Ok. Thank you Stuart (and Carl too!)
Doug
Douglas Mills
Director of Instructional Technology
Department of Chemistry
University of Illinois
On 2/5/19, 2:40 PM, "Raeburn, Stuart" <raeb...@msu.edu> wrote:
Doug,
The syntax Carl described in his reply to Lee, in which ! is used to
indicate a "deny from" IP or range of IPs, is not in LON-CAPA 2.11, but will be
in 2.12.
As noted in my earlier reply to Lee's original post, LON-CAPA 2.12 will
support both "allow from IP" and "deny from IP" for both IP restrictions for
slots and also the client IP/Name Access Control parameter (acc) which can be
set for resources and/or folders to control access without using slots.
In 2.12 you would use the acc parameter to deny access from the IP
addresses of the testing center computers to all resources except those which
are to be included in the exam. There would not be a need to use slots.
This functionality is flagged for 2.12, because if it is enabled in a
course, selecting a role in the course will require that the user session is
hosted on a 2.12 LON-CAPA server/VM.
That is enforced by this addition to the
/home/httpd/lonTabs/releaseslist.xml file:
<parameter name="acc" valuematch="_denyfrom_">2.12</parameter>
Of course LON-CAPA is open source, and given the uiuc domain is configured
to only permit uiuc users to have their sessions hosted on LON-CAPA nodes in
the uiuc domain, you could choose to run a modified 2.11 which included the
code needed to support the denyfrom option in the acc parameter. But at the
present time, the syntax using ! is not supported for the acc parameter, (or
for slots) in any official LON-CAPA release.
Stuart Raeburn
LON-CAPA Academic Consortium
________________________________________
From: LON-CAPA-users <lon-capa-users-boun...@mail.lon-capa.org> on behalf
of Mills, Douglas G <dmi...@illinois.edu>
Sent: Tuesday, February 5, 2019 3:13:48 PM
To: Discussion list for LON-CAPA users
Cc: Mills, Douglas G
Subject: Re: [LON-CAPA-users] Restricting Resources By IP Address
Here is what I'm finding. I'm using the IP address of my own computer for
testing. At the course level I set !130.126.123.12 for the parameter "Client
IP/Name Access Control [Part: 0]" Then in a folder I choose to represent the
exam to be taken in the testing center, I enter 130.126.123.12 for the same
parameter at the folder level.
What I find is that with the course coordinator role I continue to see
everything. That's no problem but means you have to switch to student role to
test the results. As a student on my computer with that IP address, it works as
I had hoped: I can access the content of the "exam" folder but everything else
in the course shows up as "Not open to be viewed from this location" (note that
if "Hide Closed Discussion" is not set to "yes" the discussions attached to
problems continue to be visible even though the problems are not).
HOWEVER, when I go to a different computer -- emulating a computer outside
of the testing center, NOTHING in the course is accessible. EVERYTHING in the
course, the "exam" folder along with everything else, says that it is not open
to be viewed from this location.
My theory then is that using the ! operator in front of the IP address
either requires a syntax I'm not using (I've tried direction in front of the
IP, with a space between ! and IP, and with ! followed by IP wrapped in
parens...) or is simply not understood. Thus although it appears to work
correctly on my computer because the exam is to be accessed only from my IP and
nothing else is to be accessed, from any other IP address Lon-Capa is treating
the !IP entry as an IP address to be matched and since nothing matches that,
nothing is available...
Is that what's going on or is there yet some way to "blacklist" IPs we
don’t want the content accessed from?
Thank you!
Doug
Douglas Mills
Director of Instructional Technology
Department of Chemistry
University of Illinois
On 2/5/19, 11:35 AM, "LON-CAPA-users on behalf of Mills, Douglas G"
<lon-capa-users-boun...@mail.lon-capa.org on behalf of dmi...@illinois.edu>
wrote:
To clarify a bit further, we are looking at presenting exams in a
testing center. The testing center eliminates access to other IP addresses, so
our interest is indeed eliminating access to other course materials from the
IP address of the student’s computer. We do use the technique Stuart has
outlined in many of our exams, locking out access to other parts of the course
via the start timer. The concern in this case is that one thing the testing
center would not manage well is the possibility that a student could log into
the course and open additional course resources in other tabs before starting
the exam timer. The testing center accommodates exams from multiple courses at
one time and Lon-Capa will be a new means of delivery for them, so this
possibility will not likely be monitored well.
That said, if putting ! in front of a range of IPs in a slot works then
my thought is to essentially put the whole course into a slot which excludes
access to the course from the testing center range of IPs and then override
that at the folder level for the exams themselves with a slot that only allows
access from the testing center IP range. Does that sound feasible?
Doug
-sent from mobile-
> On Feb 5, 2019, at 11:05 AM, Bynum, Lee Hamilton
<leeby...@illinois.edu> wrote:
>
> It isn't a perfect match, but it's definitely a step in the right
direction. Thanks Stuart!
>
>> -----Original Message-----
>> From: LON-CAPA-users <lon-capa-users-boun...@mail.lon-capa.org> On
>> Behalf Of l...@egr.msu.edu
>> Sent: Tuesday, February 5, 2019 10:55 AM
>> To: 'Discussion list for LON-CAPA users'
<lon-capa-users@mail.lon-capa.org>
>> Subject: Re: [LON-CAPA-users] Restricting Resources By IP Address
>>
>> Slots block the IP address student where the student can log in, not
the IP
>> ranges that they access AFTER they are logged in. Just precede the
IP address
>> range with !. However, that does not do what you are seeking, which
is to
>> block browser access to certain IP ranges AFTER they are logged in.
>>
>> From: LON-CAPA-users
[mailto:lon-capa-users-boun...@mail.lon-capa.org]
>> On Behalf Of Bynum, Lee Hamilton
>> Sent: Tuesday, February 05, 2019 11:31 AM
>> To: lon-capa-users@mail.lon-capa.org
>> Subject: [LON-CAPA-users] Restricting Resources By IP Address
>>
>> Hello Everyone,
>>
>> We've been working with Lon-Capa's ability to grant access to a
resource by
>> IP address in order to allow an exam to only be accessed when a
student is in
>> an exam room. This can be done with slots and resources parameters.
>> However, we would also like to deny access to resources (or courses)
by IP
>> address. That way when a student is in the exam room they have
access to
>> the exam but do not have access to the rest of the course.
>>
>> Does anyone know if there is a way to blacklist IP addresses for
Lon-Capa
>> resources or slots?
>>
>> Lee
>>
>> _______________________________________________
>> LON-CAPA-users mailing list
>> LON-CAPA-users@mail.lon-capa.org
>>
https://urldefense.proofpoint.com/v2/url?u=http-3A__mail.lon-2Dcapa.org_mailman_listinfo_lon-2Dcapa-2Dusers&d=DwIGaQ&c=nE__W8dFE-shTxStwXtp0A&r=VsGo3jOm8tGLd6f-KlhT-g&m=s8IOejp6nN6YJThbefI-mhf51S-K1nL8RfE4kC51Hm4&s=C5by9b4vH_ZzqbGs_dVJqBc750X_jgSxivIDIHH5iG4&e=
> _______________________________________________
> LON-CAPA-users mailing list
> LON-CAPA-users@mail.lon-capa.org
>
https://urldefense.proofpoint.com/v2/url?u=http-3A__mail.lon-2Dcapa.org_mailman_listinfo_lon-2Dcapa-2Dusers&d=DwIGaQ&c=nE__W8dFE-shTxStwXtp0A&r=VsGo3jOm8tGLd6f-KlhT-g&m=s8IOejp6nN6YJThbefI-mhf51S-K1nL8RfE4kC51Hm4&s=C5by9b4vH_ZzqbGs_dVJqBc750X_jgSxivIDIHH5iG4&e=
_______________________________________________
LON-CAPA-users mailing list
LON-CAPA-users@mail.lon-capa.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__mail.lon-2Dcapa.org_mailman_listinfo_lon-2Dcapa-2Dusers&d=DwIGaQ&c=nE__W8dFE-shTxStwXtp0A&r=VsGo3jOm8tGLd6f-KlhT-g&m=s8IOejp6nN6YJThbefI-mhf51S-K1nL8RfE4kC51Hm4&s=C5by9b4vH_ZzqbGs_dVJqBc750X_jgSxivIDIHH5iG4&e=
_______________________________________________
LON-CAPA-users mailing list
LON-CAPA-users@mail.lon-capa.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__mail.lon-2Dcapa.org_mailman_listinfo_lon-2Dcapa-2Dusers&d=DwIGaQ&c=nE__W8dFE-shTxStwXtp0A&r=VsGo3jOm8tGLd6f-KlhT-g&m=s8IOejp6nN6YJThbefI-mhf51S-K1nL8RfE4kC51Hm4&s=C5by9b4vH_ZzqbGs_dVJqBc750X_jgSxivIDIHH5iG4&e=
_______________________________________________
LON-CAPA-users mailing list
LON-CAPA-users@mail.lon-capa.org
http://mail.lon-capa.org/mailman/listinfo/lon-capa-users
_______________________________________________
LON-CAPA-users mailing list
LON-CAPA-users@mail.lon-capa.org
http://mail.lon-capa.org/mailman/listinfo/lon-capa-users
