-PerlAccessHandler Apache::lonacc
+
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
SetHandler perl-script
-PerlHandler Apache::lonassignments
+PerlHandler Apache::longroupchat
+ErrorDocument 403 /adm/login
+ErrorDocument 500 /adm/errorhandler
+
+
+
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lonevaluate
+ErrorDocument 403 /adm/login
+ErrorDocument 500 /adm/errorhandler
+
+
+
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lonpreferences
ErrorDocument 403 /adm/login
-ErrorDocument 406 /adm/roles
ErrorDocument 500 /adm/errorhandler
-PerlAccessHandler Apache::lonacc
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
SetHandler perl-script
PerlHandler Apache::loncommunicate
ErrorDocument 403 /adm/login
@@ -421,83 +1259,176 @@ ErrorDocument 500 /adm/errorhandler
-PerlAccessHandler Apache::lonacc
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
SetHandler perl-script
PerlHandler Apache::lonsearchcat
+PerlCleanupHandler Apache::lonsearchcat::cleanup
+PerlCleanupHandler Apache::lonacc::cleanup
ErrorDocument 403 /adm/login
+ErrorDocument 413 /adm/overloaded.txt
ErrorDocument 500 /adm/errorhandler
-PerlAccessHandler Apache::lonacc
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
SetHandler perl-script
-PerlHandler Apache::lonnavmaps
+PerlHandler Apache::lonnavdisplay
ErrorDocument 403 /adm/login
ErrorDocument 406 /adm/roles
ErrorDocument 500 /adm/errorhandler
+
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lonquickgrades
+ErrorDocument 403 /adm/login
+ErrorDocument 406 /adm/roles
+ErrorDocument 500 /adm/errorhandler
+
+
-PerlAccessHandler Apache::lonacc
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
SetHandler perl-script
PerlHandler Apache::groupsort
+PerlCleanupHandler Apache::groupsort::cleanup
+PerlCleanupHandler Apache::lonacc::cleanup
ErrorDocument 403 /adm/login
ErrorDocument 500 /adm/errorhandler
+
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lonwishlistdisplay
+ErrorDocument 403 /adm/login
+ErrorDocument 406 /adm/roles
+ErrorDocument 500 /adm/errorhandler
+
+
+
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lonblockingmenu
+ErrorDocument 403 /adm/login
+ErrorDocument 406 /adm/roles
+ErrorDocument 500 /adm/errorhandler
+
+
+
+PerlAccessHandler Apache::publiccheck
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lonblockingstatus
+
+
SetHandler perl-script
PerlHandler Apache::lonerrorhandler
+AuthType LONCAPA
+Require valid-user
+PerlAccessHandler Apache::publiccheck
+PerlAuthzHandler Apache::lonacc
SetHandler perl-script
PerlHandler Apache::lonhelp
+ErrorDocument 500 /adm/errorhandler
+
+
+
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lonhelpmenu
+ErrorDocument 500 /adm/errorhandler
+
+
+
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::lonsupportreq
+ErrorDocument 500 /adm/errorhandler
+
+
+
+SetHandler perl-script
+PerlHandler Apache::lonsupportreq
+ErrorDocument 500 /adm/errorhandler
+
+
+
+SetHandler perl-script
+PerlHandler Apache::loncss
+ErrorDocument 500 /adm/errorhandler
+
+
+
+SetHandler perl-script
+PerlHandler Apache::coursecatalog
+ErrorDocument 500 /adm/errorhandler
+
+
+
+SetHandler perl-script
+PerlHandler Apache::resetpw
+ErrorDocument 500 /adm/errorhandler
+
+
+
+SetHandler perl-script
+PerlHandler Apache::selfenroll
+ErrorDocument 500 /adm/errorhandler
+
+
+
+SetHandler perl-script
+PerlHandler Apache::createaccount
+ErrorDocument 500 /adm/errorhandler
+
+
+
+SetHandler perl-script
+PerlHandler Apache::londns
+ErrorDocument 500 /adm/errorhandler
+
+
+
+SetHandler perl-script
+PerlHandler Apache::spellcheck
-# ------------------------------------------------- Backdoor Adm Tests/Programs
-
-AuthName "LON-CAPA Network Administration"
-AuthType Basic
-AuthUserFile /home/httpd/lonTabs/htpasswd
-require user lonadm
-
-
-
-AuthName "LON-CAPA Network Administration"
-AuthType Basic
-AuthUserFile /home/httpd/lonTabs/htpasswd
-require user lonadm
-
-
-
-AuthName "LON-CAPA Network Administration"
-AuthType Basic
-AuthUserFile /home/httpd/lonTabs/htpasswd
-require user lonadm
-
-
-
-AuthName "LON-CAPA Network Administration"
-AuthType Basic
-AuthUserFile /home/httpd/lonTabs/htpasswd
-require user lonadm
-
+
+# ------------------------------------------------- Backdoor Adm Tests/Programs
-AuthName "LON-CAPA Network Administration"
-AuthType Basic
-AuthUserFile /home/httpd/lonTabs/htpasswd
-require user lonadm
+PerlAccessHandler Apache::lonstatusacc
SetHandler perl-script
-PerlAccessHandler Apache::lonacc
PerlHandler Apache::lontest
# ------------------------------------------------------- Shutting down a child
-PerlChildExitHandler Apache::lonnet::goodbye
+PerlChildExitHandler Apache::lonacc::goodbye
#
# LON-CAPA Section (extensions to access.conf permission configuration)
@@ -509,6 +1440,41 @@ PerlChildExitHandler Apache::lonnet::goo
Options None
AllowOverride None
+
+ Require all denied
+
+
+ order deny,allow
+ deny from all
+
+
+
+# Allow uploaded files to be served
+
+
+Options Includes FollowSymLinks
+AllowOverride None
+
+ Require all granted
+
+
+ order allow,deny
+ allow from all
+
+
+
+# Allow construction space files to be served
+
+
+Options Includes FollowSymLinks
+AllowOverride
+
+ Require all granted
+
+
+ order allow,deny
+ allow from all
+
# Yes to symbolic links and server-side includes
@@ -516,60 +1482,145 @@ AllowOverride None
Options Includes FollowSymLinks
AllowOverride None
-order allow,deny
-allow from all
+
+ Require all granted
+
+
+ order allow,deny
+ allow from all
+
# If it is in cgi-bin, then it can be executed as a CGI script.
AllowOverride None
-Options ExecCGI
+Options ExecCGI FollowSymLinks
+
+ Require all granted
+
+
+ order allow,deny
+ allow from all
+
+
+
+# Allow serving of files in prtspool
+
+
+Options Includes FollowSymLinks
+AllowOverride None
+
+ Require all granted
+
+
+ order allow,deny
+ allow from all
+
+# Allow serving of files in zipspool
+
+
+Options Includes FollowSymLinks
+AllowOverride None
+
+ Require all granted
+
+
+ order allow,deny
+ allow from all
+
+
+
+# Allow serving of files in captchaspool
+
+
+Options Includes FollowSymLinks
+AllowOverride None
+
+ Require all granted
+
+
+ order allow,deny
+ allow from all
+
+
+
+
+ DirectoryIndex disabled
+
+
+
+ DirectoryIndex disabled
+
+
# ============================================================= Access Handlers
# ------------------------------------------------- Allow server-status reports
+PerlAccessHandler Apache::lonstatusacc
SetHandler server-status
-AuthName "LON-CAPA Network Administration"
-AuthType Basic
-AuthUserFile /home/httpd/lonTabs/htpasswd
-require user lonadm
# ------------------------ Allow LON-CAPA "low-level" connection status reports
-
-AuthName "LON-CAPA Network Administration"
-AuthType Basic
-AuthUserFile /home/httpd/lonTabs/htpasswd
-require user lonadm
-
+
+PerlAccessHandler Apache::lonstatusacc
+ErrorDocument 406 /adm/roles
+ErrorDocument 500 /adm/errorhandler
+
# ------------------- Allow access to local system documentation from localhost
Alias /doc /usr/doc
-order deny,allow
-deny from all
-allow from localhost
Options Indexes FollowSymLinks
+
+ Require local
+
+
+ order deny,allow
+ deny from all
+ allow from localhost
+
# ******** THESE "SHOULD" NEVER BE ALTERED BY THE USER ************************
# ====================================== Internal Settings / Perl Configuration
+PerlSetVar lonVersion ''
PerlSetVar lonIDsDir /home/httpd/lonIDs
+PerlSetVar lonDAVsessDir /home/httpd/webdav/sessionIDs
PerlSetVar lonTabDir /home/httpd/lonTabs
PerlSetVar lonUsersDir /home/httpd/lonUsers
PerlSetVar lonIconsURL /adm/lonIcons
PerlSetVar londPort 5663
-PerlSetVar lonSysEMail korte@lite.msu.edu
+PerlSetVar lonSysEMail techsupport@loncapa.org
PerlSetVar lonDaemons /home/httpd/perl
+PerlSetVar lonLib /home/httpd/lib
PerlSetVar lonSockDir /home/httpd/sockets
+PerlSetVar lonSockCreate /home/httpd/sockets/common
PerlSetVar lonDocRoot /home/httpd/html
+PerlSetVar lonPrtDir /home/httpd/prtspool
PerlSetVar lonIncludes /home/httpd/html/res/adm/includes
-PerlSetVar lonBrowsDet netscape:mozilla:msie:mozilla\/(\d+\.\d+)\s:9999&explorer:msie:netscape:msie\s(\d+\.\d+)\;:9999&mozilla:mozilla\/[5-9]:msie:mozilla\/(\d+\.\d+)\s:9999&amaya:amaya:mozilla:V(\d+\.\d+)\s:1
-
+PerlSetVar lonZipDir /home/httpd/zipspool
+PerlSetVar lonCaptchaDir /home/httpd/captchaspool
+PerlSetVar lonCaptchaDb /home/httpd/captchadb
+PerlSetVar lonFontsDir /home/httpd/html/adm/fonts
+# & separated list of % separated fields in order of
+# - internal name to call it,
+# - regexp that it should match (done case-insensitively)
+# - regexp that is should not match (done case-insensitively)
+# - regexp that will pull out the version number into $1
+# - a number that describes the minimum version that has mathml support
+# - a number that describes the minimum number version that has unicode support
+
+PerlSetVar lonBrowsDet explorer%msie%netscape%msie\s(\d+\.\d+)\;%9999%5&mozilla%mozilla\/[5-9]%msie%mozilla\/(\d+\.\d+)\s%9999%1&netscape%netscape%msie%netscape\/(\d+\.\d+)%9999%7&netscape%netscape\/[7-9]%shouldnotmatch%netscape\/(\d+\.\d+)%9999%7&amaya%amaya%mozilla%V(\d+\.\d+)\s%1%1&safari%safari%msie%safari\/([\d\.]+)%9999%84&chrome%chrome%chromeframe%\s+chrome\/(\d+\.\d+)%9999%1&explorer%\s+rv\:\d+\.\d+%firefox%\s+rv\:(\d+\.\d+)%9999%5&opera%\sOPR\/\d+\.\d+%shouldnotmatch%\sOPR\/(\d+\.\d+)%9999%6&opera%^Opera\/9.80\s.+Version\/\d+\.\d+$%shouldnotmatch%Version\/(\d+\.\d+)$%9999%6&opera%^Opera\/\d+\.\d+\s%Version\/\d+\.\d+$%^Opera\/(\d+\.\d+)\s%9999%6
+
+PerlSetVar lonTextBrowsers windows\s+ce:lynx
+PerlSetVar lonScansDir /home/httpd/scantron
+PerlSetVar lonScriptTimeout 10
+PerlSetVar BugzillaHost http://bugs.lon-capa.org/
+PerlSetVar FAQHost http://help.lon-capa.org/
# -----------------------------------------------------------------------------
# NOTE: lonSqlAccess key is the password for the MySQL user
# www@localhost. This value must always be "localhostkey".
@@ -579,14 +1630,92 @@ PerlSetVar lonBrowsDet netscape:m
PerlSetVar lonSqlAccess localhostkey
-# -----------------------------------------------------------------------------
+#----------------------------------------------------------------------------
+#
+# Parameters used by secure lond/lonc
+#
+# Secure lond/lonc require ssl certificate and private
+# key files to function correctly. The certificate
+# files need not be terribly secure, but the private key files
+# should be set up so that only www (the lonc/lond effective user)
+# can read them.
+#
+# The definition below is the full path to the directory that
+# contains the certificate and key files:
-# ================================================== Initiate mod_perl starting
+PerlSetVar lonCertificateDirectory /home/httpd/lonCerts
+
+#
+# Secure lond/lonc require two certificates and a private host key.
+# The certificates required are that of the lonCAPA certificate authority
+# and the certificate that authority issued to this host.
+# lonnetCertificateAuthority is the name of the file that contains the
+# lonCAPA certificate authority's certificate.
+# lonnetCertificate is the name of the file that contains the certificate
+# issued to the host by the certificate authority.
+# Both of these variables are names of files assumed to be in
+# lonCertificateDirectory:
+
+PerlSetVar lonnetCertificateAuthority loncapaCA.pem
+PerlSetVar lonnetCertificate lonhostcert.pem
+
+#
+# To generate the request for a certificate, and to negotiate the
+# initial ssl connection, the host requires a private key. This key
+# is created at lonCAPA install time. Did we mention above that it
+# should be set so that only www can read it? The variale below
+# is the name of the file relative to lonnetCertificateDirectory
+# that has the host's private key. Did we remember to tell you to
+# keep the permissions on that file set to rw------- (0600)?
+#
+
+PerlSetVar lonnetPrivateKey lonKey.pem
+
+# Did we mention that the file described above must have
+# permissions really locked down so that it can't be stolen?
+
+#-------------------------------------------------------------------------
+
+# Parameters that define where all the ssl stuff is that's needed
+# to generate certificate requests and, on a system that's a CA
+# the certificate authority.
+#
+# SSLProgram -> Path to the openssl command
+# SSLDirectory -> Directory containing ssl configuration files etc.
+# SSLCAConfig -> Name of the SSL config file for the certificate
+# Authority.
+# SSLCAFile -> Full path to the Certificate authority file
+# (on the cert manager system).
+# SSLEmail -> E-mail address of loncapa certificate manager.
+# The following are good for the loncapa redhat installs and
+# the loncapa certificate authority system:
+#
+PerlSetVar SSLProgram /usr/bin/openssl
+PerlSetVar SSLDirectory /usr/share/ssl
+PerlSetVar SSLCAConfig loncapaca
+PerlSetVar SSLCAFile /usr/share/ssl/loncapaca/cacert.pem
+PerlSetVar SSLEmail certificate@lon-capa.org
+
+#-------------------------------------------------------------------------
+
+
+# ====================================== Include support for SSL rewrites
+
+Include conf/loncapa_rewrite.conf
+
+
+# ====================================== Include machine-specific configuration
Include conf/loncapa.conf
+# ================================================= Include local configuration
+
+Include conf/loncapa_apache_local*.conf
+
# ================================================== Initiate mod_perl starting
PerlRequire conf/startup.pl
+
PerlFreshRestart On
+
500 Internal Server Error
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
Please contact the server administrator at
root@localhost to inform them of the time this error occurred,
and the actions you performed just before this error.
More information about this error may be available
in the server error log.