--- loncom/loncapa_apache.conf 2008/12/22 21:53:48 1.181.2.2 +++ loncom/loncapa_apache.conf 2018/07/18 13:44:55 1.263 @@ -1,8 +1,8 @@ ## ## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file ## -## $Id: loncapa_apache.conf,v 1.181.2.2 2008/12/22 21:53:48 raeburn Exp $ -## + +# $Id: loncapa_apache.conf,v 1.263 2018/07/18 13:44:55 raeburn Exp $ # # LON-CAPA Section (extensions to httpd.conf daemon configuration) @@ -18,7 +18,9 @@ Group www # ======================================================= Shared Object Modules -LoadModule perl_module modules/libperl.so + + LoadModule perl_module modules/libperl.so + AddModule mod_perl.c @@ -28,7 +30,7 @@ PerlSetVar MODPERL2 1 # =============================================================== Miscellaneous -ServerAdmin korte@lite.msu.edu +ServerAdmin consortium@loncapa.org ExtendedStatus On # # LON-CAPA Section (extensions to srm.conf name space servicing) @@ -38,7 +40,11 @@ ExtendedStatus On Alias /zipspool/ /home/httpd/zipspool/ Alias /prtspool/ /home/httpd/prtspool/ Alias /captchaspool/ /home/httpd/captchaspool/ +Alias /webdav/ /home/httpd/html/priv/ ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/" + + DAVLockDB /home/httpd/webdav/DAVLock + # ================================================================= Directories @@ -50,7 +56,24 @@ PerlCleanupHandler Apache::lonacc::clean PerlAuthenHandler Apache::checkauthen PerlSetVar lonOtherAuthen no + + PerlAuthenHandler Apache::lonshibauth + PerlSetVar lonOtherAuthen yes + PerlSetVar lonOtherAuthenType Shibboleth + + #PerlWarn On + +PerlAuthzHandler 'sub { return OK }' + + +# Send proper expires header to avoid unnecessary HTTP request for static content + + ExpiresActive On + ExpiresDefault "access plus 12 hours" + Header set Cache-Control "public, no-transform" + + AuthType LONCAPA @@ -95,6 +118,18 @@ SetHandler perl-script PerlHandler Apache::portfolio + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::lonpdfupload +ErrorDocument 403 /adm/login +ErrorDocument 404 /adm/notfound.html +ErrorDocument 406 /adm/roles +ErrorDocument 500 /adm/errorhandler + + PerlAccessHandler Apache::lontokacc PerlCleanupHandler Apache::lontokacc::removefile @@ -235,32 +270,77 @@ ErrorDocument 406 /adm/notinit.html ErrorDocument 500 /adm/errorhandler - + AuthType LONCAPA Require valid-user -PerlAuthzHandler Apache::loncacc -SetHandler perl-script -PerlHandler Apache::lonconstruct -ErrorDocument 403 /adm/login +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::londatecheck +PerlHandler Apache::lonipcheck +PerlHandler Apache::lonexttool ErrorDocument 404 /adm/notfound.html -ErrorDocument 406 /adm/unauthorized -ErrorDocument 500 /adm/errorhandler +ErrorDocument 406 /adm/notinit.html +ErrorDocument 500 /adm/errorhandler - -PerlAccessHandler Apache::lonracc + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::lonplacementtest +ErrorDocument 404 /adm/notfound.html +ErrorDocument 406 /adm/notinit.html +ErrorDocument 500 /adm/errorhandler - + AuthType LONCAPA Require valid-user PerlAuthzHandler Apache::loncacc +SetHandler perl-script ErrorDocument 403 /adm/login ErrorDocument 404 /adm/notfound.html ErrorDocument 406 /adm/unauthorized ErrorDocument 500 /adm/errorhandler + + + + AuthType Basic + AuthName "LONCAPA username,domain" + Require valid-user + SSLRequireSSL + PerlAuthenHandler Apache::lonwebdavauth + PerlAuthzHandler Apache::lonwebdavacc + Dav On + DirectoryIndex index.missing + Options Indexes FollowSymLinks + ErrorDocument 403 /adm/nowebdav.html + ErrorDocument 404 /adm/notfound.html + ErrorDocument 406 /adm/unauthorized + ErrorDocument 500 /adm/errorhandler + + + + RewriteEngine on + RewriteRule .* http://%{HTTP_HOST}/adm/nowebdav.html [L] + + + + + + RewriteEngine on + RewriteRule .* http://%{HTTP_HOST}/adm/nowebdav.html [L] + + + + + +PerlAccessHandler Apache::lonracc + + AuthType LONCAPA Require valid-user @@ -296,22 +376,22 @@ ErrorDocument 500 /adm/errorhandler # ------------------------------------------------------------------------- RAT - + SetHandler perl-script PerlHandler Apache::lonratedt - + SetHandler perl-script PerlHandler Apache::lonratedt - + SetHandler perl-script PerlHandler Apache::lonratsrv - + SetHandler perl-script PerlHandler Apache::lonratmenu @@ -335,7 +415,7 @@ PerlCleanupHandler Apache::lonindexer::c PerlCleanupHandler Apache::lonacc::cleanup - + SetHandler perl-script PerlHandler Apache::lontex @@ -350,7 +430,7 @@ SetHandler perl-script PerlHandler Apache::lonsequence - + PerlAccessHandler Apache::publiccheck SetHandler perl-script PerlHandler Apache::lonmeta @@ -360,30 +440,123 @@ ErrorDocument 413 /adm/overloaded.tx AuthType LONCAPA Require valid-user -SetHandler perl-script PerlAuthzHandler Apache::lonacc +SetHandler perl-script PerlHandler Apache::lonmeta - + SetHandler perl-script PerlHandler Apache::lonrights - + SetHandler perl-script PerlHandler Apache::londatecheck PerlHandler Apache::lonipcheck PerlHandler Apache::lonxml - + SetHandler perl-script PerlHandler Apache::lonhomework + +SetHandler perl-script +PerlHandler Apache::lonxml + + + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::loncacc +ErrorDocument 403 /adm/login +ErrorDocument 404 /adm/notfound.html +ErrorDocument 406 /adm/unauthorized +ErrorDocument 500 /adm/errorhandler + + + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc + + + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +ErrorDocument 403 /adm/login +ErrorDocument 404 /adm/notfound.html +ErrorDocument 406 /adm/unauthorized +ErrorDocument 500 /adm/errorhandler + + + +SetHandler perl-script +PerlHandler Apache::daxepage + + + +SetHandler perl-script +PerlHandler Apache::daxepage + + + +SetHandler perl-script +PerlHandler Apache::daxeopen + + + +SetHandler perl-script +PerlHandler Apache::daxeopen + + + +SetHandler perl-script +PerlHandler Apache::daxeopen + + + +SetHandler perl-script +PerlHandler Apache::daxeopen + + + + + RewriteEngine on + RewriteRule /daxeopen/(.*) /$1 + + + + + + RewriteEngine on + RewriteRule /daxeopen/(.*) /$1 + + + + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::daxesave + + + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::loncoursepub +ErrorDocument 404 /adm/notfound.html +ErrorDocument 500 /adm/errorhandler + + AuthType LONCAPA Require valid-user @@ -440,6 +613,26 @@ ErrorDocument 403 /adm/login ErrorDocument 500 /adm/errorhandler + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::lonsearchcourse +ErrorDocument 403 /adm/login +ErrorDocument 500 /adm/errorhandler + + + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::lonindexcourse +ErrorDocument 403 /adm/login +ErrorDocument 500 /adm/errorhandler + + AuthType LONCAPA Require valid-user @@ -483,14 +676,14 @@ ErrorDocument 403 /adm/login ErrorDocument 500 /adm/errorhandler - + AuthType LONCAPA Require valid-user PerlAuthzHandler Apache::lonacc SetHandler perl-script -PerlHandler Apache::lonremote +PerlHandler Apache::lonpickresource ErrorDocument 403 /adm/login -ErrorDocument 500 /adm/errorhandler +ErrorDocument 500 /adm/errorhandler @@ -513,6 +706,17 @@ ErrorDocument 403 /adm/login ErrorDocument 500 /adm/errorhandler + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::lonpickuser +ErrorDocument 403 /adm/login +ErrorDocument 406 /adm/roles +ErrorDocument 500 /adm/errorhandler + + AuthType LONCAPA Require valid-user @@ -533,17 +737,43 @@ ErrorDocument 403 /adm/login ErrorDocument 500 /adm/errorhandler + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::londependencies +ErrorDocument 403 /adm/login +ErrorDocument 406 /adm/roles +ErrorDocument 500 /adm/errorhandler + + SetHandler perl-script PerlHandler Apache::lonlogin + +SetHandler perl-script +PerlHandler Apache::ltiauth + + + +SetHandler perl-script +PerlHandler Apache::ltipassback + + + +SetHandler perl-script +PerlHandler Apache::ltiroster + + PerlAccessHandler Apache::publiccheck AuthType LONCAPA Require valid-user -SetHandler perl-script PerlAuthzHandler Apache::lonacc +SetHandler perl-script PerlHandler Apache::restrictedaccess ErrorDocument 500 /adm/errorhandler @@ -552,8 +782,8 @@ ErrorDocument 500 /adm/errorhandler PerlAccessHandler Apache::publiccheck AuthType LONCAPA Require valid-user -SetHandler perl-script PerlAuthzHandler Apache::lonacc +SetHandler perl-script PerlHandler Apache::blockedaccess ErrorDocument 500 /adm/errorhandler @@ -589,6 +819,21 @@ SetHandler perl-script PerlHandler Apache::migrateuser + + + AuthType shibboleth + ShibUseEnvironment On + ShibRequestSetting requireSession 1 + ShibRequestSetting redirectToSSL 443 + require valid-user + PerlAuthzHandler Apache::lonshibacc + PerlAuthzHandler Apache::lonacc + + + PerlTypeHandler Apache::lonnoshib + + + AuthType LONCAPA Require valid-user @@ -609,16 +854,6 @@ ErrorDocument 403 /adm/login ErrorDocument 500 /adm/errorhandler - -AuthType LONCAPA -Require valid-user -PerlAuthzHandler Apache::lonacc -SetHandler perl-script -PerlHandler Apache::admbookmarks -ErrorDocument 403 /adm/login -ErrorDocument 500 /adm/errorhandler - - AuthType LONCAPA Require valid-user @@ -675,6 +910,17 @@ ErrorDocument 406 /adm/roles ErrorDocument 500 /adm/errorhandler + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::courseprefs +ErrorDocument 403 /adm/login +ErrorDocument 406 /adm/roles +ErrorDocument 500 /adm/errorhandler + + AuthType LONCAPA Require valid-user @@ -708,6 +954,17 @@ ErrorDocument 406 /adm/roles ErrorDocument 500 /adm/errorhandler + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::lonrequestcourse +ErrorDocument 403 /adm/login +ErrorDocument 406 /adm/roles +ErrorDocument 500 /adm/errorhandler + + AuthType LONCAPA Require valid-user @@ -773,7 +1030,7 @@ ErrorDocument 406 /adm/unauthorized ErrorDocument 500 /adm/errorhandler - + AuthType LONCAPA Require valid-user PerlAuthzHandler Apache::loncacc @@ -785,18 +1042,6 @@ ErrorDocument 406 /adm/unauthorized ErrorDocument 500 /adm/errorhandler - -AuthType LONCAPA -Require valid-user -PerlAuthzHandler Apache::lonacc -SetHandler perl-script -PerlHandler Apache::lonpubdir -ErrorDocument 403 /adm/login -ErrorDocument 404 /adm/notfound.html -ErrorDocument 406 /adm/unauthorized -ErrorDocument 500 /adm/errorhandler - - AuthType LONCAPA Require valid-user @@ -1049,6 +1294,18 @@ ErrorDocument 403 /adm/login ErrorDocument 500 /adm/errorhandler + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::londocs +PerlCleanupHandler Apache::londocs::untiehash +PerlCleanupHandler Apache::lonacc::cleanup +ErrorDocument 403 /adm/login +ErrorDocument 500 /adm/errorhandler + + AuthType LONCAPA Require valid-user @@ -1059,6 +1316,16 @@ ErrorDocument 403 /adm/login ErrorDocument 500 /adm/errorhandler + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::lonextresedit +ErrorDocument 403 /adm/login +ErrorDocument 500 /adm/errorhandler + + AuthType LONCAPA Require valid-user @@ -1172,9 +1439,52 @@ PerlHandler Apache::groupsort PerlCleanupHandler Apache::groupsort::cleanup PerlCleanupHandler Apache::lonacc::cleanup ErrorDocument 403 /adm/login +ErrorDocument 406 /adm/roles ErrorDocument 500 /adm/errorhandler + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::lonwishlistdisplay +ErrorDocument 403 /adm/login +ErrorDocument 406 /adm/roles +ErrorDocument 500 /adm/errorhandler + + + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::lonblockingmenu +ErrorDocument 403 /adm/login +ErrorDocument 406 /adm/roles +ErrorDocument 500 /adm/errorhandler + + + +PerlAccessHandler Apache::publiccheck +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::lonblockingstatus + + + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::lonaccesstimes +ErrorDocument 403 /adm/login +ErrorDocument 406 /adm/roles +ErrorDocument 500 /adm/errorhandler + + SetHandler perl-script PerlHandler Apache::lonerrorhandler @@ -1214,7 +1524,7 @@ PerlHandler Apache::lonsupportreq ErrorDocument 500 /adm/errorhandler - + SetHandler perl-script PerlHandler Apache::loncss ErrorDocument 500 /adm/errorhandler @@ -1250,6 +1560,22 @@ PerlHandler Apache::londns ErrorDocument 500 /adm/errorhandler + +SetHandler perl-script +PerlHandler Apache::spellcheck + + + +AuthType LONCAPA +Require valid-user +PerlAuthzHandler Apache::lonacc +SetHandler perl-script +PerlHandler Apache::lontiny +ErrorDocument 403 /adm/login +ErrorDocument 406 /adm/roles +ErrorDocument 500 /adm/errorhandler + + # ------------------------------------------------- Backdoor Adm Tests/Programs @@ -1272,35 +1598,41 @@ PerlChildExitHandler Apache::lonacc::goo Options None AllowOverride None -order deny,allow -deny from all + + Require all denied + + + order deny,allow + deny from all + # Allow uploaded files to be served -Options Includes FollowSymLinks +Options FollowSymLinks AllowOverride None -order allow,deny -allow from all + + Require all granted + + + order allow,deny + allow from all + -# Allow construction space files to be served - - -Options Includes FollowSymLinks -AllowOverride -order allow,deny -allow from all - - # Yes to symbolic links and server-side includes -Options Includes FollowSymLinks +Options FollowSymLinks AllowOverride None -order allow,deny -allow from all + + Require all granted + + + order allow,deny + allow from all + # If it is in cgi-bin, then it can be executed as a CGI script. @@ -1308,37 +1640,65 @@ allow from all AllowOverride None Options ExecCGI FollowSymLinks -order allow,deny -allow from all + + Require all granted + + + order allow,deny + allow from all + # Allow serving of files in prtspool -Options Includes FollowSymLinks +Options FollowSymLinks AllowOverride None -order allow,deny -allow from all + + Require all granted + + + order allow,deny + allow from all + # Allow serving of files in zipspool -Options Includes FollowSymLinks +Options FollowSymLinks AllowOverride None -order allow,deny -allow from all + + Require all granted + + + order allow,deny + allow from all + # Allow serving of files in captchaspool -Options Includes FollowSymLinks +Options FollowSymLinks AllowOverride None -order allow,deny -allow from all + + Require all granted + + + order allow,deny + allow from all + + + DirectoryIndex disabled + + + + DirectoryIndex disabled + + # ============================================================= Access Handlers # ------------------------------------------------- Allow server-status reports @@ -1357,23 +1717,30 @@ ErrorDocument 500 /adm/errorhandler # ------------------- Allow access to local system documentation from localhost Alias /doc /usr/doc -order deny,allow -deny from all -allow from localhost Options Indexes FollowSymLinks + + Require local + + + order deny,allow + deny from all + allow from localhost + # ******** THESE "SHOULD" NEVER BE ALTERED BY THE USER ************************ # ====================================== Internal Settings / Perl Configuration -PerlSetVar lonVersion '' +PerlSetVar lonVersion '' PerlSetVar lonIDsDir /home/httpd/lonIDs +PerlSetVar lonDAVsessDir /home/httpd/webdav/sessionIDs PerlSetVar lonTabDir /home/httpd/lonTabs PerlSetVar lonUsersDir /home/httpd/lonUsers PerlSetVar lonIconsURL /adm/lonIcons PerlSetVar londPort 5663 -PerlSetVar lonSysEMail korte@lite.msu.edu +PerlSetVar lonSysEMail techsupport@loncapa.org PerlSetVar lonDaemons /home/httpd/perl +PerlSetVar lonLib /home/httpd/lib PerlSetVar lonSockDir /home/httpd/sockets PerlSetVar lonSockCreate /home/httpd/sockets/common PerlSetVar lonDocRoot /home/httpd/html @@ -1382,8 +1749,9 @@ PerlSetVar lonIncludes /home/http PerlSetVar lonZipDir /home/httpd/zipspool PerlSetVar lonCaptchaDir /home/httpd/captchaspool PerlSetVar lonCaptchaDb /home/httpd/captchadb +PerlSetVar lonLTIDir /home/httpd/lonLTItmp PerlSetVar lonFontsDir /home/httpd/html/adm/fonts -# & separated list of : separated fields in order of +# & separated list of % separated fields in order of # - internal name to call it, # - regexp that it should match (done case-insensitively) # - regexp that is should not match (done case-insensitively) @@ -1391,7 +1759,7 @@ PerlSetVar lonFontsDir /home/h # - a number that describes the minimum version that has mathml support # - a number that describes the minimum number version that has unicode support -PerlSetVar lonBrowsDet explorer:msie:netscape:msie\s(\d+\.\d+)\;:9999:9999&mozilla:mozilla\/[5-9]:msie:mozilla\/(\d+\.\d+)\s:9999:1&netscape:netscape:msie:netscape\/(\d+\.\d+):9999:7&netscape:netscape\/[7-9]:shouldnotmatch:netscape\/(\d+\.\d+):9999:7&amaya:amaya:mozilla:V(\d+\.\d+)\s:1:1&safari:safari:msie:safari\/([\d\.]+):9999:84 +PerlSetVar lonBrowsDet explorer%msie%netscape%msie\s(\d+\.\d+)\;%9999%5&mozilla%mozilla\/[5-9]%msie%mozilla\/(\d+\.\d+)\s%9999%1&netscape%netscape%msie%netscape\/(\d+\.\d+)%9999%7&netscape%netscape\/[7-9]%shouldnotmatch%netscape\/(\d+\.\d+)%9999%7&amaya%amaya%mozilla%V(\d+\.\d+)\s%1%1&safari%safari%msie%safari\/([\d\.]+)%9999%84&chrome%chrome%chromeframe%\s+chrome\/(\d+\.\d+)%9999%1&explorer%\s+rv\:\d+\.\d+%firefox%\s+rv\:(\d+\.\d+)%9999%5&opera%\sOPR\/\d+\.\d+%shouldnotmatch%\sOPR\/(\d+\.\d+)%9999%6&opera%^Opera\/9.80\s.+Version\/\d+\.\d+$%shouldnotmatch%Version\/(\d+\.\d+)$%9999%6&opera%^Opera\/\d+\.\d+\s%Version\/\d+\.\d+$%^Opera\/(\d+\.\d+)\s%9999%6 PerlSetVar lonTextBrowsers windows\s+ce:lynx PerlSetVar lonScansDir /home/httpd/scantron @@ -1436,6 +1804,8 @@ PerlSetVar lonCertificateDirectory /home PerlSetVar lonnetCertificateAuthority loncapaCA.pem PerlSetVar lonnetCertificate lonhostcert.pem +PerlSetVar lonnetHostnameCertificate lonhostnamecert.pem +PerlSetVar lonnetCertRevocationList loncapaCAcrl.pem # # To generate the request for a certificate, and to negotiate the @@ -1477,6 +1847,9 @@ PerlSetVar SSLEmail certificate@lon- #------------------------------------------------------------------------- +# ====================================== Include support for SSL rewrites + +Include conf/loncapa_rewrite.conf # ====================================== Include machine-specific configuration