler Apache::lonacc::goo Options None AllowOverride None -order deny,allow -deny from all + + Require all denied + + + order deny,allow + deny from all + # Allow uploaded files to be served @@ -1448,8 +1464,13 @@ deny from all Options Includes FollowSymLinks AllowOverride None -order allow,deny -allow from all + + Require all granted + + + order allow,deny + allow from all + # Allow construction space files to be served @@ -1457,8 +1478,13 @@ allow from all Options Includes FollowSymLinks AllowOverride -order allow,deny -allow from all + + Require all granted + + + order allow,deny + allow from all + # Yes to symbolic links and server-side includes @@ -1466,8 +1492,13 @@ allow from all Options Includes FollowSymLinks AllowOverride None -order allow,deny -allow from all + + Require all granted + + + order allow,deny + allow from all + # If it is in cgi-bin, then it can be executed as a CGI script. @@ -1475,8 +1506,13 @@ allow from all AllowOverride None Options ExecCGI FollowSymLinks -order allow,deny -allow from all + + Require all granted + + + order allow,deny + allow from all + # Allow serving of files in prtspool @@ -1484,8 +1520,13 @@ allow from all Options Includes FollowSymLinks AllowOverride None -order allow,deny -allow from all + + Require all granted + + + order allow,deny + allow from all + # Allow serving of files in zipspool @@ -1493,8 +1534,13 @@ allow from all Options Includes FollowSymLinks AllowOverride None -order allow,deny -allow from all + + Require all granted + + + order allow,deny + allow from all + # Allow serving of files in captchaspool @@ -1502,10 +1548,23 @@ allow from all Options Includes FollowSymLinks AllowOverride None -order allow,deny -allow from all + + Require all granted + + + order allow,deny + allow from all + + + DirectoryIndex disabled + + + + DirectoryIndex disabled + + # ============================================================= Access Handlers # ------------------------------------------------- Allow server-status reports @@ -1524,23 +1583,28 @@ ErrorDocument 500 /adm/errorhandler # ------------------- Allow access to local system documentation from localhost Alias /doc /usr/doc -order deny,allow -deny from all -allow from localhost Options Indexes FollowSymLinks + + Require local + + + order deny,allow + deny from all + allow from localhost + # ******** THESE "SHOULD" NEVER BE ALTERED BY THE USER ************************ # ====================================== Internal Settings / Perl Configuration -PerlSetVar lonVersion '' +PerlSetVar lonVersion '' PerlSetVar lonIDsDir /home/httpd/lonIDs PerlSetVar lonDAVsessDir /home/httpd/webdav/sessionIDs PerlSetVar lonTabDir /home/httpd/lonTabs PerlSetVar lonUsersDir /home/httpd/lonUsers PerlSetVar lonIconsURL /adm/lonIcons PerlSetVar londPort 5663 -PerlSetVar lonSysEMail korte@lite.msu.edu +PerlSetVar lonSysEMail techsupport@loncapa.org PerlSetVar lonDaemons /home/httpd/perl PerlSetVar lonLib /home/httpd/lib PerlSetVar lonSockDir /home/httpd/sockets @@ -1552,7 +1616,7 @@ PerlSetVar lonZipDir /home/http PerlSetVar lonCaptchaDir /home/httpd/captchaspool PerlSetVar lonCaptchaDb /home/httpd/captchadb PerlSetVar lonFontsDir /home/httpd/html/adm/fonts -# & separated list of : separated fields in order of +# & separated list of % separated fields in order of # - internal name to call it, # - regexp that it should match (done case-insensitively) # - regexp that is should not match (done case-insensitively) @@ -1560,7 +1624,7 @@ PerlSetVar lonFontsDir /home/h # - a number that describes the minimum version that has mathml support # - a number that describes the minimum number version that has unicode support -PerlSetVar lonBrowsDet explorer:msie:netscape:msie\s(\d+\.\d+)\;:9999:5&mozilla:mozilla\/[5-9]:msie:mozilla\/(\d+\.\d+)\s:9999:1&netscape:netscape:msie:netscape\/(\d+\.\d+):9999:7&netscape:netscape\/[7-9]:shouldnotmatch:netscape\/(\d+\.\d+):9999:7&amaya:amaya:mozilla:V(\d+\.\d+)\s:1:1&safari:safari:msie:safari\/([\d\.]+):9999:84&chrome:chrome:shouldnotmatch:chrome\/(\d+\.\d+):9999:1 +PerlSetVar lonBrowsDet explorer%msie%netscape%msie\s(\d+\.\d+)\;%9999%5&mozilla%mozilla\/[5-9]%msie%mozilla\/(\d+\.\d+)\s%9999%1&netscape%netscape%msie%netscape\/(\d+\.\d+)%9999%7&netscape%netscape\/[7-9]%shouldnotmatch%netscape\/(\d+\.\d+)%9999%7&amaya%amaya%mozilla%V(\d+\.\d+)\s%1%1&safari%safari%msie%safari\/([\d\.]+)%9999%84&chrome%chrome%chromeframe%\s+chrome\/(\d+\.\d+)%9999%1&explorer%\s+rv\:\d+\.\d+%firefox%\s+rv\:(\d+\.\d+)%9999%5&opera%\sOPR\/\d+\.\d+%shouldnotmatch%\sOPR\/(\d+\.\d+)%9999%6&opera%^Opera\/9.80\s.+Version\/\d+\.\d+$%shouldnotmatch%Version\/(\d+\.\d+)$%9999%6&opera%^Opera\/\d+\.\d+\s%Version\/\d+\.\d+$%^Opera\/(\d+\.\d+)\s%9999%6 PerlSetVar lonTextBrowsers windows\s+ce:lynx PerlSetVar lonScansDir /home/httpd/scantron