# <PRE>
# StartServer
# Copyright for URLibService (c) 1995 - 2021,
# by Gerald Banon. All rights reserved.

# access restrictions:
# on port 80: 185.191.171. (produces Bad Request - see Submit in cgi/submit.tcl)
# on port 80x: 185.158.113.43 (produces search slowness)
# on port 80x: 172.96.172.238 (produces search slowness)

package provide dpi.inpe.br/banon/1998/08.02.08.56 2.1

# ----------------------------------------------------------------------
# StartLocalURLibServer
# Start the URLib local collection server
# if $homePath/readOnlySite exists then the procedure looks for
# an unused port
# portNumber is the URLib port number

proc StartLocalURLibServer {{portNumber {}}} {
# runs with post
	global environmentArray
	global homePath
	global serverAddress
	global localSite
	global tcl_platform
	
# portNumber
	if [string equal {} $portNumber] {
		if [file exists $homePath/readOnlySite] {
			set portNumber 19050
			set environmentArray(spPortEntry) [list $environmentArray(hostName) $portNumber]
		} else {
			if ![regexp {^[^ ]* +([0-9]*)$} [string trim $environmentArray(spPortEntry) { }] m portNumber] {
# old usage
				set portNumber ${environmentArray(spPortEntry)}0
			}
		}
	}
	if [catch {StartLocalURLibServer2 $portNumber} errorMessage] {
		if [file exists $homePath/readOnlySite] {
			incr portNumber 100
			if {$portNumber > 20000} {
# more than 10 ports have been tested without success
				set message $errorMessage
				Store message ../auxdoc/messageForStart
				return 1
			}
			StartLocalURLibServer $portNumber
			return 0
		}
		set message $errorMessage
# puts $message
# => <StartLocalURLibServer2: opening server socket at port 804 failed: couldn't open socket: permission denied>
		Store message ../auxdoc/messageForStart	;# used in start
		return 1
	} else {
		if [file exists $homePath/readOnlySite] {
			set environmentArray(spPortEntry) [list $environmentArray(hostName) $portNumber]
			set serverAddress [GetServerAddress]
			set localSite [ReturnHTTPHost]
		}
## serverAddress (ip form)
#		set serverAddress [GetServerAddress 1]	;# set also in CreateEnvironmentArray
		return 0
	}
}

# StartLocalURLibServer - end
# ----------------------------------------------------------------------
# StartLocalURLibServer2
# used in StartLocalURLibServer only

proc StartLocalURLibServer2 {urlibPort} {
	global localURLibServer
if 0 {
	regsub {.$} $urlibPort {} port	;# drop the last digit
	if [catch {socket -server NullProc $port} s] {
		error "<Port number $port in use>"
	}
	close $s
}
	if [catch {socket -server AcceptCommunication $urlibPort} s] {
#		error "<Port number $urlibPort in use>"
		error "<StartLocalURLibServer2: opening server socket at port $urlibPort failed: $s>"
	} else {
		catch {close $localURLibServer(socketId)}	;# stop (for port change)
#		fconfigure $s -buffersize 20000	;# tested with Windows but doesn't work when executing Eval AddMetadata $metadataList (in CreateRepMetadataRep)
#		puts "encoding: [fconfigure $s -encoding]"
		set localURLibServer(socketId) $s
	}
}

proc NullProc {x y z} {}

# StartLocalURLibServer2 - end
# ----------------------------------------------------------------------
# StopLocalURLibServer

# not used
proc StopLocalURLibServer2 {} {
# runs with post
	global localURLibServer
	set site [GetServerAddress]
	regexp {(.*):(.*)} $site m serverName serverPort
	if ![catch {StartCommunication $serverName ${serverPort}0} \
		localURLibClientSocketId] {
# Wait until all the processes are done
		set list nonempty
		while {[string compare {} $list] != 0} {
			set x 0; after 100 {set x 1}; vwait x
			set list [array names localURLibServer addr,*]
		}
# Wait until all the processes are done - end
		if [info exists localURLibServer(socketId)] {
			close $localURLibServer(socketId)
		}
	}
}

# StopLocalURLibServer - end
# ----------------------------------------------------------------------
# AcceptCommunication

proc AcceptCommunication {sock addr port} {
# this code is intended to force the closing of processes older than one day
	global localURLibServer
	global callArray	;# entries are unset in ServeLocalCollection
	global homePath
	global acceptCommunicationCounter
	global numberOfOpenProcessesCounter	;# incremented (-1) in ServeLocalCollection
	global tcl_platform
	global addrXtimeArray	;# set and reused in this procedure
	global ipListOFibiNet	;# set in post
	global unfairAddrList	;# updated in this procedure and set or load in post at post, save at unpost/Exit in Run-exit and save/unset in post each 24h
	global accessCounter	;# set and reused in this procedure	

#	if [string equal 185.158.113.43 $addr] {return}	;# added by GJFB in 2020-09-23 to protect mtc-m16b.sid.inpe.br from a Denial of Service Attack
#	if [string equal 172.96.172.238 $addr] {return}	;# added by GJFB in 2020-12-12 to protect mtc-m16b.sid.inpe.br from a Denial of Service Attack
#	if [regexp {^94.232.40} $addr] {return}	;# added by GJFB in 2021-01-20 to protect mtc-m16b.sid.inpe.br from a Denial of Service Attack
#	if [regexp {^94.232.42} $addr] {return}	;# added by GJFB in 2021-01-20 to protect mtc-m16c.sid.inpe.br from a Denial of Service Attack

#	if {$tcl_platform(platform) == "unix" && [info exists ipListOFibiNet]} #	;# commented by GJFB in 2021-05-02
	if {$tcl_platform(platform) == "unix" && [info exists ipListOFibiNet] && ![string equal {} $ipListOFibiNet]} {	;# added by GJFB in 2021-05-02 to avoid possible instability running http::geturl http://urlib.net/col/dpi.inpe.br/banon/2004/02.16.09.30.00/doc/@siteList.txt in post
# puts 1$addr
# puts 2$ipListOFibiNet
		if {[lsearch $ipListOFibiNet $addr] == -1} {
# addr is not from the IBI network and must be assessed
# puts 3$ipListOFibiNet
			incr accessCounter
			regsub {\.\d+$} $addr {} addr2	;# 94.232.40.114 -> 94.232.40
			if {[info exists unfairAddrList] && [lsearch $unfairAddrList $addr2] != -1} {return}	;# rejected
#			if {$accessCounter < 20} #	;# prevent rejection after the 20th access - commented by GJFB in 2022-06-27
			if {$accessCounter < 180} {	;# prevent rejection after the 180th access - added by GJFB in 2022-06-27
#				set numberOfAccess 3	;# commented by GJFB in 2021-07-09
#				set numberOfAccess 6	;# added by GJFB in 2021-07-09 to disconsider 6 successive access to urlib.net at URLibService installation (2 runs of GetURLibServiceSiteWithIP in start and post and 4 runs of CreateIBI in MakeRepository) - commented by GJFB in 2022-06-27
				set numberOfAccess 90	;# added by GJFB in 2022-06-27 to disconsider up to 90 successive access to urlib.net within 90s (set experimentally when clicking the Return green button '<' from gjfb:1905)
				lappend addrXtimeArray($addr2) [clock seconds]
				set addrXtimeArray($addr2) [lrange $addrXtimeArray($addr2) end-$numberOfAccess end]
				if {[llength $addrXtimeArray($addr2)] > $numberOfAccess} {
					set timeInterval [expr [lindex $addrXtimeArray($addr2) $numberOfAccess] - [lindex $addrXtimeArray($addr2) 0]]
#					set maximumTimeInterval [expr 30*$numberOfAccess]	;# 90 seconds - commented by GJFB in 2021-07-09
#					set maximumTimeInterval [expr 15*$numberOfAccess]	;# 90 seconds - added by GJFB in 2021-07-09 - commented by GJFB in 2022-06-27
					set maximumTimeInterval [expr 1*$numberOfAccess]	;# 90 seconds - added by GJFB in 2022-06-27
					if {$timeInterval < $maximumTimeInterval} {
 puts "unfair addr $addr"
						lappend unfairAddrList $addr2	;# update unfairAddrList
						return	;# rejected
					}
				}
			}
		}
	}
# puts "Accept $sock from $addr port $port"
	set localURLibServer(addr,$sock) [list $addr $port]
	set localURLibServer(cmdbuf,$sock) {}

#	if ![info exist callArray($sock)] #
		if ![info exists acceptCommunicationCounter] {set acceptCommunicationCounter 0}	;# for tclversion 8.4
		incr acceptCommunicationCounter
		set processNumber $acceptCommunicationCounter	;# process number
		set acceptTime [clock seconds]	;# accept time
		set callArray($sock) [list $processNumber $acceptTime]	;# (processNumber, acceptTime)
#	#
# numberOfOpenProcesses
#	set numberOfOpenProcesses [llength [array names callArray]]	;# number of open processes
	if ![info exists numberOfOpenProcessesCounter] {set numberOfOpenProcessesCounter 0}	;# for tclversion 8.4
	incr numberOfOpenProcessesCounter
	set numberOfOpenProcesses $numberOfOpenProcessesCounter	;# number of open processes
	
	fconfigure $sock -buffering line
	fileevent $sock readable [list ServeLocalCollection $sock $addr $port]
	
	if {$numberOfOpenProcesses > 99} {
# print number of waiting calls and maximum waiting time 
		foreach {x y} [array get callArray] {
			lappend callArrowList [list $x $y]	;# sock -> (counterValue, acceptTime)
		}
		set oldestArrow [lindex [lsort -ascii -index {1 0} $callArrowList] 0]	;# get the first (or oldest) arrow (or pair) - the oldest has the least counterValue
		set time1 [lindex $oldestArrow 1 1]
		set time2 [clock seconds]
		if {[expr $time2 - $time1] > 86400} {	;# one day
			set oldestSocket [lindex $oldestArrow 0]
			if [catch {close $oldestSocket} message] {
# cannot find channel named "sock14"
				set log "$message - channel probably already closed"
				puts [StoreLog {alert} {AcceptCommunication (1)} $log]
			}
			set log "number of open processes: $numberOfOpenProcesses\noldest socket: $oldestSocket\nnumber of the process being closed: [lindex $oldestArrow 1 0]\nprocess accept time: [clock format [lindex $oldestArrow 1 1] -format %Y:%m.%d.%H.%M.%S]\n"
			puts [StoreLog {alert} {AcceptCommunication (2)} $log]
# =>
# [2016:02.28.02.30.38] [alert] AcceptCommunication:
# number of open processes: 100
# oldest socket: sock14
# number of the process being closed: 101766
# process accept time: 2016:02.25.02.11.49
			unset localURLibServer(addr,$oldestSocket)
			unset localURLibServer(cmdbuf,$oldestSocket)
			unset callArray($oldestSocket)
			incr numberOfOpenProcessesCounter -1
		}
	}
}

# AcceptCommunication - end
# ----------------------------------------------------------------------
# ServeLocalCollection
# The error message, if any, is returned within <>
# port is just used when running trace

proc ServeLocalCollection {sock {addr {}} {port {}}} {
# propagate false
	global URLibServiceRepository
	global localURLibServer
	global errorInfo
	global errorCode
#	global searchRepository
	global environmentArray	;# used remotely by start (see SPOK) (Set procedure)
	global serverAddress	;# used remotely by start (see SPOK) (Set procedure)
	global serverAddressWithIP	;# used remotely by start (see SPOK) (Set procedure)
#	global urlibServerAddressWithIP	;# ip and port of urlib.net
	global localSite	;# used remotely by start (see SPOK) (Set procedure)
	global repositoryProperties ;# used remotely by start
	global referenceTable ;# used remotely by start
	global metadataArray ;# used remotely by start (see SPOK)
	global repArray ;# used remotely by start (see SPOK)
	global saveMetadata ;# used remotely by start
	global startApacheServer ;# used remotely by start
	global startApplicationInUse ;# used remotely by start
#	global textLog ;# used remotely by start
	global allowedCommandList	# set by LoadGlobalVariables
	global allowedCommandListForMultipleSubmit	# set by LoadGlobalVariables
	global updateMetadataFromBiblioDBInUse	;# used by GetMetadataRepositories (utilitiesMirror.tcl)
	global homePath
	global niceWait
	global errorTrace	;# set in post
#	global serveLocalCollectionCounter	;# set in post
#	global nestedCommandArray
	global callArray	;# set in AcceptCommunication
	global numberOfOpenProcessesCounter	;# used in AcceptCommunication
	global queueLengthArray ;# used in MultipleSubmit, Incr and Set
	global tcl_platform

	
# puts --$addr--	;# is ip
# puts --$port--	;# is not the URLib port (for example 1905)
# puts [CallTrace]
# puts [list $sock eof = [eof $sock]]
	set clicks [clock clicks]
	
# Detecting nested evaluations
	set trace [CallTrace]
	if {[regexp -all {ServeLocalCollection} $trace] > 1} {
# 1
		set log "nested evaluations.\n[CallTrace]\n"
		puts [StoreLog {alert} "ServeLocalCollection (1 - $sock - $clicks)" $log]
	}
# Detecting nested evaluations - end
	
	set clientAddress $localURLibServer(addr,$sock)	;# == $addr $port - addr is an ip
	if {[eof $sock] || [catch {gets $sock line}]} {
# end of file or abnormal connection drop
		close $sock
# puts [list $sock closed]
# puts "Close $localURLibServer(addr,$sock)"
		unset localURLibServer(addr,$sock)
		unset localURLibServer(cmdbuf,$sock)
#		if [info exists callArray($sock)] {unset callArray($sock)}
		unset callArray($sock)
		incr numberOfOpenProcessesCounter -1
	} else {
# puts [list $sock line = $line]
		append localURLibServer(cmdbuf,$sock) $line\n
		set cmdbuf $localURLibServer(cmdbuf,$sock)
# puts [list $sock localURLibServer(cmdbuf,$sock) = $cmdbuf]
		if {[string length $cmdbuf] && [info complete $cmdbuf]} {
if 0 {
# track back the remote calls
	set cmdbuf2 [string trimright $cmdbuf]	;# added by GJFB in 2024-01-10
	if [regexp {^GetOptimizedListOfSites} $cmdbuf2] {set cmdbuf2 GetOptimizedListOfSites}
	if [regexp {^UpdateArchivingPolicy} $cmdbuf2] {set cmdbuf2 UpdateArchivingPolicy}
	if ![string equal {} $cmdbuf2] {StoreLog {notice} "ServeLocalCollection (x - $addr - $clicks)" $cmdbuf2}	;# added by GJFB in 2024-01-10
}
# puts $cmdbuf
# set xxx $cmdbuf
# Store xxx C:/tmp/bbb.txt auto 0 a
			set command [lindex $cmdbuf 0]
			if [string equal {} $command] {return}	;# do nothing
if $errorTrace {
#			set log "$serverAddress $clientAddress $sock \[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] \"$command\""
# a
			set log "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] ServeLocalCollection (a - $sock - $clicks):\nclient at $clientAddress is asking to execute the command:\n\"$cmdbuf\"\n"
			Store log $homePath/@errorLog auto 0 a
			Store log $homePath/@cmdLog$clicks auto 0 a
#			set fileId [open $homePath/@cmdLog$clicks a]
#			puts $fileId $log
#			close $fileId
}
#			if {[string compare {} $command] == 0} {return}

# commandList
			set commandList {
				array
				incr
				lappend
				set
				unset
				GetValue
				Run-exit
			}
			
			if {[lsearch -exact $commandList $command] != -1} {
# a critical command
				Load ../auxdoc/pid pid
				if [string equal $pid [lindex $cmdbuf 1]] {
# allowed
					set cmd [lreplace $cmdbuf 1 1]
				} else {
# unfair request
					return	;# do nothing
				}
			} else {
# not a critical command
				set cmd $cmdbuf
			}
# puts --$cmd--

			set sentResult {}	;# useful to trace a communication error

			if {[lsearch -exact $allowedCommandListForMultipleSubmit $command] != -1} {
# >>> works with MultipleSubmit
# Firewall
# the @sitesHavingReadPermission.txt file content in $loCoInRep/doc defines the allowed sites.
# Examples of @sitesHavingReadPermission.txt file content:
# No Sites
# means to allow no sites (except the local site)
# All Sites
# means to allow all sites
# Main Site
# means to allow the main site (URLib Main Site: urlib.net)
# site loCoInRep ip
# means to allow the specified site, example:
# hermes.dpi.inpe.br:1905 dpi.inpe.br/banon/2001/01.11.16.21 150.163.8.23
# the FIRST match defines the flag value 0 or 1 (1 means to execute the command $cmd, 0 means to do not execute it)
# no existing @sitesHavingReadPermission.txt file or empty file
# is equivalent to allow all sites
# any change in @sitesHavingReadPermission.txt requires pressing the Reload Button of the URLibService window for loCoInRep

				if [string equal $addr $environmentArray(ipAddress)] {
# the proper host is calling
					set flag 1
				} else {
					if [info exists environmentArray(sitesHavingReadPermission)] {
						if [string equal {} $environmentArray(sitesHavingReadPermission)] {
# empty file means to allow all sites
							set flag 1
						} else {
							set flag 0
							foreach line $environmentArray(sitesHavingReadPermission) {
								if [regexp {^\s*No\s+Sites\s*$} $line] {
# No Sites allowed
									break
								} elseif {[regexp {^\s*All\s+Sites\s*$} $line]} {
# All Sites allowed
									set flag 1
									break
								} else {
									if [regexp {^\s*Main\s+Site\s*$} $line] {
# Main Site
										set urlibServerAddressWithIP [GetURLibServerAddress]	;# ip and port of urlib.net
#										foreach {ip urlibPort} [ReturnCommunicationAddress $urlibServerAddressWithIP] {break}	;# commented by GJFB in 2017-12-20
										foreach {ip} $urlibServerAddressWithIP {break}	;# added by GJFB in 2017-12-20 to avoid useless call to ReturnCommunicationAddress
									} else {
										foreach {site loCoInRep ip} $line {break}
# site and loCoInRep not used
									}
									if [string equal $addr $ip] {
										set flag 1
										break
									}
								}
							}
						}
					} else {
# no sitesHavingReadPermission.txt file
# no file means to allow all sites
						set flag 1
					}
				}				
# Firewall - end
				if $flag {
if 0 {
					incr serveLocalCollectionCounter
					set counterValue $serveLocalCollectionCounter
					set nestedCommandArray($counterValue) "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] $command"
					set numberOfNestedCommandsForMultipleSubmit [llength [array names nestedCommandArray]]
}
## Waiting for the completion of other commands
## the while is intended to avoid the error message: too many nested evaluations (infinite loop?)
## it is assumed that any command for MultipleSubmit is neither recursive nor calling another command for MultipleSubmit
## therefore one can wait for the completion of any command for MultipleSubmit which is running
if 1 {
if 0 {
# doesn't work as espected
					set numberOfLoop 10	;# wait a maximum of 1 s
					while {$numberOfNestedCommandsForMultipleSubmit > 99} {
						set x 0; after 100 {set x 1}; vwait x
						incr numberOfLoop -1
						if !$numberOfLoop {
							set nestedCommandArrowList {}
							foreach {c v} [array get nestedCommandArray] {
								lappend nestedCommandArrowList [list $c $v]
							}
							set nestedCommandArrowList [lsort -index 0 $nestedCommandArrowList]
							set first [lindex $nestedCommandArrowList 0]
							set last [lindex $nestedCommandArrowList end]
							set log "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] ServeLocalCollection ($sock - $clicks):\nfirst and last nested commands (in a list of size $numberOfNestedCommandsForMultipleSubmit): $first $last\n"
							Store log $homePath/@errorLog auto 0 a
							puts $log
							break
						}
					}
}
if 0 {
# not tested
					if {$numberOfNestedCommandsForMultipleSubmit > 99} {
							set log "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] ServeLocalCollection ($sock - $clicks):\nfirst and last nested commands (in a list of size $numberOfNestedCommandsForMultipleSubmit): $first $last\n"
							Store log $homePath/@errorLog auto 0 a
							puts $log
							catch {puts $sock {<end-of-file>}}	;# catch is for unix
							return
					}
}
} else {
					set nestedCommandArrowList {}
					foreach {c v} [array get nestedCommandArray] {
						lappend nestedCommandArrowList [list $c $v]
					}
					set nestedCommandArrowList [lsort -index 0 $nestedCommandArrowList]
					if {$numberOfNestedCommandsForMultipleSubmit > 2} {
# 2
						set log "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] ServeLocalCollection (2 - $sock - $clicks):\nnested command list ($numberOfNestedCommandsForMultipleSubmit): $nestedCommandArrowList\n"
						Store log $homePath/@errorLog auto 0 a
						puts $log
					}
}
## Waiting for the completion of other commands - end

# set xxx $cmdbuf
# Store xxx C:/tmp/aaa auto 0 a
# puts $cmdbuf
# EVAL - MultipleSubmit
					set localURLibServer(cmdbuf,$sock) {}	;# to avoid a second execution
# puts --$cmd--	;# added by GJFB in 2022-09-27
# =>
#--GetURLPropertyList {clientinformation.ipaddress 192.168.0.112 parsedibiurl.ibi dpi.inpe.br/banon/1999/06.19.17.00 parsedibiurl.metadatafieldnamelist {booktitle contenttype copyright doi forcerecentflag fullname identifier issn language metadatalastupdate metadatarepository mirrorrepository nextedition nexthigherunit parameterlist parentidentifiercitedby previousedition readergroup readpermission referencetype repository rightsholder searchinputvalue shorttitle size targetfile title username versiontype} parsedibiurl.requiredsite gjfb:1905}
#--
					if [catch {eval $cmd} result] {
#						unset nestedCommandArray($counterValue)
#						set log "ServeLocalCollection:\n$serverAddress $clientAddress $sock \[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] \"$cmdbuf\"\n[CallTrace]\n$::errorInfo\n"
# 3
						set log "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] ServeLocalCollection (3 - $sock - $clicks):\nthe command $cmd sent by client at $clientAddress failed:\n$::errorInfo\n"
						Store log $homePath/@errorLog auto 0 a
						if {$tcl_platform(platform) == "unix"} {
							if [regexp {infinite loop\?} $::errorInfo] {	;# added by GJFB in 2020-01-22 to do unpost/post when the first error message: 'infinite loop?' is detected
#								set unpost_kill_postMessageForPost {}	;# could be anything
#								Store unpost_kill_postMessageForPost $homePath/col/$URLibServiceRepository/auxdoc/@unpost-kill-postMessageForPost	;# used in post
if 0 {
# commented by GJFB in 2020-11-19 - post doesn't execute kill-post
								set kill_postMessageForPost {}	;# could be anything
								Store kill_postMessageForPost $homePath/col/$URLibServiceRepository/auxdoc/@kill-postMessageForPost	;# used in post
} else {
# added by GJFB in 2020-11-19 to do kill/post when the first error message: 'infinite loop?' is detected in ServeLocalCollection
if 0 {
# commented by GJFB in 2024-03-14 - now in sentinel.tcl
#								exec $homePath/kill-post &	;# <<< commented by GJFB in 2024-03-12
								exec $homePath/kill-post -s &	;# <<< -s added by GJFB in 2024-03-12 to leave the sentinel process running
} else {
# added by GJFB in 2024-03-14
								set message {infinite loop?}
								Store message $homePath/col/$URLibServiceRepository/auxdoc/infiniteLoopMessageForSentinel	;# used in sentinel.tcl
}
}
if 0 {								
								if [file exists $homePath/col/$URLibServiceRepository/auxdoc/@unpost-kill-postMessageForPost] {
# 3b
									set log "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] ServeLocalCollection (3b - $sock - $clicks):\n@unpost-kill-postMessageForPost was created\n"
									Store log $homePath/@errorLog auto 0 a	;# added by GJFB in 2020-08-06 to trace unpost-kill-post under infinite loop
								} else {
# 3c
									set log "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] ServeLocalCollection (3c - $sock - $clicks):\n@unpost-kill-postMessageForPost was not created\n"
									Store log $homePath/@errorLog auto 0 a	;# added by GJFB in 2020-08-06 to trace unpost-kill-post under infinite loop
								}
}
# 4
								set log "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] ServeLocalCollection (4 - $sock - $clicks):\ndoing automatic kill-post\n"
								Store log $homePath/@errorLog auto 0 a
							}
						}
#						puts $sock <$result>
#						puts $sock <[split $::errorInfo \n]>
#						puts $sock <[concat [list "catched error from $localSite"] [split $::errorInfo \n]]>	;# added by GJFB in 2013-01-06 in order to trace the error
						if [catch {puts $sock <[concat [list "ServeLocalCollection (5):"] [list "catched error from $localSite"] [split $::errorInfo \n]]>}] {
# cannot find channel named "sock6"
if 0 {
[2024:08.11.12.00.27] ServeLocalCollection (6a - sock4bb6050 - 1723388427844327): ServeLocalCollection (5):
catched error from plutao.sid.inpe.br
too many nested evaluations (infinite loop?)
    while executing
"Load $homePath/col/$rep/service/$fileName data binary"
    invoked from within
"if $flag #
                set var {}
                Load $homePath/col/$rep/service/$fileName data binary
                set data [UnShift $data]
                if {[lindex $data 0] != "$rep"} #
# Secur..."
    (procedure "LoadService" line 4)
    invoked from within
"LoadService $rep hostCollection data 1 1"
    (procedure "LoadHostCollection" line 2)
    invoked from within
"LoadHostCollection $rep"
    (procedure "GetDocumentState" line 5)
    invoked from within
"GetDocumentState $rep"
    (procedure "ReturnSiteContainingTheOriginal" line 6)
    invoked from within
"ReturnSiteContainingTheOriginal dpi.inpe.br/banon-pc3/2011/03.14.15.45 0"
    ("eval" body line 1)
    invoked from within
"eval $cmd"
}
# 5
							set log "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] ServeLocalCollection (5 - $sock - $clicks):\nthe error cannot be sent back:\n$::errorInfo\n"
							Store log $homePath/@errorLog auto 0 a
						}
					} else {
#						unset nestedCommandArray($counterValue)
#						catch {puts $sock $result}	;# doesn't work because $result may be very large
# puts [list $sock result = $result]
# puts [fconfigure $sock]
# puts $command
# puts [llength $result]
# set xxx [list server side $sock command = $command]	;# <<< to trace chanel communication
# Store xxx C:/tmp/bbb.txt auto 0 a	;# <<< to trace chanel communication
# set xxx [list server side $sock result length = [llength $result]]	;# <<< to trace chanel communication
# Store xxx C:/tmp/bbb.txt auto 0 a	;# <<< to trace chanel communication
# set i 0	;# <<< to trace channel communication

						if [regexp {^<(.*)>$} $result m errorMessage] {	;# if added by GJFB in 2024-06-05
							set log "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] ServeLocalCollection (6a - $sock - $clicks): [join $errorMessage \n]\n"
							puts $log
							Store log $homePath/@errorLog auto 0 a
						} else {			
							foreach item $result {
# it is assumed that result is a list without empty items
								if [string equal {} $item] {
# 6
									set log "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] ServeLocalCollection (6b - $sock - $clicks):\nthe command $cmd sent by client at $clientAddress returned an empty item\n"
									Store log $homePath/@errorLog auto 0 a
									break
								}
# incr i	;# <<< to trace channel communication
# puts $i
# set xxx [list server side $sock i = $i]	;# <<< to trace channel communication
# Store xxx C:/tmp/bbb.txt auto 0 a	;# <<< to trace channel communication
#								catch {puts $sock $item}
								if [info exists niceWait] {unset niceWait}
#								after 1 set niceWait 1
# at least one after is useful when running GetValue from Get from LoadMetadata from UpdateRepMetadataRep from Submit (within submit.tcl)
# see "# testing socket" in LoadMetadata procedure
# PUTS
# puts --$item--
# set xxx [list server side item = --$item--]
# Store xxx C:/tmp/bbb.txt auto 0 a	;# <<< to trace channel communication
								after 1 [list PutsItem $sock $item]
##								puts -nonewline $sock $item\n
##								flush $sock
								set afterID [after 30000 set niceWait 1]	;# 30 s
								vwait niceWait	;# wait in order to enable the command: fileevent $sock readable (within MultipleSubmit)
								after cancel $afterID
								if $niceWait {
# the result of a command was send but the client is not getting it back
#									catch {puts $sock {<end-of-file>}}	;# catch is for unix
# 7
									set log "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] ServeLocalCollection (7 - $sock - $clicks):\nclient at $clientAddress is not returning while sending result of the command:\n\"$cmdbuf\"\n"
									Store log $homePath/@errorLog auto 0 a
								}
if $errorTrace {
								lappend sentResult $item
}
							}
						}
					}
				}
# puts <end-of-file>
# set xxx [list server side {<end-of-file>}]
# Store xxx C:/tmp/bbb.txt auto 0 a	;# <<< to trace channel communication
				catch {puts $sock {<end-of-file>}}	;# catch is for unix
# set xxx [list server side --$message--]
# Store xxx C:/tmp/bbb.txt auto 0 a	;# <<< to trace channel communication
			} else {
# >>> works with Submit
				if {[lsearch -exact $allowedCommandList $command] != -1} {
# the command is in allowedCommandList
# Firewall
# the @sitesHavingWritePermission.txt file in $loCoInRep/doc defines the allowed sites.
# Example of @sitesHavingWritePermission.txt file content:
# site loCoInRep ip
# means to allow the specified site
# no existing @sitesHavingWritePermission.txt file or empty file
# is equivalent to deny all sites except the proper site
# Store addr C:/tmp/bbb auto 0 a
# UpdateRepMetadataRep is allowed for used in Script
# see Administrator page for unifying field values
# and Administrator page for setting field value attributes
					if {[string equal $addr $environmentArray(ipAddress)] || \
					[string equal {UpdateRepMetadataRep} $command]} {
# the proper host is calling
						set flag 1
					} else {
						set flag 0
						if [info exists environmentArray(sitesHavingWritePermission)] {
							foreach siteRepIp $environmentArray(sitesHavingWritePermission) {
								foreach {site loCoInRep ip} $siteRepIp {break}
# site and loCoInRep not used
								if [string equal $addr $ip] {
									set flag 1
									break
								}
							}
						}
					}				
# Firewall - end

					if {$flag || [lsearch -exact $commandList $command] == -1} {
# a site having a write permission is calling or the procedure is not set, unset, lappend, array, incr, GetValue or Run-exit
#						if {[lsearch -exact $commandList $command] != -1} {
## a critical command
#							Load ../auxdoc/pid pid
#							if {[string compare $pid [lindex $cmdbuf 1]] == 0} {
## allowed
#								set cmd [lreplace $cmdbuf 1 1]
## puts --$cmd--
#							}
#						} else {
## not a critical command
#							set cmd $cmdbuf
#						}
						if [info exists cmd] {
# an allowed command
# set xxx [list cmdbuf = $cmdbuf]
# Store xxx C:/tmp/bbb auto 0 a
# set xxx [list command = $command]
# Store xxx C:/tmp/bbb auto 0 a
# puts [list $sock command = $command]
# set xxx [lsearch -exact $commandList $command] 
# Store xxx C:/tmp/bbb auto 0 a
# EVAL - Submit
							set localURLibServer(cmdbuf,$sock) {}	;# to avoid a second execution

# puts [list $sock cmd = $cmd]
							set code [catch {eval $cmd} result]
# puts [list $sock result = $result]
							
#							if {[string compare {LoadRepository2} $command] == 0}
							if [string equal {ComputeAccess} $command] {
# otherwise the ComputeAccess returned data cannot be received by the client
# one gets a unmatched open brace in list message
# ComputeAccess name must be insert in the Submit code (see utilities1.tcl)
								set reply [list $code $result $errorInfo $errorCode]\n
# Use regsub to count newlines
								set lines [regsub -all \n $reply {} junk]
# The reply is a line count followed
# by a Tcl list that occupies that number of lines
								puts $sock $lines
								puts -nonewline $sock $reply
								flush $sock
							} else {
								if $code {
#									set log "ServeLocalCollection:\n$serverAddress $clientAddress $sock \[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] \"$cmdbuf\"\n[CallTrace]\n$::errorInfo\n"
# 8
									set log "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] ServeLocalCollection (8 - $sock - $clicks):\nthe command sent by client at $clientAddress failed:\n$::errorInfo\n"
									Store log $homePath/@errorLog auto 0 a
#									puts $sock <$result>
									puts $sock <[split $::errorInfo \n]>
									if {$tcl_platform(platform) == "unix"} {	;# added by GJFB in 2024-03-14
										if [regexp {infinite loop\?} $::errorInfo] {	;# added by GJFB in 2024-03-14 to do unpost/post when the first error message: 'infinite loop?' is detected
											set message {infinite loop?}
											Store message $homePath/col/$URLibServiceRepository/auxdoc/infiniteLoopMessageForSentinel	;# used in sentinel.tcl
										}
									}
								} else {
# set xxx [list result = $result]
# Store xxx C:/tmp/bbb.txt auto 0 a
# puts [list $sock result = $result]
									if [catch {puts $sock $result} m] {
# 										puts $m
									}
# set xxx [list result = $result]
# Store xxx C:/tmp/bbb.txt auto 0 a
									if [string equal PostponeOneClickCount $command] {
if $errorTrace {
#										set log "$clientAddress $sock \[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] \"CountOneClick $result\""
# b
										set log "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] ServeLocalCollection (b - $sock - $clicks):\nthe command \"CountOneClick $result\" is going to be executed for client at $clientAddress\n"
										Store log $homePath/@errorLog auto 0 a
										Store log $homePath/@cmdLog$clicks auto 0 a
}
# puts [list $sock result = $result]
# => sock672 result = {{urlib.net www 2014 03.25.23.20} 192.168.1.31}
#										CountOneClick $result
										eval CountOneClick $result
									} elseif {[string equal PostponeSaveToDisk $command]} {
										SaveToDisk
									} elseif {[string equal StartApacheServerAfterSubmission $command]} {
#										set startApacheServer 1
										StartApacheServer
#									} elseif {[string compare StartPS2PDFConversionAfterSubmission $command] == 0} {
#										foreach {ps2pdfConverterPath repName} $result {break}
#										ConvertPS2PDF $ps2pdfConverterPath $repName
									}
								}
							}
if $errorTrace {
							set sentResult $result
}
						} else {
# not an allowed command
							catch {puts $sock {<permission denied>}}
						}
					} else {
# a site without a write permission is calling and the procedure is set, unset, lappend, incr, array or GetValue
						catch {puts $sock {<permission denied>}}
					}
				} else {
# the command is neither in allowedCommandList nor in allowedCommandListForMultipleSubmit
#					catch {puts $sock {<permission denied>}}
					catch {puts $sock {}}	;# some sites might not be up-to-date (useful when using scenario 1)
					close $sock	;# added by GJFB in 2023-08-03 to cancel submission of undesirable commands which result in infinite loop
# example of undesirable command:
# set sock [socket gjfb0520.sid.inpe.br 806]
# fileevent $sock writable [list puts $sock xvx]

				}
			}
#			set localURLibServer(cmdbuf,$sock) {}	;# to avoid a second execution
if $errorTrace {
# c
			set log "\[[clock format [clock seconds] -format %Y:%m.%d.%H.%M.%S]\] ServeLocalCollection (c - $sock - $clicks):\nclient at $clientAddress has been served, the server sent the following result:\n$sentResult\n"
			Store log $homePath/@errorLog auto 0 a
			file delete $homePath/@cmdLog$clicks
}
# puts --$command--
			if [string equal {Run-exit} $command] {exit}	;# end of the execution of post - exit may took few seconds to end up with some child Apache processes (observed with Windows), or even doesn't complete (observed with Windows 7 - usuario-pc - the shortcut doesn't close) 
		}
	}
	
}

proc PutsItem {sock item} {
	global niceWait
	
	catch {puts $sock $item}
	set niceWait 0
}

# ServeLocalCollection - end
# ----------------------------------------------------------------------
# StartApacheServer
# if the global variable startApacheServer is 1, turns apache server on or restart it

proc StartApacheServer {} {
# runs with post
	global homePath
	global apachePath
	global tcl_platform
	global startApacheServer
	global linuxDistribution	;# added by GJFB in 2021-12-25 - set in post

# puts StartApacheServer
 
# Store startApacheServer $homePath/aaa auto 0 a
	if {[info exists startApacheServer] && $startApacheServer} {
# puts {starting or restarting Apache server}

		CreateEnvironmentArray
			
		if {$tcl_platform(platform) == "unix"} {
# after a download from Windows $apachePath may not be executable
			catch {exec chmod 755 $apachePath}
		}

# Find serverRoot2
		Load $homePath/@serverRoot2 serverRoot2
# Find serverRoot2 - end

		set fileContent 1	;# could be anything
		if [file exists $serverRoot2/logs/httpd.pid] {
# restart Apache server
#			if $createConfigurationFiles {CreateConfigurationFiles $serverRoot2 0}
			CreateConfigurationFiles $serverRoot2 0
#			Store fileContent ../auxdoc/serverDir/logs/virtualHostRunning
			Store fileContent $serverRoot2/logs/virtualHostRunning	;# added by GJFB in 2013-05-16 - virtual host doesn't have serverDir directory
			Load $homePath/@serverAddressWithIP remoteServerAddressWithIP
#			Execute $remoteServerAddressWithIP [list RestartApacheServer $serverRoot2]
			RestartApacheServer $serverRoot2	;# added by GJFB in 2013-12-02 - Execute in the above line is not necessary
		} else {
# start Apache server
			file delete -force $serverRoot2/conf/Listen
#			file delete -force $serverRoot2/conf/VirtualHost	;# this line should be commented because the content of VirtualHost should be preserved (e.g., after a ./kill)
			file delete -force $serverRoot2/conf/VirtualHost2
			file delete ../auxdoc/serverDir/logs/virtualHostRunning
			CreateConfigurationFiles $serverRoot2 1
#			Store fileContent ../auxdoc/serverDir/logs/virtualHostRunning
			Store fileContent $serverRoot2/logs/virtualHostRunning	;# added by GJFB in 2013-05-16 - virtual host doesn't have serverDir directory
#			catch {exec $apachePath -f $serverRoot2/conf/httpd.conf &} message
			if {$tcl_platform(platform) == "windows" && \
			[file isdirectory $homePath/col/iconet.com.br/banon/2005/10.07.22.52x]} {
# needed with Apache 2.0.54
# httpd.conf path must be absolute
#				catch {exec $apachePath -k start -f $serverRoot2/conf/httpd.conf &} message
				catch {exec $apachePath -k start -D SSL -f $serverRoot2/conf/httpd.conf &} message
			} else {
				catch {exec $apachePath -f $serverRoot2/conf/httpd.conf &} message
				if {$tcl_platform(os) == "Linux" && [string equal {Ubuntu} $linuxDistribution]} {
#					RestartApacheServer $serverRoot2
				}
			}
# puts --$message--
		}
		set startApacheServer 0
	}
	if [info exists message] {return $message}
}

# StartApacheServer - end
# ----------------------------------------------------------------------
# CreateEnvironmentArray
# used in StartApacheServer

proc CreateEnvironmentArray {} {
# runs with post
	global serverAddress
	global serverAddressWithIP
	global urlibServerAddress	;# urlib.net and port
#	global urlibServerAddressWithIP	;# ip and port of urlib.net
	global standaloneModeFlag	;# set in LoadGlobalVariables
	global localSite
	global commonWords
	global loCoInRep
	global loCoInId
	global loBiMiRep
	global URLibServiceRepository
	global environmentArray
	global bannerRoot	;# set in post
	global repositoryProperties
	global englishMirrorRepository
	global maximumNumberOfEntries
	global multipleLineFieldNameList
	global multipleLineReferFieldNamePattern
	global multipleLineReferFieldNamePattern2
	global multipleLineReferFieldNamePatternForCreator
	global authorFieldNameList
	global BibINPERepository
	global htpasswdPath
	global OAIProtocolRepository
	global MTD2-BRRepository
	global XReferRepository
	global homePath
	global errorTrace	;# set in post
#	global staticIPFlag	;# set in InformURLibSystem - commented by GJFB in 2014-09-09 - not used
#	global resolverIndexRepository	;# added by GJFB in 2022-06-27 - commented by GJFB in 2022-08-13
	global resolverMirrorRepository	;# added by GJFB in 2022-08-13
	global mirrorHomePageRepository	;# added by GJFB in 2022-10-10
	global referRepository	;# added by GJFB in 2023-01-18
	global ${referRepository}::conversionTable	;# added by GJFB in 2023-01-18

	set serverAddress [GetServerAddress]	;# needed in case of a port change
	set serverAddressWithIP [GetServerAddress 1]	;# needed in case of a port change
	set localSite [ReturnHTTPHost]	;# needed in case of a port change
	
	foreach {serverName urlibPort} [ReturnCommunicationAddress $serverAddress] {break}
# serverName not used
	set env2(URLIB_PORT) $urlibPort

#	set env2(REGISTRATION_FLAG) $environmentArray(registrationFlag)	;# set in post - commented by GJFB in 2014-10-29 - environmentArray(registrationFlag) may not exist
	
	set creatorListForArray {}
	set referenceTypeList [CreateReferenceTypeList]
	foreach referenceType $referenceTypeList {
		lappend creatorListForArray $referenceType $conversionTable($referenceType,%A)
	}
	set env2(OPENAIRE_LIST_FOR_ARRAY) [CreateOpenAIREListForArray]	;# added by GJFB in 2023-08-04
	
	set env2(CREATOR_LIST_FOR_ARRAY) $creatorListForArray	;# added by GJFB in 2023-01-18 - used by 'INPE submission forms' (iconet.com.br/banon/2003/05.31.10.26)

	set env2(COMMON_WORDS) $commonWords
	set env2(LOCOINREP) $loCoInRep
	set env2(LOCOINID) $loCoInId	;# used in CreatePage only
	set env2(LOBIMIREP) $loBiMiRep
	set env2(URLIB_SERVICE_REP) $URLibServiceRepository
	set env2(URLIB_SERVER_ADDR) $urlibServerAddress	;# urlib.net and port
#	set env2(URLIB_SERVER_ADDR) $urlibServerAddressWithIP	;# ip and port of urlib.net
	set env2(STANDALONE_MODE_FLAG) $standaloneModeFlag

	set env2(IP_ADDR) $environmentArray(ipAddress)
	set env2(BANNER_ROOT) $bannerRoot
#	set serviceVersion [lindex $repositoryProperties($URLibServiceRepository,history) end]
#	set serviceVersion [GetVersionStamp $URLibServiceRepository]
	set serviceVersion [GetURLibServiceLastVersion]
	set env2(SERVICE_VERSION) $serviceVersion
	set env2(ENGLISH_MIRROR_REP) $englishMirrorRepository
	set env2(MAX_NUMBER_OF_ENTRIES) $maximumNumberOfEntries	;# used by Recent
	set env2(MULI_LIST) $multipleLineFieldNameList
	set env2(MULI_PATTERN) $multipleLineReferFieldNamePattern
	set env2(MULI_PATTERN2) $multipleLineReferFieldNamePattern2
	set env2(MULI_PATTERN_FOR_CREATOR) $multipleLineReferFieldNamePatternForCreator
	set env2(AUTHOR_FIELD_NAME_LIST) $authorFieldNameList
	set env2(ERROR_TRACE) $errorTrace	;# used when executing a cgi script
	set env2(ENCODING_SYSTEM) [encoding system]	;# used with the encoding procedure
#	set env2(RESOLVER_INDEX_REPOSITORY) $resolverIndexRepository	;# used in Get to exclude the Return green button '<' when the Archive is the resolver
	set env2(RESOLVER_MIRROR_REPOSITORY) $resolverMirrorRepository	;# used in Get to exclude the Return green button '<' when the displayed IBI is the resolver mirror
	set env2(MIRROR_HOME_PAGE_REPOSITORY) $mirrorHomePageRepository	;# added by GJFB in 2022-10-10 - used only by ReturnRestrictedAccessWarning called by Get (see get.tcl)
	if [info exists BibINPERepository] {set env2(BIBINPE_REP) $BibINPERepository}	;# used by Get (see get.tcl)
	if [info exists htpasswdPath] {set env2(HTPASSWD_PATH) $htpasswdPath}	;# used by StorePassword (see utilities1.tcl)
	if [info exists OAIProtocolRepository] {set env2(OAI_PROTOCOL_REP) $OAIProtocolRepository}	;# used by CreateOutput (see utilities1.tcl)
	if [file isdirectory $homePath/col/${MTD2-BRRepository}] {set env2(MTD2_BR_REP) ${MTD2-BRRepository}}	;# used by CreateMetadata (see cgi/oai.tcl)
	if [file isdirectory $homePath/col/$XReferRepository] {set env2(XREFER_REP) $XReferRepository}	;# used by CreateMetadata (see cgi/oai.tcl)

	if [string equal {} $environmentArray(domainName)] {
#		set env2(DOMAIN_NAME) $domainName	;# used by oai.tcl
#		set env2(DOMAIN_NAME) urlib.net	;# used by oai.tcl - changed by GJFB in 2010-08-18
#		set env2(DOMAIN_NAME) {}	;# used by oai.tcl - changed by GJFB in 2010-08-29
#		set env2(DOMAIN_NAME) empty	;# used by oai.tcl, testingPost.html, mirror.tcl and instructions/xxPassword1Instructions.html - changed by GJFB in 2010-08-29 - value must not be {}, otherwise env(DOMAIN_NAME) is not created despite the fact that [info exists env(DOMAIN_NAME)] returns 1
		set env2(DOMAIN_NAME) empty	;# used by testingPost.html, mirror.tcl and instructions/xxPassword1Instructions.html - changed by GJFB in 2010-08-29 - value must not be {}, otherwise env(DOMAIN_NAME) is not created despite the fact that [info exists env(DOMAIN_NAME)] returns 1
	} else {
		set env2(DOMAIN_NAME) $environmentArray(domainName)	;# used by oai.tcl, testingPost.html, mirror.tcl and instructions/xxPassword1Instructions.html
	}
# env(LANGUAGE_PREFERENCE) is reloaded when reloading a bibliografic mirror - the values for each Bibliographic Mirror is the value of 'languagePreference' as set in the respective displayControl.tcl
	set env2(LANGUAGE_PREFERENCE) [array get environmentArray *,languagePreference]

	StoreArray env2 ../auxdoc/.envArray.tcl w list array 1 env

	set phpEnv [list [list URLIB_PORT = $urlibPort]]
	lappend phpEnv [list LOCOINREP = $loCoInRep]
	lappend phpEnv [list LOBIMIREP = $loBiMiRep]
	set phpEnv [join $phpEnv \n]

	Store phpEnv ../auxdoc/.phpEnv.ini
}			

# CreateEnvironmentArray - end
# ----------------------------------------------------------------------
# RestartApacheServer

proc RestartApacheServer {serverRoot2} {
	global tcl_platform
	global apachePath

	puts {restarting Apache...}
	if {$tcl_platform(platform) == "windows"} {
# puts $serverRoot2
# set xxx $serverRoot2
# Store xxx C:/tmp/bbb auto 0 a
# httpd.conf path must be absolute
		catch {exec $apachePath \
			-f $serverRoot2/conf/httpd.conf \
			-k restart} message	;# may produce a warning message which is interpreted as an error by tcl (e.g., registery key message)
# puts --$message--
# set xxx --$message--
# Store xxx C:/tmp/bbb auto 0 a
	}
	if {$tcl_platform(platform) == "unix"} {
#		Load ../auxdoc/processList fileContent
#		if {[string compare {} $fileContent] == 0} #
## no submission process is running
			Load $serverRoot2/logs/httpd.pid pid
			if {[string compare {} $pid] != 0} {
				catch {exec kill -HUP $pid}	;# catch added by GJFB in 2020-03-27 - the process might not exist (e.g. after an abnormal shutdown)
			}
#		#
	}
	puts {Apache restarted}
}

# RestartApacheServer - end
# ----------------------------------------------------------------------
# StopApacheServer
# turn Apache Server off
# used in doc/post and others

proc StopApacheServer {} {
# runs with start and post
	global URLibServiceRepository
	global homePath
	global serverAddress
#	global startApacheServer

	foreach {urlibServerName urlibPort} [ReturnCommunicationAddress $serverAddress] {break}
# urlibServerName not used

# Find serverRoot2
	Load $homePath/@serverRoot2 serverRoot2
# Find serverRoot2 - end

	if [file exists $serverRoot2/logs/httpd.pid] {
# Apache might be running
#		file delete $serverRoot2/conf/VirtualHost/$urlibPort
		file delete $serverRoot2/conf/VirtualHost2/$urlibPort
		set virtualHostConfList [glob -nocomplain $serverRoot2/conf/VirtualHost2/*]
		if {[llength $virtualHostConfList] == 0} {
# stop Apache
			StopApacheServer2 $serverRoot2
		}
	}
	file delete $homePath/col/$URLibServiceRepository/auxdoc/serverDir/logs/virtualHostRunning
}

# StopApacheServer - end
# ----------------------------------------------------------------------
# StopApacheServer2
# return 1 if the Apache Server is or has been turned off
# return 0 otherwise
# return value not used

proc StopApacheServer2 {serverRoot} {
# runs with start and post
	global URLibServiceRepository
	global apachePath
	global homePath
	global col
	global tcl_platform
#	global environmentArray
	global localSite

# portNumber
	if ![regexp {:(.*)} $localSite m portNumber] {
		set portNumber 80
	}

	if {$tcl_platform(platform) == "windows"} {
		if [catch {socket -server NullProc $portNumber} s] {
# Apache is on
			if [catch {exec $apachePath \
				-f $serverRoot/conf/httpd.conf \
				-k shutdown} errorMessage] {
# cannot turn off
				puts stderr $errorMessage
				return 0
			} else {
# Apache turned off
				file delete $serverRoot/logs/httpd.pid	;# must be deleted by tcl (we must not wait for Apache doing that) because a StartApacheServer command may follow the StopApacheServer (see PerformCheck)
				return 1
			}
		} else {
# Apache is off
			file delete $serverRoot/logs/httpd.pid
			close $s
			return 1
		}
	}

	if {$tcl_platform(platform) == "unix"} {
		Load $serverRoot/logs/httpd.pid pid
		if {$pid != ""} {
# httpd.pid exists
			if {1 || [catch {socket -server NullProc $portNumber} s]} {	;# forced to 1 by GJFB in 2023-10-15 because sometimes the socket works even the port is in use (new plutao)
# Apache is on
				if [catch {exec kill -TERM $pid} errorMessage] {
# cannot turn off (probably not owner)
					puts stderr $errorMessage
					return 0
				} else {
# Apache turned off
					file delete $serverRoot/logs/httpd.pid
					return 1
				}
			} else {
# Apache is off
				file delete $serverRoot/logs/httpd.pid
				close $s
				return 1
			}
		} else {
# httpd.pid doesn't exist
			if [catch {socket -server NullProc $portNumber} s] {
# Apache is on
# cannot turn off
				return 0
			} else {
# Apache is off
				file delete $serverRoot/logs/httpd.pid
				close $s
				return 1
			}
		}
	}
}

# StopApacheServer2 - end
# ----------------------------------------------------------------------
# CreateConfigurationFiles
# createHTTPDFile value is 0 or 1, 1 means to create the httpd configuration file

proc CreateConfigurationFiles {serverRoot createHTTPDFile} {
# propagate false
	global URLibServiceRepository
	global apacheVersion	;# set in post
#	global linuxDistribution	;# commented by GJFB in 2021-12-19
	global linuxDistribution	;# added by GJFB in 2021-12-25 - set in post
	global loCoInRep
	global loCoInId
	global loBiMiRep
	global homePath
	global col
	global environmentArray
	global repositoryProperties
	global apacheDirectoryPath
	global apacheMimeTypesFilePath
	global apacheMagicFilePath
	global apacheIconDirectoryPath
	global apachePath
	global apacheLibDirectoryPath
	global tcl_platform
	global serverAddress
	global localSite
	global administratorPageRepository
	global serverAdministratorAddress	;# used in FindURLPropertyList

	if ![regexp {(.*):(.*)} $localSite m serverName httpPort] {
		set serverName $localSite	;# banon-pc2.dpi.inpe.br
		set httpPort 80
	}
	if [regsub {^www\.} $serverName {} shortServername] {
		set hostName $environmentArray(hostName)
		set domainName $environmentArray(domainName)
		if {[string compare {} $domainName] == 0} {
			set serverName2 $hostName
		} else {
			set serverName2 $hostName.$domainName
		}
	} else {
		set serverName2 $serverName
	}

	foreach {urlibServerName urlibPort} [ReturnCommunicationAddress $serverAddress] {break}
# urlibServerName not used

#	file mkdir $serverRoot/conf
	file mkdir $serverRoot/logs
	file mkdir $serverRoot/conf/Listen
	file mkdir $serverRoot/conf/VirtualHost
	file mkdir $serverRoot/conf/VirtualHost2

	set Listen "Listen $httpPort"
	Store Listen $serverRoot/conf/Listen/$httpPort auto 0 w 1

# puts $httpPort

# puts "ServerAdmin $environmentArray(spMailEntry)"

# Set ServerAdmin
	if [info exists environmentArray(spMailEntry)] {
		set serverAdministratorAddress $environmentArray(spMailEntry)
		set ServerAdmin "ServerAdmin $serverAdministratorAddress"
	} else {
		set serverAdministratorAddress {}
		set ServerAdmin ""
	}
# Set ServerAdmin - end

if 0 {
# not used
# PassEnv
	set PassEnv \
"
PassEnv LOCOINREP
PassEnv LOBIMIREP
PassEnv IP_ADDR
PassEnv URLIB_SERVICE_REP
PassEnv COMMON_WORDS
PassEnv BANNER_ROOT
PassEnv SERVICE_VERSION
PassEnv ENGLISH_MIRROR_REP
PassEnv MAX_NUMBER_OF_ENTRIES
PassEnv BIBINPE_REP
PassEnv HTPASSWD_PATH
PassEnv OAI_PROTOCOL_REP
PassEnv MTD2_BR_REP
PassEnv XREFER_REP
PassEnv DOMAIN_NAME
PassEnv LANGUAGE_PREFERENCE
PassEnv MULI_LIST
PassEnv MULI_LIST_FOR_FIRST
PassEnv MULI_PATTERN
PassEnv MULI_PATTERN_FOR_CREATOR
PassEnv PERSON_NAME_FIELD_LIST
PassEnv URLIB_PORT
"
}

	if ![info exists environmentArray(spDocAccessPermission)] {
#		set environmentArray(spDocAccessPermission) {allow from all}
		set environmentArray(spDocAccessPermission) {deny from all}
	}
	if ![info exists environmentArray(spDownloadAccessPermission)] {
#		set environmentArray(spDownloadAccessPermission) {allow from all}
		set environmentArray(spDownloadAccessPermission) {deny from all}
	}

# ipAddress
	set ipAddress $environmentArray(ipAddress)

# loBiMiRepPermission
	if [info exists repositoryProperties($loBiMiRep,docpermission)] {
		set loBiMiRepPermission $repositoryProperties($loBiMiRep,docpermission)
	} else {
		set loBiMiRepPermission {}
	}

# puts --$apacheVersion--

# Set root and LoadModule ================================
	if {$tcl_platform(platform) == "windows"} {
		set root C:/
		if [regexp {2.0} $apacheVersion] {
# banon-pc2 - Apache 2.0.54
			set LoadModule "
				LoadModule access_module \"$apacheLibDirectoryPath/mod_access.so\"
				LoadModule actions_module \"$apacheLibDirectoryPath/mod_actions.so\"
				LoadModule alias_module \"$apacheLibDirectoryPath/mod_alias.so\"
				LoadModule asis_module \"$apacheLibDirectoryPath/mod_asis.so\"
				LoadModule auth_module \"$apacheLibDirectoryPath/mod_auth.so\"
				#LoadModule auth_anon_module \"$apacheLibDirectoryPath/mod_auth_anon.so\"
				#LoadModule auth_dbm_module \"$apacheLibDirectoryPath/mod_auth_dbm.so\"
				#LoadModule auth_digest_module \"$apacheLibDirectoryPath/mod_auth_digest.so\"
				LoadModule autoindex_module \"$apacheLibDirectoryPath/mod_autoindex.so\"
				#LoadModule cern_meta_module \"$apacheLibDirectoryPath/mod_cern_meta.so\"
				LoadModule cgi_module \"$apacheLibDirectoryPath/mod_cgi.so\"
				#LoadModule dav_module \"$apacheLibDirectoryPath/mod_dav.so\"
				#LoadModule dav_fs_module \"$apacheLibDirectoryPath/mod_dav_fs.so\"
				LoadModule dir_module \"$apacheLibDirectoryPath/mod_dir.so\"
				LoadModule env_module \"$apacheLibDirectoryPath/mod_env.so\"
				#LoadModule expires_module \"$apacheLibDirectoryPath/mod_expires.so\"
				#LoadModule file_cache_module \"$apacheLibDirectoryPath/mod_file_cache.so\"
				#LoadModule headers_module \"$apacheLibDirectoryPath/mod_headers.so\"
				LoadModule imap_module \"$apacheLibDirectoryPath/mod_imap.so\"
				LoadModule include_module \"$apacheLibDirectoryPath/mod_include.so\"
				#LoadModule info_module \"$apacheLibDirectoryPath/mod_info.so\"
				LoadModule isapi_module \"$apacheLibDirectoryPath/mod_isapi.so\"
				LoadModule log_config_module \"$apacheLibDirectoryPath/mod_log_config.so\"
				LoadModule mime_module \"$apacheLibDirectoryPath/mod_mime.so\"
				#LoadModule mime_magic_module \"$apacheLibDirectoryPath/mod_mime_magic.so\"
				#LoadModule proxy_module \"$apacheLibDirectoryPath/mod_proxy.so\"
				#LoadModule proxy_connect_module \"$apacheLibDirectoryPath/mod_proxy_connect.so\"
				#LoadModule proxy_http_module \"$apacheLibDirectoryPath/mod_proxy_http.so\"
				#LoadModule proxy_ftp_module \"$apacheLibDirectoryPath/mod_proxy_ftp.so\"
				LoadModule negotiation_module \"$apacheLibDirectoryPath/mod_negotiation.so\"
				#LoadModule rewrite_module \"$apacheLibDirectoryPath/mod_rewrite.so\"
				LoadModule setenvif_module \"$apacheLibDirectoryPath/mod_setenvif.so\"
				#LoadModule speling_module \"$apacheLibDirectoryPath/mod_speling.so\"
				#LoadModule status_module \"$apacheLibDirectoryPath/mod_status.so\"
				#LoadModule unique_id_module \"$apacheLibDirectoryPath/mod_unique_id.so\"
				LoadModule userdir_module \"$apacheLibDirectoryPath/mod_userdir.so\"
				#LoadModule usertrack_module \"$apacheLibDirectoryPath/mod_usertrack.so\"
				#LoadModule vhost_alias_module \"$apacheLibDirectoryPath/mod_vhost_alias.so\"
				LoadModule ssl_module \"$apacheLibDirectoryPath/mod_ssl.so\"
			"
if 1 {
			if [file exists $apacheLibDirectoryPath/php-4.4.0-Win32/sapi/php4apache2.dll] {
				append LoadModule \
"
LoadModule php4_module \"$apacheLibDirectoryPath/php-4.4.0-Win32/sapi/php4apache2.dll\"
"
			}
}
		} elseif [regexp {1.3} $apacheVersion] {
			set LoadModule ""
			if [file exists $apacheLibDirectoryPath/php5apache.dll] {
				append LoadModule \
"
LoadModule php5_module \"$apacheLibDirectoryPath/php5apache.dll\"
"
			} else {
				if [file exists $apacheLibDirectoryPath/php4apache.dll] {
					append LoadModule \
"
LoadModule php4_module \"$apacheLibDirectoryPath/php4apache.dll\"
"
				}
			}
			append LoadModule "
				ClearModuleList
				#AddModule mod_vhost_alias.c
				AddModule mod_env.c
				AddModule mod_log_config.c
				#AddModule mod_mime_magic.c
				AddModule mod_mime.c
				AddModule mod_negotiation.c
				#AddModule mod_status.c
				#AddModule mod_info.c
				AddModule mod_include.c
				AddModule mod_autoindex.c
				AddModule mod_dir.c
				AddModule mod_isapi.c
				AddModule mod_cgi.c
				AddModule mod_asis.c
				AddModule mod_imap.c
				AddModule mod_actions.c
				#AddModule mod_speling.c
				AddModule mod_userdir.c
				AddModule mod_alias.c
				#AddModule mod_rewrite.c
				AddModule mod_access.c
				AddModule mod_auth.c
				#AddModule mod_auth_anon.c
				#AddModule mod_auth_dbm.c
				#AddModule mod_auth_digest.c
				#AddModule mod_digest.c
				#AddModule mod_proxy.c
				#AddModule mod_cern_meta.c
				#AddModule mod_expires.c
				#AddModule mod_headers.c
				#AddModule mod_usertrack.c
				#AddModule mod_unique_id.c
				AddModule mod_so.c
				AddModule mod_setenvif.c
			"
			if [file exists $apacheLibDirectoryPath/php5apache.dll] {
				append LoadModule \
"
AddModule mod_php5.c
"
			} else {
				if [file exists $apacheLibDirectoryPath/php4apache.dll] {
					append LoadModule \
"
AddModule mod_php4.c
"
				}
			}
		} else {
			set LoadModule {}
		}
# end windows

	} elseif {$tcl_platform(platform) == "unix"} {
		set root /
		if {$tcl_platform(os) == "SunOS"} {
			set LoadModule {}
		}
		if {$tcl_platform(os) == "Linux"} {
#			if {[regexp {2.4} $apacheVersion] && [string equal {CentOS} $linuxDistribution]} #	;# commented by GJFB in 2023-10-13
			if {[regexp {2.4} $apacheVersion] && [regexp {^(CentOS|AlmaLinux)$} $linuxDistribution]} {	;# added by GJFB in 2023-10-13
# m12 - Apache 2.4.6
# plutao - Apache/2.4.53
# AlmaLinux used by plutao.sid.inpe.br
				set LoadModule "
#					Include /etc/httpd/conf.modules.d/*.conf
					LoadModule access_compat_module $apacheLibDirectoryPath/mod_access_compat.so
					LoadModule actions_module $apacheLibDirectoryPath/mod_actions.so
					LoadModule alias_module $apacheLibDirectoryPath/mod_alias.so
					LoadModule allowmethods_module $apacheLibDirectoryPath/mod_allowmethods.so
					LoadModule auth_basic_module $apacheLibDirectoryPath/mod_auth_basic.so
					LoadModule auth_digest_module $apacheLibDirectoryPath/mod_auth_digest.so
					LoadModule authn_anon_module $apacheLibDirectoryPath/mod_authn_anon.so
					LoadModule authn_core_module $apacheLibDirectoryPath/mod_authn_core.so
					LoadModule authn_dbd_module $apacheLibDirectoryPath/mod_authn_dbd.so
					LoadModule authn_dbm_module $apacheLibDirectoryPath/mod_authn_dbm.so
					LoadModule authn_file_module $apacheLibDirectoryPath/mod_authn_file.so
					LoadModule authn_socache_module $apacheLibDirectoryPath/mod_authn_socache.so
					LoadModule authz_core_module $apacheLibDirectoryPath/mod_authz_core.so
					LoadModule authz_dbd_module $apacheLibDirectoryPath/mod_authz_dbd.so
					LoadModule authz_dbm_module $apacheLibDirectoryPath/mod_authz_dbm.so
					LoadModule authz_groupfile_module $apacheLibDirectoryPath/mod_authz_groupfile.so
					LoadModule authz_host_module $apacheLibDirectoryPath/mod_authz_host.so
					LoadModule authz_owner_module $apacheLibDirectoryPath/mod_authz_owner.so
					LoadModule authz_user_module $apacheLibDirectoryPath/mod_authz_user.so
					LoadModule autoindex_module $apacheLibDirectoryPath/mod_autoindex.so
					LoadModule cache_module $apacheLibDirectoryPath/mod_cache.so
					LoadModule cache_disk_module $apacheLibDirectoryPath/mod_cache_disk.so
					LoadModule data_module $apacheLibDirectoryPath/mod_data.so
					LoadModule dbd_module $apacheLibDirectoryPath/mod_dbd.so
					LoadModule deflate_module $apacheLibDirectoryPath/mod_deflate.so
					LoadModule dir_module $apacheLibDirectoryPath/mod_dir.so
					LoadModule dumpio_module $apacheLibDirectoryPath/mod_dumpio.so
					LoadModule echo_module $apacheLibDirectoryPath/mod_echo.so
					LoadModule env_module $apacheLibDirectoryPath/mod_env.so
					LoadModule expires_module $apacheLibDirectoryPath/mod_expires.so
					LoadModule ext_filter_module $apacheLibDirectoryPath/mod_ext_filter.so
					LoadModule filter_module $apacheLibDirectoryPath/mod_filter.so
					LoadModule headers_module $apacheLibDirectoryPath/mod_headers.so
					LoadModule include_module $apacheLibDirectoryPath/mod_include.so
					LoadModule info_module $apacheLibDirectoryPath/mod_info.so
					LoadModule log_config_module $apacheLibDirectoryPath/mod_log_config.so
					LoadModule logio_module $apacheLibDirectoryPath/mod_logio.so
					LoadModule mime_magic_module $apacheLibDirectoryPath/mod_mime_magic.so
					LoadModule mime_module $apacheLibDirectoryPath/mod_mime.so
					LoadModule negotiation_module $apacheLibDirectoryPath/mod_negotiation.so
					LoadModule remoteip_module $apacheLibDirectoryPath/mod_remoteip.so
					LoadModule reqtimeout_module $apacheLibDirectoryPath/mod_reqtimeout.so
					LoadModule rewrite_module $apacheLibDirectoryPath/mod_rewrite.so
					LoadModule setenvif_module $apacheLibDirectoryPath/mod_setenvif.so
					LoadModule slotmem_plain_module $apacheLibDirectoryPath/mod_slotmem_plain.so
					LoadModule slotmem_shm_module $apacheLibDirectoryPath/mod_slotmem_shm.so
					LoadModule socache_dbm_module $apacheLibDirectoryPath/mod_socache_dbm.so
					LoadModule socache_memcache_module $apacheLibDirectoryPath/mod_socache_memcache.so
					LoadModule socache_shmcb_module $apacheLibDirectoryPath/mod_socache_shmcb.so
					LoadModule status_module $apacheLibDirectoryPath/mod_status.so
					LoadModule substitute_module $apacheLibDirectoryPath/mod_substitute.so
					LoadModule suexec_module $apacheLibDirectoryPath/mod_suexec.so
					LoadModule unique_id_module $apacheLibDirectoryPath/mod_unique_id.so
					LoadModule unixd_module $apacheLibDirectoryPath/mod_unixd.so
					LoadModule userdir_module $apacheLibDirectoryPath/mod_userdir.so
					LoadModule version_module $apacheLibDirectoryPath/mod_version.so
					LoadModule vhost_alias_module $apacheLibDirectoryPath/mod_vhost_alias.so

					LoadModule dav_module $apacheLibDirectoryPath/mod_dav.so
					LoadModule dav_fs_module $apacheLibDirectoryPath/mod_dav_fs.so
					LoadModule dav_lock_module $apacheLibDirectoryPath/mod_dav_lock.so

					LoadModule lua_module $apacheLibDirectoryPath/mod_lua.so
					
					LoadModule mpm_prefork_module $apacheLibDirectoryPath/mod_mpm_prefork.so
#					LoadModule mpm_worker_module $apacheLibDirectoryPath/mod_mpm_worker.so
#					LoadModule mpm_event_module $apacheLibDirectoryPath/mod_mpm_event.so
					
					LoadModule proxy_module $apacheLibDirectoryPath/mod_proxy.so
					LoadModule lbmethod_bybusyness_module $apacheLibDirectoryPath/mod_lbmethod_bybusyness.so
					LoadModule lbmethod_byrequests_module $apacheLibDirectoryPath/mod_lbmethod_byrequests.so
					LoadModule lbmethod_bytraffic_module $apacheLibDirectoryPath/mod_lbmethod_bytraffic.so
					LoadModule lbmethod_heartbeat_module $apacheLibDirectoryPath/mod_lbmethod_heartbeat.so
					LoadModule proxy_ajp_module $apacheLibDirectoryPath/mod_proxy_ajp.so
					LoadModule proxy_balancer_module $apacheLibDirectoryPath/mod_proxy_balancer.so
					LoadModule proxy_connect_module $apacheLibDirectoryPath/mod_proxy_connect.so
					LoadModule proxy_express_module $apacheLibDirectoryPath/mod_proxy_express.so
					LoadModule proxy_fcgi_module $apacheLibDirectoryPath/mod_proxy_fcgi.so
					LoadModule proxy_fdpass_module $apacheLibDirectoryPath/mod_proxy_fdpass.so
					LoadModule proxy_ftp_module $apacheLibDirectoryPath/mod_proxy_ftp.so
					LoadModule proxy_http_module $apacheLibDirectoryPath/mod_proxy_http.so
					LoadModule proxy_scgi_module $apacheLibDirectoryPath/mod_proxy_scgi.so
					LoadModule proxy_wstunnel_module $apacheLibDirectoryPath/mod_proxy_wstunnel.so

					LoadModule systemd_module $apacheLibDirectoryPath/mod_systemd.so
					
					<IfModule mpm_worker_module>
						LoadModule cgid_module $apacheLibDirectoryPath/mod_cgid.so
					</IfModule>
					<IfModule mpm_event_module>
						LoadModule cgid_module $apacheLibDirectoryPath/mod_cgid.so
					</IfModule>
					<IfModule mpm_prefork_module>
						LoadModule cgi_module $apacheLibDirectoryPath/mod_cgi.so
					</IfModule>
					
#					<IfModule prefork.c>
#						LoadModule php5_module $apacheLibDirectoryPath/libphp5.so
#					</IfModule>
				"
				if [file exists $apacheLibDirectoryPath/libphp5.so] {	;# added by GJFB in 2023-10-13
					append LoadModule "
						LoadModule php5_module $apacheLibDirectoryPath/libphp5.so
					"
				}
				if [file exists $apacheLibDirectoryPath/libphp.so] {	;# added by GJFB in 2024-05-05 (plutao)
					append LoadModule "
						LoadModule php_module $apacheLibDirectoryPath/libphp.so
					"
				}
			}
			
			if {[regexp {2.4} $apacheVersion] && [string equal {Ubuntu} $linuxDistribution]} {
# urlibservice.eng.registro.br - Apache 2.4.18
# see the available modules in /etc/apache2/mods-available
				set LoadModule "
# implicit loading of the modules in /usr/lib/apache2/modules
					IncludeOptional /etc/apache2/mods-enabled/*.load
					IncludeOptional /etc/apache2/mods-enabled/*.conf
					
# explicit loading of the modules in /usr/lib/apache2/modules
					# one # means that the module of 2.2 is not avaliable with 2.4
					# two ## means that the module is among the enabled modules
					# the loading order is meaningful, e.g., cache_module must be before cache_disk_module
					
					LoadModule actions_module $apacheLibDirectoryPath/mod_actions.so
					## LoadModule alias_module $apacheLibDirectoryPath/mod_alias.so
					LoadModule asis_module $apacheLibDirectoryPath/mod_asis.so
					## LoadModule auth_basic_module $apacheLibDirectoryPath/mod_auth_basic.so
# auth_digest:error pid 2201:tid 139970219648896 (2)No such file or directory: AH01762: Failed to create shared memory segment on file /var/run/apache2/authdigest_shm.2201

# auth_digest_module need to create shared memory segment on a file in directory /var/run/apache2
# the directory /var/run/apache2 doesn't exist and must be created:
# mkdir /var/run/apache2
# chown root:root /var/run/apache2
# chmod 0710 /etc/apache2
# see https://ma.ttias.be/apache-2-4-ah01762-ah01760-failed-to-initialize-shm-shared-memory-segment/
# in 2018-12-10 the directory /var/run/apache2 was removed at reboot and needed to be recreated manually (see above)
					LoadModule auth_digest_module $apacheLibDirectoryPath/mod_auth_digest.so
					# LoadModule authn_alias_module $apacheLibDirectoryPath/mod_authn_alias.so
					LoadModule authn_anon_module $apacheLibDirectoryPath/mod_authn_anon.so
					LoadModule authn_dbd_module $apacheLibDirectoryPath/mod_authn_dbd.so
					LoadModule authn_dbm_module $apacheLibDirectoryPath/mod_authn_dbm.so
					# LoadModule authn_default_module $apacheLibDirectoryPath/mod_authn_default.so
					## LoadModule authn_file_module $apacheLibDirectoryPath/mod_authn_file.so
					LoadModule authz_dbm_module $apacheLibDirectoryPath/mod_authz_dbm.so
					# LoadModule authz_default_module $apacheLibDirectoryPath/mod_authz_default.so
					LoadModule authz_groupfile_module $apacheLibDirectoryPath/mod_authz_groupfile.so
					## LoadModule authz_host_module $apacheLibDirectoryPath/mod_authz_host.so
					LoadModule authnz_ldap_module $apacheLibDirectoryPath/mod_authnz_ldap.so
					LoadModule authz_owner_module $apacheLibDirectoryPath/mod_authz_owner.so
					## LoadModule authz_user_module $apacheLibDirectoryPath/mod_authz_user.so
					## LoadModule autoindex_module $apacheLibDirectoryPath/mod_autoindex.so
#					LoadModule buffer_module $apacheLibDirectoryPath/mod_buffer.so
					LoadModule cache_module $apacheLibDirectoryPath/mod_cache.so
					LoadModule cache_disk_module $apacheLibDirectoryPath/mod_cache_disk.so
					# LoadModule cern_meta_module $apacheLibDirectoryPath/mod_cern_meta.so
					LoadModule cgi_module $apacheLibDirectoryPath/mod_cgi.so
					LoadModule dav_module $apacheLibDirectoryPath/mod_dav.so
					LoadModule dav_fs_module $apacheLibDirectoryPath/mod_dav_fs.so
					LoadModule dbd_module $apacheLibDirectoryPath/mod_dbd.so
					## LoadModule deflate_module $apacheLibDirectoryPath/mod_deflate.so
# LoadModule dir_module is not required - (2022-02-22) AH01574: module dir_module is already loaded, skipping
					## LoadModule dir_module $apacheLibDirectoryPath/mod_dir.so
					LoadModule dumpio_module $apacheLibDirectoryPath/mod_dumpio.so
					## LoadModule env_module $apacheLibDirectoryPath/mod_env.so
					LoadModule expires_module $apacheLibDirectoryPath/mod_expires.so
					LoadModule ext_filter_module $apacheLibDirectoryPath/mod_ext_filter.so
					## LoadModule filter_module $apacheLibDirectoryPath/mod_filter.so
					LoadModule headers_module $apacheLibDirectoryPath/mod_headers.so
					LoadModule ident_module $apacheLibDirectoryPath/mod_ident.so
					LoadModule info_module $apacheLibDirectoryPath/mod_info.so
					LoadModule include_module $apacheLibDirectoryPath/mod_include.so
# ldap_module need slotmem_shm_module
					LoadModule slotmem_shm_module $apacheLibDirectoryPath/mod_slotmem_shm.so
					LoadModule ldap_module $apacheLibDirectoryPath/mod_ldap.so
					# LoadModule log_config_module $apacheLibDirectoryPath/mod_log_config.so
					LoadModule log_forensic_module $apacheLibDirectoryPath/mod_log_forensic.so
					# LoadModule logio_module $apacheLibDirectoryPath/mod_logio.so
					LoadModule mime_magic_module $apacheLibDirectoryPath/mod_mime_magic.so
					## LoadModule mime_module $apacheLibDirectoryPath/mod_mime.so
					## LoadModule negotiation_module $apacheLibDirectoryPath/mod_negotiation.so
					LoadModule proxy_module $apacheLibDirectoryPath/mod_proxy.so
					LoadModule proxy_ajp_module $apacheLibDirectoryPath/mod_proxy_ajp.so
					LoadModule proxy_balancer_module $apacheLibDirectoryPath/mod_proxy_balancer.so
					LoadModule proxy_connect_module $apacheLibDirectoryPath/mod_proxy_connect.so
					LoadModule proxy_ftp_module $apacheLibDirectoryPath/mod_proxy_ftp.so
					LoadModule proxy_http_module $apacheLibDirectoryPath/mod_proxy_http.so
					LoadModule rewrite_module $apacheLibDirectoryPath/mod_rewrite.so
					## LoadModule setenvif_module $apacheLibDirectoryPath/mod_setenvif.so
					## LoadModule status_module $apacheLibDirectoryPath/mod_status.so
					LoadModule substitute_module $apacheLibDirectoryPath/mod_substitute.so
					LoadModule unique_id_module $apacheLibDirectoryPath/mod_unique_id.so
					LoadModule userdir_module $apacheLibDirectoryPath/mod_userdir.so
					LoadModule usertrack_module $apacheLibDirectoryPath/mod_usertrack.so
					# LoadModule version_module $apacheLibDirectoryPath/mod_version.so
					LoadModule vhost_alias_module $apacheLibDirectoryPath/mod_vhost_alias.so
				"
			}
			
#			if [regexp {^(2.2.13|2.2.15|2.2.16|2.2.19|2.2.22)$} $apacheVersion] #
			if {[regexp {2.2} $apacheVersion] && [regexp {CentOS|Unix} $linuxDistribution]} {
# Apache 2.2.15
# CentOS distribution (md-m09.sid.inpe.br) doesn't have the following three modules:
# LoadModule file_cache_module $apacheLibDirectoryPath/mod_file_cache.so
# LoadModule mem_cache_module $apacheLibDirectoryPath/mod_mem_cache.so
# LoadModule imagemap_module $apacheLibDirectoryPath/mod_imagemap.so

				set LoadModule "
					LoadModule authn_file_module $apacheLibDirectoryPath/mod_authn_file.so
					LoadModule authn_dbm_module $apacheLibDirectoryPath/mod_authn_dbm.so
					LoadModule authn_anon_module $apacheLibDirectoryPath/mod_authn_anon.so
					LoadModule authn_dbd_module $apacheLibDirectoryPath/mod_authn_dbd.so
					LoadModule authn_default_module $apacheLibDirectoryPath/mod_authn_default.so
					LoadModule authn_alias_module $apacheLibDirectoryPath/mod_authn_alias.so
					LoadModule authz_host_module $apacheLibDirectoryPath/mod_authz_host.so
					LoadModule authz_groupfile_module $apacheLibDirectoryPath/mod_authz_groupfile.so
					LoadModule authz_user_module $apacheLibDirectoryPath/mod_authz_user.so
					LoadModule authz_dbm_module $apacheLibDirectoryPath/mod_authz_dbm.so
					LoadModule authz_owner_module $apacheLibDirectoryPath/mod_authz_owner.so
					LoadModule authnz_ldap_module $apacheLibDirectoryPath/mod_authnz_ldap.so
					LoadModule authz_default_module $apacheLibDirectoryPath/mod_authz_default.so
					LoadModule auth_basic_module $apacheLibDirectoryPath/mod_auth_basic.so
					LoadModule auth_digest_module $apacheLibDirectoryPath/mod_auth_digest.so
					#LoadModule file_cache_module $apacheLibDirectoryPath/mod_file_cache.so
					LoadModule cache_module $apacheLibDirectoryPath/mod_cache.so
					LoadModule disk_cache_module $apacheLibDirectoryPath/mod_disk_cache.so
					#LoadModule mem_cache_module $apacheLibDirectoryPath/mod_mem_cache.so
					LoadModule dbd_module $apacheLibDirectoryPath/mod_dbd.so
					LoadModule dumpio_module $apacheLibDirectoryPath/mod_dumpio.so
					##LoadModule reqtimeout_module $apacheLibDirectoryPath/mod_reqtimeout.so
					LoadModule ext_filter_module $apacheLibDirectoryPath/mod_ext_filter.so
					LoadModule include_module $apacheLibDirectoryPath/mod_include.so
					LoadModule filter_module $apacheLibDirectoryPath/mod_filter.so
					LoadModule substitute_module $apacheLibDirectoryPath/mod_substitute.so
					LoadModule deflate_module $apacheLibDirectoryPath/mod_deflate.so
					LoadModule ldap_module $apacheLibDirectoryPath/mod_ldap.so
					LoadModule log_config_module $apacheLibDirectoryPath/mod_log_config.so
					LoadModule log_forensic_module $apacheLibDirectoryPath/mod_log_forensic.so
					LoadModule logio_module $apacheLibDirectoryPath/mod_logio.so
					LoadModule env_module $apacheLibDirectoryPath/mod_env.so
					LoadModule mime_magic_module $apacheLibDirectoryPath/mod_mime_magic.so
					LoadModule cern_meta_module $apacheLibDirectoryPath/mod_cern_meta.so
					LoadModule expires_module $apacheLibDirectoryPath/mod_expires.so
					LoadModule headers_module $apacheLibDirectoryPath/mod_headers.so
					LoadModule ident_module $apacheLibDirectoryPath/mod_ident.so
					LoadModule usertrack_module $apacheLibDirectoryPath/mod_usertrack.so
					LoadModule unique_id_module $apacheLibDirectoryPath/mod_unique_id.so
					LoadModule setenvif_module $apacheLibDirectoryPath/mod_setenvif.so
					LoadModule version_module $apacheLibDirectoryPath/mod_version.so
					LoadModule proxy_module $apacheLibDirectoryPath/mod_proxy.so
					LoadModule proxy_connect_module $apacheLibDirectoryPath/mod_proxy_connect.so
					LoadModule proxy_ftp_module $apacheLibDirectoryPath/mod_proxy_ftp.so
					LoadModule proxy_http_module $apacheLibDirectoryPath/mod_proxy_http.so
					##LoadModule proxy_scgi_module $apacheLibDirectoryPath/mod_proxy_scgi.so
					LoadModule proxy_ajp_module $apacheLibDirectoryPath/mod_proxy_ajp.so
					LoadModule proxy_balancer_module $apacheLibDirectoryPath/mod_proxy_balancer.so
					###LoadModule ssl_module $apacheLibDirectoryPath/mod_ssl.so
					LoadModule mime_module $apacheLibDirectoryPath/mod_mime.so
					LoadModule dav_module $apacheLibDirectoryPath/mod_dav.so
					LoadModule status_module $apacheLibDirectoryPath/mod_status.so
					LoadModule autoindex_module $apacheLibDirectoryPath/mod_autoindex.so
					LoadModule asis_module $apacheLibDirectoryPath/mod_asis.so
					LoadModule info_module $apacheLibDirectoryPath/mod_info.so
					LoadModule cgi_module $apacheLibDirectoryPath/mod_cgi.so
					LoadModule dav_fs_module $apacheLibDirectoryPath/mod_dav_fs.so
					LoadModule vhost_alias_module $apacheLibDirectoryPath/mod_vhost_alias.so
					LoadModule negotiation_module $apacheLibDirectoryPath/mod_negotiation.so
					LoadModule dir_module $apacheLibDirectoryPath/mod_dir.so
					#LoadModule imagemap_module $apacheLibDirectoryPath/mod_imagemap.so
					LoadModule actions_module $apacheLibDirectoryPath/mod_actions.so
					LoadModule userdir_module $apacheLibDirectoryPath/mod_userdir.so
					LoadModule alias_module $apacheLibDirectoryPath/mod_alias.so
					LoadModule rewrite_module $apacheLibDirectoryPath/mod_rewrite.so
				"
				if [file exists $apacheLibDirectoryPath/libphp5.so] {
					append LoadModule "
						LoadModule php5_module $apacheLibDirectoryPath/libphp5.so
					"
				}

			}
if 0 {
# commented by GJFB in 2021-12-19
			if [regexp {^(2.2.13|2.2.16|2.2.19|2.2.22)$} $apacheVersion] {
# this modules are not in the Centos distribution (md-m09.sid.inpe.br)
				append LoadModule "
					LoadModule file_cache_module $apacheLibDirectoryPath/mod_file_cache.so
					LoadModule mem_cache_module $apacheLibDirectoryPath/mod_mem_cache.so
					LoadModule imagemap_module $apacheLibDirectoryPath/mod_imagemap.so
				"
			}
# this modules are in the Centos distribution (md-m09.sid.inpe.br) and not above:
# LoadModule speling_module modules/mod_speling.so
# LoadModule suexec_module modules/mod_suexec.so

			if [regexp {^(2.2.16|2.2.19|2.2.22)$} $apacheVersion] {
				append LoadModule "
					LoadModule reqtimeout_module $apacheLibDirectoryPath/mod_reqtimeout.so
					LoadModule proxy_scgi_module $apacheLibDirectoryPath/mod_proxy_scgi.so
				"
			}
}
			if [regexp {1.3} $apacheVersion] {
# apache 1.3.37 with socket and mail, coming from Mandrake at netuno.dpi.inpe.br
				set LoadModule "LoadModule php4_module \"$apacheLibDirectoryPath/libphp4.so\""
			}
			if {[string compare {SuSE 8.2} $linuxDistribution] == 0} {
# SuSE 8.2
# (matrix.lac.inpe.br)
				set LoadModule "
					LoadModule mmap_static_module $apacheLibDirectoryPath/mod_mmap_static.so
					LoadModule vhost_alias_module $apacheLibDirectoryPath/mod_vhost_alias.so
					LoadModule env_module         $apacheLibDirectoryPath/mod_env.so
					LoadModule define_module      $apacheLibDirectoryPath/mod_define.so
					LoadModule config_log_module  $apacheLibDirectoryPath/mod_log_config.so
					LoadModule agent_log_module   $apacheLibDirectoryPath/mod_log_agent.so
					LoadModule referer_log_module $apacheLibDirectoryPath/mod_log_referer.so
					LoadModule mime_magic_module  $apacheLibDirectoryPath/mod_mime_magic.so
					LoadModule mime_module        $apacheLibDirectoryPath/mod_mime.so
					LoadModule negotiation_module $apacheLibDirectoryPath/mod_negotiation.so
					LoadModule status_module      $apacheLibDirectoryPath/mod_status.so
					LoadModule info_module        $apacheLibDirectoryPath/mod_info.so
					LoadModule includes_module    $apacheLibDirectoryPath/mod_include.so
					LoadModule autoindex_module   $apacheLibDirectoryPath/mod_autoindex.so
					LoadModule dir_module         $apacheLibDirectoryPath/mod_dir.so
					LoadModule cgi_module         $apacheLibDirectoryPath/mod_cgi.so
					LoadModule asis_module        $apacheLibDirectoryPath/mod_asis.so
					LoadModule imap_module        $apacheLibDirectoryPath/mod_imap.so
					LoadModule action_module      $apacheLibDirectoryPath/mod_actions.so
					LoadModule speling_module     $apacheLibDirectoryPath/mod_speling.so
					# mod_userdir will be included below by SuSEconfig if HTTPD_SEC_PUBLIC_HTML=yes
					LoadModule alias_module       $apacheLibDirectoryPath/mod_alias.so
					LoadModule rewrite_module     $apacheLibDirectoryPath/mod_rewrite.so
					LoadModule access_module      $apacheLibDirectoryPath/mod_access.so
					LoadModule auth_module        $apacheLibDirectoryPath/mod_auth.so
					LoadModule anon_auth_module   $apacheLibDirectoryPath/mod_auth_anon.so
					LoadModule dbm_auth_module    $apacheLibDirectoryPath/mod_auth_dbm.so
					LoadModule db_auth_module     $apacheLibDirectoryPath/mod_auth_db.so
					LoadModule digest_module      $apacheLibDirectoryPath/mod_digest.so
					LoadModule proxy_module       $apacheLibDirectoryPath/libproxy.so
					LoadModule cern_meta_module   $apacheLibDirectoryPath/mod_cern_meta.so
					LoadModule expires_module     $apacheLibDirectoryPath/mod_expires.so
					LoadModule headers_module     $apacheLibDirectoryPath/mod_headers.so
					LoadModule usertrack_module   $apacheLibDirectoryPath/mod_usertrack.so
					# LoadModule unique_id_module   $apacheLibDirectoryPath/mod_unique_id.so
					LoadModule setenvif_module    $apacheLibDirectoryPath/mod_setenvif.so
					<IfDefine DUMMYSSL>
					LoadModule ssl_module         $apacheLibDirectoryPath/libssl.so
					</IfDefine>
					
					# Include /etc/httpd/suse_loadmodule.conf
					
					ClearModuleList
					AddModule mod_mmap_static.c
					AddModule mod_vhost_alias.c
					AddModule mod_env.c
					AddModule mod_define.c
					AddModule mod_log_config.c
					AddModule mod_log_agent.c
					AddModule mod_log_referer.c
					AddModule mod_mime_magic.c
					AddModule mod_mime.c
					AddModule mod_negotiation.c
					AddModule mod_status.c
					AddModule mod_info.c
					AddModule mod_include.c
					AddModule mod_autoindex.c
					AddModule mod_dir.c
					AddModule mod_cgi.c
					AddModule mod_asis.c
					AddModule mod_imap.c
					AddModule mod_actions.c
					AddModule mod_speling.c
					# mod_userdir will be included below by SuSEconfig if HTTPD_SEC_PUBLIC_HTML=yes
					AddModule mod_alias.c
					AddModule mod_rewrite.c
					AddModule mod_access.c
					AddModule mod_auth.c
					AddModule mod_auth_anon.c
					AddModule mod_auth_dbm.c
					AddModule mod_auth_db.c
					AddModule mod_digest.c
					AddModule mod_proxy.c
					AddModule mod_cern_meta.c
					AddModule mod_expires.c
					AddModule mod_headers.c
					AddModule mod_usertrack.c
					# AddModule mod_unique_id.c
					AddModule mod_so.c
					AddModule mod_setenvif.c
					<IfDefine DUMMYSSL>
					AddModule mod_ssl.c
					</IfDefine>
					
					# Include /etc/httpd/suse_addmodule.conf
					
				"
			}

		}
		if {$tcl_platform(os) == "FreeBSD"} {
			set LoadModule "
				LoadModule mmap_static_module $apacheLibDirectoryPath/mod_mmap_static.so
				LoadModule vhost_alias_module $apacheLibDirectoryPath/mod_vhost_alias.so
				LoadModule env_module         $apacheLibDirectoryPath/mod_env.so
				LoadModule define_module      $apacheLibDirectoryPath/mod_define.so
				LoadModule config_log_module  $apacheLibDirectoryPath/mod_log_config.so
				LoadModule mime_magic_module  $apacheLibDirectoryPath/mod_mime_magic.so
				LoadModule mime_module        $apacheLibDirectoryPath/mod_mime.so
				LoadModule negotiation_module $apacheLibDirectoryPath/mod_negotiation.so
				LoadModule status_module      $apacheLibDirectoryPath/mod_status.so
				LoadModule info_module        $apacheLibDirectoryPath/mod_info.so
				LoadModule includes_module    $apacheLibDirectoryPath/mod_include.so
				LoadModule autoindex_module   $apacheLibDirectoryPath/mod_autoindex.so
				LoadModule dir_module         $apacheLibDirectoryPath/mod_dir.so
				LoadModule cgi_module         $apacheLibDirectoryPath/mod_cgi.so
				LoadModule asis_module        $apacheLibDirectoryPath/mod_asis.so
				LoadModule imap_module        $apacheLibDirectoryPath/mod_imap.so
				LoadModule action_module      $apacheLibDirectoryPath/mod_actions.so
				LoadModule speling_module     $apacheLibDirectoryPath/mod_speling.so
				#LoadModule userdir_module     $apacheLibDirectoryPath/mod_userdir.so
				LoadModule alias_module       $apacheLibDirectoryPath/mod_alias.so
				LoadModule rewrite_module     $apacheLibDirectoryPath/mod_rewrite.so
				LoadModule access_module      $apacheLibDirectoryPath/mod_access.so
				LoadModule auth_module        $apacheLibDirectoryPath/mod_auth.so
				LoadModule anon_auth_module   $apacheLibDirectoryPath/mod_auth_anon.so
				LoadModule db_auth_module     $apacheLibDirectoryPath/mod_auth_db.so
				LoadModule digest_module      $apacheLibDirectoryPath/mod_digest.so
				LoadModule proxy_module       $apacheLibDirectoryPath/libproxy.so
				LoadModule cern_meta_module   $apacheLibDirectoryPath/mod_cern_meta.so
				LoadModule expires_module     $apacheLibDirectoryPath/mod_expires.so
				LoadModule headers_module     $apacheLibDirectoryPath/mod_headers.so
				LoadModule usertrack_module   $apacheLibDirectoryPath/mod_usertrack.so
				LoadModule unique_id_module   $apacheLibDirectoryPath/mod_unique_id.so
				LoadModule setenvif_module    $apacheLibDirectoryPath/mod_setenvif.so
				LoadModule php4_module        $apacheLibDirectoryPath/libphp4.so
				<IfDefine SSL>
				LoadModule ssl_module         $apacheLibDirectoryPath/libssl.so
				LoadModule perl_module        $apacheLibDirectoryPath/libperl.so
				</IfDefine>
				
				ClearModuleList
				AddModule mod_mmap_static.c
				AddModule mod_vhost_alias.c
				AddModule mod_env.c
				AddModule mod_define.c
				AddModule mod_log_config.c
				AddModule mod_mime_magic.c
				AddModule mod_mime.c
				AddModule mod_negotiation.c
				AddModule mod_status.c
				AddModule mod_info.c
				AddModule mod_include.c
				AddModule mod_autoindex.c
				AddModule mod_dir.c
				AddModule mod_cgi.c
				AddModule mod_asis.c
				AddModule mod_imap.c
				AddModule mod_actions.c
				AddModule mod_speling.c
				#AddModule mod_userdir.c
				AddModule mod_alias.c
				AddModule mod_rewrite.c
				AddModule mod_access.c
				AddModule mod_auth.c
				AddModule mod_auth_anon.c
				AddModule mod_auth_db.c
				AddModule mod_digest.c
				AddModule mod_proxy.c
				AddModule mod_cern_meta.c
				AddModule mod_expires.c
				AddModule mod_headers.c
				AddModule mod_usertrack.c
				AddModule mod_unique_id.c
				AddModule mod_so.c
				AddModule mod_setenvif.c
				AddModule mod_php4.c
				<IfDefine SSL>
				AddModule mod_ssl.c
				AddModule mod_perl.c
				</IfDefine>
			"
		}
	}
# Set root and LoadModule ================================ - end
if 0 {
# doesn't work - the regular expression ([^.].*) doesn't work - just works (.*)
# Set RedirectMatch
# urlib.net/www/2014/03.16.03.40 is the repository for the Archive service for IBI resolution
# [^.] below is to select just loCoInRep and not another repository (for example loBiMiRep) having the same month, day, hour and minute
	set RedirectMatch "
		RedirectMatch ^/rep/${loCoInRep}(\[^.\].*) \"http://$localSite/rep/urlib.net/www/2014/03.16.03.40\$1\"
		RedirectMatch ^/rep-/${loCoInRep}(\[^.\].*) \"http://$localSite/rep-/urlib.net/www/2014/03.16.03.40\$1\"
	"
# Set RedirectMatch - end
}

#	LoadService $loCoInRep identifier loCoInRepIdentifier 1 1

# Set ScriptAlias
# see also MakeAllCgiScripts
# >>> changes in ScriptAlias require reboot with Ubuntu
# otherwise, http://urlib.net/QABCDSTQQW/45RKPT5/sendSubmissionConfirmationEMail.cgi?...
# results in:
# Get- (3): HTTP/1.1 404 Not Found http://www.urlib.net/col/urlib.net/www/2021/11.23.19.44/doc/sendSubmissionConfirmationEMail.cgi?...
	set ScriptAlias "
		ScriptAlias /advertising.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/advertising.cgi\"
		ScriptAlias /checkchange.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/checkchange.cgi\"
		ScriptAlias /copyright.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/copyright.cgi\"
		ScriptAlias /createpage.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/createpage.cgi\"
#		ScriptAlias /processreview.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/processreview.cgi\"
		ScriptAlias /createindex.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/createindex.cgi\"
		ScriptAlias /download.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/download.cgi\"
		ScriptAlias /archive.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/archive.cgi\"
		ScriptAlias /attachment.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/attachment.cgi\"
		ScriptAlias /export.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/export.cgi\"
		ScriptAlias /rep- \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/get-\"
		ScriptAlias /ibi- \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/get-\"
#		ScriptAlias /ibi- \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/getibi-\"
		ScriptAlias /zip \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/get-\"
		ScriptAlias /rep \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/get\"
		ScriptAlias /ibi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/get\"
#		ScriptAlias /ibi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/getibi\"
#		ScriptAlias /getibiproperties \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/getibiproperties\"
		ScriptAlias /getprogress \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/getprogress\"
		ScriptAlias /cover \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/cover\"
		ScriptAlias /find- \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/mirrorfind-.cgi\"
		ScriptAlias /cgi/stat \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/statistics.cgi\"
		ScriptAlias /statistics.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/statistics.cgi\"
		ScriptAlias /info \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/info\"
		ScriptAlias /test2 \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/test2\"
		ScriptAlias /resolve \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/resolve\"
		ScriptAlias /getenv \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/getenv\"
		ScriptAlias /displaydoccontent.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/displaydoccontent.cgi\"
#		ScriptAlias /update \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/update\"
#		ScriptAlias /review \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/review\"

# the line below speeds up the access to the archive service compared to the solution in CreatePage
		ScriptAlias /${loCoInRep} \"$homePath/col/urlib.net/www/2014/03.16.03.40/auxdoc/cgi/script.cgi\"
##		ScriptAlias /rep-/${loCoInRep} \"$homePath/col/urlib.net/www/2014/03.16.03.40/auxdoc/cgi/script.cgi\"
##		RewriteRule ^/${loCoInRep} /83LX3pFwXQZeBBx/fJ3Bm
		ScriptAlias /findsimilarrecords.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/findsimilarrecords.cgi\"
	"
if 0 {
# commented by GJFB in 2020-09-12
	if $environmentArray(spUseUserAuthentication) {
# added by GJFB in 2020-07-22 - required when setting the option Use User Authentication in Setting the Preferences in the URLibServive window 
		append ScriptAlias "
			ScriptAlias /customizeerror.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi2/customizeerror.cgi\"
		"
	} else {
		append ScriptAlias "
			ScriptAlias /customizeerror.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/customizeerror.cgi\"
		"
	}
} else {
# added by GJFB in 2020-09-12 - required to display a customized error message even when the other cgi scripts are forbidden
		append ScriptAlias "
			ScriptAlias /customizeerror.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/freeAccessCGI/customizeerror.cgi\"
		"
}
	if ![string equal {} $loCoInId] {	;# old sites (up to 2023-03-07) might have a Local Index Collection without ibip or ibin
		append ScriptAlias "
# the line below speeds up the access to the archive service compared to the solution in CreatePage - the line was added by GJFB in 2017-10-06
			ScriptAlias /${loCoInId} \"$homePath/col/urlib.net/www/2014/03.16.03.40/auxdoc/cgi/script.cgi\"
		"
	}
if 0 {
# testing the above two ScriptAlias
http://vaio:1905/dpi.inpe.br/banon/1999/01.09.22.14
http://vaio:1905/dpi.inpe.br/banon/1999/01.09.22.14?servicesubject=urlRequest&clientinformation.ipaddress=127.0.0.1&parsedibiurl.ibi=J8LNKB5R7W/3PP67L2
http://vaio:1905/83LX3pFwXQZeBBx/fJ3Bm
http://vaio:1905/83LX3pFwXQZeBBx/fJ3Bm?servicesubject=urlRequest&clientinformation.ipaddress=127.0.0.1&parsedibiurl.ibi=J8LNKB5R7W/3PP67L2
}
# RewriteRule ^/${loCoInRep} needs unexisting module with Apache/1.3.27
# ScriptAlias /${loCoInRepIdentifier} \"$homePath/col/urlib.net/www/2014/03.16.03.40/auxdoc/cgi/script.cgi\"
# doesn't work with Apache/2.2.19 (Unix) DAV/2 PHP/5.2.17 Server at www.urlib.net Port 80
# returns for example:  [warn] The ScriptAlias directive in /mnt/dados1/URLib20/col/dpi.inpe.br/banon/1998/08.02.08.56/auxdoc/serverDir/conf/VirtualHost/800 at line 750 will probably never match because it overlaps an earlier ScriptAlias.
# ScriptAlias /${loCoInRep} \"$homePath/col/urlib.net/www/2014/03.16.03.40/auxdoc/cgi/script.cgi\" was introduced while programming Get- in 2015-01-03

# repositoryList
#	regsub -all {,history} [array names repositoryProperties *,history] {} repositoryList
	regsub -all {,type} [array names repositoryProperties *,type] {} repositoryList2
	set repositoryList {}
	foreach rep $repositoryList2 {
		if [TestContentType $rep Metadata] {continue}
		lappend repositoryList $rep
	}

	foreach rep $repositoryList {
		if [TestContentType $rep {^(CGI Script|Submission Form)$}] {
			if [info exists repositoryProperties($rep,cgiscriptnamelist)] {
# can't read "repositoryProperties(sid.inpe.br/mtc-m19/2013/06.06.13.32,cgiscriptnamelist)": no such element in array - INPE submission forms for uploading files 
				set cgiScriptNameList $repositoryProperties($rep,cgiscriptnamelist)
				foreach cgiScriptName $cgiScriptNameList {
					set ScriptAlias \
"$ScriptAlias
ScriptAlias /col/$rep/doc/$cgiScriptName \"$homePath/col/$rep/auxdoc/cgi/$cgiScriptName\"
"
				}
# USING IDENTIFIER
				LoadService $rep identifier identifier 1 1
				if ![string equal {} $identifier] {
					foreach cgiScriptName $cgiScriptNameList {
						set ScriptAlias \
"$ScriptAlias
ScriptAlias /$identifier \"$homePath/col/$rep/auxdoc/cgi/$cgiScriptName\"
"
					}
				}
			}
		} elseif {[TestContentType $rep Mirror]} {
			set ScriptAlias \
"$ScriptAlias
ScriptAlias /col/$rep/doc/mirror.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/mirror.cgi/$rep\"
"
# mirrorrecent.cgi added by GJFB in 2021-04-22 - reboot of urlibservice.eng.registro.br was necessary when first using mirrorrecent.cgi, otherwise one gets 'Requested file not found.' from time to time
			set ScriptAlias \
"$ScriptAlias
ScriptAlias /col/$rep/doc/mirrorrecent.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/mirrorrecent.cgi/$rep\"
"
#			if ![file exists $homePath/col/$rep/service/searchPermission] {
				set ScriptAlias \
"$ScriptAlias
ScriptAlias /col/$rep/doc/mirrorsearch.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/mirrorsearch.cgi/$rep\"
"
#			}
			set ScriptAlias \
"$ScriptAlias
ScriptAlias /col/$rep/doc/mirrorget.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/mirrorget.cgi/$rep\"
"
			set ScriptAlias \
"$ScriptAlias
ScriptAlias /col/$rep/doc/submit.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/submit.cgi\"
"
			set ScriptAlias \
"$ScriptAlias
ScriptAlias /col/$rep/doc/confirm.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/confirm.cgi/$rep\"
"
			set ScriptAlias \
"$ScriptAlias
ScriptAlias /col/$rep/doc/search.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/search.cgi/$rep\"
"
			set ScriptAlias \
"$ScriptAlias
ScriptAlias /col/$rep/doc/register.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/register.cgi\"
"
if 1 {
			set ScriptAlias \
"$ScriptAlias
ScriptAlias /col/$rep/doc/processreview.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/processreview.cgi/$rep\"
"
}
			set ScriptAlias \
"$ScriptAlias
ScriptAlias /col/$rep/doc/forcenewpassword.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi2/forcenewpassword.cgi/$rep\"
"
		} elseif {[TestContentType $rep {Bibliography Data Base}]} {
			set ScriptAlias \
"$ScriptAlias
ScriptAlias /col/$rep/doc/metadata.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/metadata.cgi/$rep\"
"
		}
	}
# Set ScriptAlias - end

# Set deflate
	set deflate {}
	if [regexp {2.4} $apacheVersion] {
# m12 - Apache 2.4.6 and urlibservice.eng.registro.br - Apache 2.4.18
		set AddOutputFilterByType {AddOutputFilterByType DEFLATE text/plain}	;# by activing the output filter DEFLATE on text/plain media-type the default filter DEFLATE on text/html is desactivated and consequently the progressive display enabled - added by GJFB in 2018-09-05 - otherwise progressive display doesn't work with deflated output 
#		set RemoveOutputFilter {RemoveOutputFilter cgi}
if 0 {
		foreach rep $repositoryList {
			if {[TestContentType $rep Mirror]} {
				append deflate "
					<Location \"/col/$rep/doc/mirrorsearch.cgi\">
						$AddOutputFilterByType
					</Location>
				"
			}
		}
} else {
# simpler code added by GJFB in 2018-09-06
if 0 {
# commented by GJFB in 2021-04-22
 		append deflate "
			<LocationMatch \"^/col/\[^/\]+/\[^/\]+/\[^/\]+/\[^/\]+/doc/mirrorsearch.cgi\">
				$AddOutputFilterByType
			</LocationMatch>
		"
} else {
# added by GJFB in 2021-04-22 - match mirrorrecent and mirrorsearch
		append deflate "
			<LocationMatch \"^/col/\[^/\]+/\[^/\]+/\[^/\]+/\[^/\]+/doc/mirror\[rs\].+\\.cgi\">
				$AddOutputFilterByType
			</LocationMatch>
		"
}
}
		append deflate "
			<Location \"/col/$administratorPageRepository/doc/script.cgi\">
				$AddOutputFilterByType
			</Location>
		"
	}
# Set deflate - end

# Set AliasMatch
	set AliasMatch "
#		AliasMatch ^/test.php/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*) \"$homePath/col/iconet.com.br/banon/2004/01.18.12.58/doc/test.php/\$1\"
	"
# Set AliasMatch - end

# Set ScriptAliasMatch
# urlib.net/www/2014/03.16.03.40 is the repository for the Archive service for IBI resolution
# [^.] below is to select just loCoInRep and not another repository (for example loBiMiRep) having the same month, day, hour and minute
# doesn't work - the regular expression ([^.].*) doesn't work - just works (.*) - redirection is now done in ScriptAlias
	set ScriptAliasMatch "
##		ScriptAliasMatch ^/${loCoInRep}(\[^.\].*) \"$homePath/col/urlib.net/www/2014/03.16.03.40/auxdoc/cgi/script.cgi\$1\"
##		ScriptAliasMatch ^/${loCoInRep}\\?(.*$) \"$homePath/col/urlib.net/www/2014/03.16.03.40/auxdoc/cgi/script.cgi?\$1\"
#		ScriptAliasMatch ^/${loCoInRep}(.*) \"$homePath/col/urlib.net/www/2014/03.16.03.40/auxdoc/cgi/script.cgi\$1\"
#		ScriptAliasMatch ^/${loCoInRep}$ \"$homePath/col/urlib.net/www/2014/03.16.03.40/auxdoc/cgi/script.cgi\"
		ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/?$ \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/displaydoccontent.cgi/\$1\"
#		ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/goto-/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to-/\$2\"
#		ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/goto/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to/\$2\"
		ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/.*/?(goto-|goto)/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to/\$2/\$3\"
##		ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/.*/?(ibi-|ibi|doi)/(\[^/\]*/\[^/\]*.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to/\$2/\$3\"
##		ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/.*?/?(ibi-|ibi|doi|urn/ibi-|urn/ibi|urn/doi)/(\[^/\]*/\[^/\]*.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to/\$2/\$3\"

#		ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/.*/?(urn/ibi-|urn/ibi|urn/doi|urn/purl)/(\[^/\]*/\[^/\]*.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to/\$2/\$3\"
#		ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/.*/?fullypersistenthref/(ibi-|ibi|doi|purl)/(\[^/\]*/\[^/\]*.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to/\$2/\$3\"
		ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/.*/?fullypersistenthref/(urn/ibi)/(\[^/\]*/\[^/\]*.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to/\$2/\$3\"
		ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/.*/?fullypersistenthref/(ibi-|ibi|purl)/(\[^/\]*/\[^/\]*.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to/\$2/\$3\"
		ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/.*/?fullypersistenthref/(urn/doi)/(\[^/\]*/\[^/\]*.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to/\$2/\$3\"
#		ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/.*/?fullypersistenthref/(ibi-|ibi|doi|purl):(\[^/\]*/\[^/\]*.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to/\$2/\$3\"
# this last ScriptAliasMatch above works for both / and : in HTML but not in PDF with Firefox when using ':' 
#		ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/.*/?(ibi-|ibi|doi|purl)/(\[^/\]*/\[^/\]*.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to/\$2/\$3\"
		ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/.*/?(ibi-|ibi)/(\[^/\]*/\[^/\]*.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to/\$2/\$3\"

		ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/metadata.cgi \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/metadata.cgi/\$1\"
		ScriptAliasMatch ^/update/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*) \"$homePath/col/\$1/auxdoc/cgi2/update/\$1\"
		ScriptAliasMatch ^/review/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*) \"$homePath/col/\$1/auxdoc/cgi3/review/\$1\"
#		ScriptAliasMatch ^/from/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/to-/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to-/\$2\"
#		ScriptAliasMatch ^/from/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/(to-?)/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/\$2/\$3\"
		ScriptAliasMatch ^/search \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/mirrorsearch.cgi\"
		ScriptAliasMatch ^/(...\[^/\]\[^/\]+/\[^/.=\]+$) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/get-/\$1\"
		ScriptAliasMatch ^/(...\[^/\]\[^/\]+/\[^/\=]+/.+$) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/get-/\$1\"
	"
# line order is relevant

# the penultimate ScriptAliasMatch is to solve http://gerald/LK47B6W/E6H5HH and reject http://gerald/mirror/index2.html (redirection from http://gerald)
# the last ScriptAliasMatch is to solve http://gerald/LK47B6W/E6H5HH/Readme.html
# the first [^/] (at the fifth position) in the last two ScriptAliasMatch is to reject paths beginning with /col/ (the first part of the repository name (rep) and the prefix of a repository identifier (ibip or ibin) always contain more than 3 characters)
# the second part of a repository name (rep) and the suffix of a repository identifier (ibip or ibin) doesn't contain . (in this way the string /mirror/index2.html is rejected in the penultimate ScriptAliasMatch)
# the second part of a repository name (rep) and the suffix of a repository identifier (ibip or ibin) doesn't contain = (in this way the string /clipboard3/=/=/=/=/doc is rejected in the last two ScriptAliasMatch - this string is used in /col/dpi.inpe.br/banon-pc@1905/2005/02.19.00.40/doc/script.cgi)

# now works with casesensitive ibin:
# http://gerald/83LX3pFwXQZ52hzrGTdYCT/HFbbi/Gerald Banon.doc

# now works with caseinsensitive ibip:
# http://gerald/LK47B6W/E6H5HH/Readme.html
# http://gerald/lk47b6w/e6h5hh/Readme.html

# some old ScriptAliasMatch expressions:
# ScriptAliasMatch ^/(\[^/\]*\\.\[^/\]*/.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/get-/\$1\"
# ScriptAliasMatch ^/(\[^/i\]+\[ZwW\]\[^/\]*/.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/get-/\$1\"
# ScriptAliasMatch ^/(/(?!col/).*/.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/get-/\$1\"

# the three ScriptAliasMatch below were commented by GJFB in 2014-03-06 (now replaced by the above unique ScriptAliasMatch):
# ScriptAliasMatch ^/(\[^/\]+\\.\[^/\]+/.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/get-/\$1\"
# ScriptAliasMatch ^/(\[^/01lIO\]+X\[^/01lIO\]+Z\[^/01lIOX\]+Y\[^/01lIOX/]*/.*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/get-/\$1\"
# ScriptAliasMatch ^/(\[^/\]*/\[^/.\]+$) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/get-/\$1\"
## the suffix of the repository identifier doesn't contain . (in this way the string mirror/index2.html is rejected using the regular expression ^/(\[^/\]*/\[^/.\]+$))

# commented by GJFB in 2013-09-21 (doesn't allow file path):
# ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/goto-/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to-/\$2\"
# ScriptAliasMatch ^/col/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/doc/goto/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to/\$2\"
# ScriptAliasMatch ^/from/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*)/to-/(\[^/\]*/\[^/\]*/\[^/\]*/\[^/\]*) \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/from/\$1/to-/\$2\"

# Set ScriptAliasMatch - end

# Set access, httpd and srm

# Set access

# compute default access
	foreach {defaultAuthenticationFlag spDocAccessPermission spDownloadAccessPermission directivesForCGI} [ComputeDefaultAccess $ipAddress] {break}

if 1 {
# testing 2.4
	if [regexp {2.4} $apacheVersion] {
# m12 - Apache 2.4.6 and urlibservice.eng.registro.br - Apache 2.4.18
		set Require {Require all granted}
	} else {
		set Require {}
	}
}

# puts "spDocAccessPermission = $spDocAccessPermission"

	set access \
"
<Directory \"$homePath\">
    Options Indexes FollowSymLinks MultiViews
#   AllowOverride None
    AllowOverride All
#   AllowOverride Limit -->  this line is wrong, leads to a Require not allowed here (in error.log)
#   order allow,deny --> this line is wrong, leads to a Forbidden
#    $environmentArray(spDocAccessPermission) -  commented by GJFB in 2023-01-05 and 'allow from all' added below to allow the opening of gjfb:1905 by the administrator even when spDocAccessPermission is 'deny from all' otherwise an error comes up
    allow from all
# must have the same permission as the loBiMiRep because of index.html
    $loBiMiRepPermission
</Directory>

<Directory \"$homePath/col\">
# AllowOverride All added by GJFB in 2018-07-21 - required with 2.4 - all directives in .htaccess can override earlier configuration directives
	AllowOverride All
    deny from all
# cannot be used to be less restrictive - the password is required twice or more and icons don't appear
</Directory>

<Directory \"$homePath/col/*/*/*/*/.reserved\">
# AllowOverride All added by GJFB in 2018-07-21 - required with 2.4 - all directives in .htaccess can override earlier configuration directives
	AllowOverride All
    allow from all
</Directory>

<Directory \"$homePath/col/*/*/*/*/doc\">
# AllowOverride All added by GJFB in 2018-07-21 - required with 2.4 - all directives in .htaccess can override earlier configuration directives
	AllowOverride All
    $spDocAccessPermission
    AuthName \"If you have forgotten them, please ask for help to $environmentArray(spMailEntry)\"
    AuthType Basic
    AuthUserFile \"$homePath/col/$loCoInRep/auxdoc/@passwords.txt\"
# cannot be used to be less restrictive - the password is required twice or more and icons don't appear
#   Require user gabi lise
	$Require
</Directory>

# commented by GJFB in 2023-03-16 - both directories below are now in auxdoc
#<Directory \"$homePath/col/$loCoInRep/doc/ApacheLog\">
## added by GJFB in 2017-09-30 to restrict the access of the ApacheLog directory contents to the administrator only
#    satisfy any
#    deny from all
#    Require user administrator
#</Directory>
#
#<Directory \"$homePath/col/$loCoInRep/doc/URLibServiceLog\">
## added by GJFB in 2017-09-30 to restrict the access of the URLibServiceLog directory contents to the administrator only
## otherwise filling out form fields with HTML hyperlinks using an unconventional navigator may result in spamdexing
## an unconventional form boundary (like --xYzZY) produces an error (see submit.tcl) and allows the inclusion of
## spamdexing contents in the URLibServiceLog directory
#    satisfy any
#    deny from all
#    Require user administrator
#</Directory>

<Directory \"$homePath/col/*/*/*/*/agreement\">
# AllowOverride All added by GJFB in 2018-07-21 - required with 2.4 - all directives in .htaccess can override earlier configuration directives
	AllowOverride All
    $spDocAccessPermission
    AuthName \"If you have forgotten them, please ask for help to $environmentArray(spMailEntry)\"
    AuthType Basic
    AuthUserFile \"$homePath/col/$loCoInRep/auxdoc/@passwords.txt\"
# cannot be used to be less restrictive - the password is required twice or more and icons don't appear
#   Require user gabi lise
</Directory>

<Directory \"$homePath/col/*/*/*/*/images\">
    $spDocAccessPermission
    AuthName \"If you have forgotten them, please ask for help to $environmentArray(spMailEntry)\"
    AuthType Basic
    AuthUserFile \"$homePath/col/$loCoInRep/auxdoc/@passwords.txt\"
# cannot be used to be less restrictive - the password is required twice or more and icons don't appear
#   Require user gabi lise
#	$Require directive below added by GJFB in 2019-06-20 - 'Require all granted' directive is required with Apache 2.4.6 and 2.4.18 when using AuthType, otherwise we get the debug error: AH01627: AuthType configured with no corresponding authorization directives
	$Require
</Directory>

<Directory \"$homePath/col/*/*/*/*/doc/cgi\">
    satisfy any
    deny from all
    Require user administrator
</Directory>

<Directory \"$homePath/col/*/*/*/*/download\">
# AllowOverride All added by GJFB in 2023-01-07 - required with 2.4 - all directives in .htaccess can override earlier configuration directives - added but perhaps not required
	AllowOverride All
    $spDownloadAccessPermission
    AuthName \"If you have forgotten them, please ask for help to $environmentArray(spMailEntry)\"
    AuthType Basic
    AuthUserFile \"$homePath/col/$loCoInRep/auxdoc/@passwords.txt\"
#	$Require directive below added by GJFB in 2019-06-20 - 'Require all granted' directive is required with Apache 2.4.6 and 2.4.18 when using AuthType, otherwise we get the debug error: AH01627: AuthType configured with no corresponding authorization directives
	$Require
</Directory>

#<Directory \"$homePath/col/$URLibServiceRepository/auxdoc/cgi\">
#    AllowOverride None
#    Options None
#    \$directivesForCGI
#</Directory>

# new Directory Directive for cgi-script in cgi - added by GJFB in 2020-09-12
<Directory \"$homePath/col/$URLibServiceRepository/auxdoc/cgi\">
    AllowOverride None
    Options None
	Order allow,deny
    $directivesForCGI
    deny from 185.191.171.
</Directory>

# freeAccessCGI is used for customizeerror.cgi only - added by GJFB in 2020-09-12
<Directory \"$homePath/col/$URLibServiceRepository/auxdoc/freeAccessCGI\">
    AllowOverride None
    Options None
    allow from all
</Directory>

#<Files \"$homePath/col/$URLibServiceRepository/auxdoc/cgi/createindex.cgi\">
#    Order allow,deny
#    Deny from all
#    Allow from $serverName2
#</Files>

<Location \"/createindex.cgi\">
	Order deny,allow
	Allow from all
</Location>

<Location \"/rep-\">
# added by GJFB in 2017-04-05 - used in CreateListOfurlPropertiesFromAgencies
	Order deny,allow
	Allow from all
</Location>

<Location \"/info\">
## used by GetServerAddressFromHTTPHost
    AllowOverride None
    Options None
    deny from all
    AuthName \"URLib Update Form\"
    AuthType Basic
    AuthUserFile \"$homePath/col/$loCoInRep/auxdoc/@passwords.txt\"
    Require user administrator
    satisfy any
</Location>

<FilesMatch \"^\.ht\">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

<FilesMatch \.php$>
    SetHandler application/x-httpd-php
</FilesMatch>
"

if 0 {
# must be used when the .htaccess files are not used
	set access \
"$access
<Directory \"$homePath/col/*/*/*/*/auxdoc/cgi2\">
    AllowOverride None
    Options None
    $directivesForCGI
</Directory>
"
}

#	set access "$access\n<Directory \"$homePath/col/$loBiMiRep/doc\">
#deny from all
##<Files \"*\">
##</Files>
#</Directory>"

# administratorUserName
	regsub {@.*$} $environmentArray(spMailEntry) {} administratorUserName

# Restrict access to force new password
	set access \
"$access
<Directory \"$homePath/col/$URLibServiceRepository/auxdoc/cgi2\">
    AllowOverride None
    Options None
    deny from all
    AuthName \"URLib Update Form\"
    AuthType Basic
    AuthUserFile \"$homePath/col/$loCoInRep/auxdoc/@passwords.txt\"
    Require user $administratorUserName administrator
    satisfy any
</Directory>
"
# Restrict access to force new password - end

	foreach rep $repositoryList {
		if [TestContentType $rep {^(CGI Script|Submission Form)$}] {
			if {[string compare $administratorPageRepository $rep] == 0} {
				foreach {authDirectives docPermission downloadPermission} [ComputeAccess $rep $administratorUserName $defaultAuthenticationFlag $spDocAccessPermission $spDownloadAccessPermission $ipAddress] {break}
				if {[string compare {} $authDirectives] != 0 && !$defaultAuthenticationFlag} {
#					set userList $authDirectives
					if {[lsearch $authDirectives {administrator}] != -1} {
						lappend authDirectives $administratorUserName
					}
					set access \
"$access
<Directory \"$homePath/col/$rep/auxdoc/cgi\">
    AllowOverride None
    Options None
    deny from all
    AuthName \"URLib Update Form\"
    AuthType Basic
    AuthUserFile \"$homePath/col/$loCoInRep/auxdoc/@passwords.txt\"
    $authDirectives
    satisfy any
</Directory>
"
				} else {
					set access \
"$access
<Directory \"$homePath/col/$rep/auxdoc/cgi\">
    AllowOverride None
    Options None
    allow from all
</Directory>
"
				}
			} else {
				set access \
"$access
<Directory \"$homePath/col/$rep/auxdoc/cgi\">
    AllowOverride None
    Options None
    allow from all
</Directory>
"
			}
		}

# defaultAuthenticationFlag == environmentArray(spUseUserAuthentication)
		if !$defaultAuthenticationFlag {continue}	;# don't use user authentication for ALL the the records of the local collection through username/password (restrict the acess just by using the .htaccess files)
# >>> use user authentication 
# when using user authentication, the access permissions are more restrictive than the ones defines in the access files
# because they apply to ALL the the records of the local collection

# compute access
		foreach {authDirectives docPermission downloadPermission} [ComputeAccess $rep $administratorUserName $defaultAuthenticationFlag $spDocAccessPermission $spDownloadAccessPermission $ipAddress] {break}

# doc
#		if {![string equal {} $docPermission] || ![string equal {} $authDirectives]} #	;# commented by GJFB in 2018-07-21
		if [regexp {Require valid-user} $authDirectives] {	;# added by GJFB in 2018-07-21 - the <Directory> directive should be used only when reader group is empty
			set access \
"$access
<Directory \"$homePath/col/$rep/doc\">
# Satisfy Any added by GJFB in 2018-07-21 - required because of AllowOverride None below
		Satisfy Any
# AllowOverride None added by GJFB in 2018-07-21 - avoid reading the .htaccess file which contains the same access directives
	    AllowOverride None
		$docPermission$authDirectives
</Directory>
"
#		#
# download
#		if {![string equal {} $downloadPermission] || ![string equal {} $authDirectives]} #	;# commented by GJFB in 2018-07-21
			set access \
"$access
<Directory \"$homePath/col/$rep/download\">
# Satisfy Any added by GJFB in 2018-07-21 - required because of AllowOverride None below
		Satisfy Any
# AllowOverride None added by GJFB in 2018-07-21 - avoid reading the .htaccess file which contains the same access directives
	    AllowOverride None
		$downloadPermission$authDirectives
</Directory>
"
		}

if 0 {
# Restrict access to update and review
		if {[info exists repositoryProperties($rep,username)] || \
			[file exists $homePath/col/$rep/auxdoc/cgi2/review]} {
			if {[string compare {} $authDirectives] != 0 && !$defaultAuthenticationFlag} {
				set access \
"$access
<Directory \"$homePath/col/$rep/auxdoc/cgi2\">
    AllowOverride None
    Options None
    deny from all
    AuthName \"URLib Update Form\"
    AuthType Basic
    AuthUserFile \"$homePath/col/$loCoInRep/auxdoc/@passwords.txt\"$authDirectives
    satisfy any
</Directory>
"
			}
		}
# Restrict access to update and review - end
}
	}	;# end of foreach
# Set access - end

	foreach {User Group} [CreateUser&GroupDirectives] {break}

	if {![info exists environmentArray(spEnableRequireUser)] || \
		$environmentArray(spEnableRequireUser)} {
		set AccessFileName {AccessFileName .htaccess}	;# enable Require User
	} else {
		set AccessFileName {AccessFileName .htaccess2}	;# disable Require User - no login/password
	}

# VirtualHost
	set virtualHostDirectives "
		DocumentRoot \"$homePath\"
		$AccessFileName
		$access
		
		DirectoryIndex index2.html index.html index.php index.php3 form.php
		
#		LimitRequestLine 16384

		#RedirectMatch
		$deflate
		$ScriptAlias
		$AliasMatch
		$ScriptAliasMatch
		ErrorDocument 401 /customizeerror.cgi/401
		ErrorDocument 403 /customizeerror.cgi/403
		ErrorDocument 404 /customizeerror.cgi/404
#		ErrorDocument 409 /customizeerror.cgi/409
		ErrorDocument 414 /customizeerror.cgi/414
		ErrorDocument 500 /customizeerror.cgi/500
		ErrorDocument 504 /customizeerror.cgi/504
#		ErrorDocument 602 /customizeerror.cgi/602
	"
	set VirtualHost "
		<VirtualHost *:$httpPort>
			$ServerAdmin
			ServerName $serverName2
			$virtualHostDirectives
		</VirtualHost>
	"
	if [regexp {^www\.} $serverName] {
		set VirtualHost "
			$VirtualHost
			<VirtualHost *:$httpPort>
				$ServerAdmin
				ServerName $serverName
				$virtualHostDirectives
			</VirtualHost>
			
			<VirtualHost *:$httpPort>
				$ServerAdmin
				ServerName $shortServername
				$virtualHostDirectives
			</VirtualHost>
		"
	}

# VirtualHost - end

# Set httpd and srm ++++++++++++++++++++++++++++++++++++++

	if {($tcl_platform(platform) == "windows" && [regexp {^(2.0|1.3)$} $apacheVersion]) || \
	$tcl_platform(os) == "SunOS" || \
	[regexp {^(2.2|2.4)$} $apacheVersion] || \
	($tcl_platform(os) == "Linux" && [regexp {1.3} $apacheVersion])} {
# Windows - apache 2.0.54 - 1.3.27 (vaio)
# Linux - apache 1.3.37 with socket and mail, coming from Mandrake at netuno.dpi.inpe.br
# Linux - apache 2.2.13 mtc-m18.sid.inpe.br
# Linux - apache 2.2.15 mtc-m16.sid.inpe.br md-m09.sid.inpe.br
# Linux - apache 2.2.16 mtc-m17.sid.inpe.br
# Linux - apache 2.2.19 mtc-m20.sid.inpe.br
# Linux - apache 2.2.22 mtc-m21.sid.inpe.br
# Linux - apache 2.4.18 urlibservice.eng.registro.br
# Linux - apache 2.4.6  spdpc174.sir.inpe.br

		if {$tcl_platform(os) == "SunOS"} {
			set sslConf	{Include conf/ssl.conf}
		} else {
			set sslConf	{}
		}
		if [regexp {2.4} $apacheVersion] {
# m12 - Apache 2.4.6 and urlibservice.eng.registro.br - Apache 2.4.18
			set NameVirtualHost {}	;# deprecated directive
		} else {
#			set NameVirtualHost {NameVirtualHost *}	;# commented by GJFB in 2021-06-04 - might produce a httpd error with Apache/2.2.15 (plutao):  [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
#			set NameVirtualHost "NameVirtualHost *:$httpPort"	;# all virtual hosts should use the same port
			set NameVirtualHost "NameVirtualHost *:*"	;# added by GJFB in 2021-06-04
		}

		if $createHTTPDFile {
			set httpd "
				ServerRoot \"$serverRoot\"
				PidFile logs/httpd.pid
				Timeout 6000
				KeepAlive On
				MaxKeepAliveRequests 100
				KeepAliveTimeout 15
				
				Redirect 503 /e/503
				Redirect 504 /e/504
				
				$User
				$Group
				
				<IfModule mpm_winnt.c>
					MaxRequestsPerChild  0
					ThreadsPerChild 250
				</IfModule>
				
				# At least one Listen directive is needed to stop the server
				# Listen $httpPort
				Include conf/Listen
				
				$LoadModule
				
				$NameVirtualHost
				Include conf/VirtualHost
							
				UseCanonicalName On
				
				<Directory $root>
				    Options FollowSymLinks
				    AllowOverride None
				</Directory>
				
				HostnameLookups Off
				ErrorLog logs/error.log
				LogLevel crit
#				LogLevel debug
					
				CustomLog logs/access.log combined
				ServerSignature On
				
				<Files ~ \"^\\.ht\">
				    Order allow,deny
				    Deny from all
				</Files>
			"
#			if {[regexp {2.4} $apacheVersion] && [string equal {CentOS} $linuxDistribution]} #	;# commented by GJFB in 2023-10-13
			if {[regexp {2.4} $apacheVersion] && [regexp {^(CentOS|AlmaLinux)$} $linuxDistribution]} {	;# added by GJFB in 2023-10-13
# m12 - Apache 2.4.6
# plutao - Apache/2.4.53
# AlmaLinux used by plutao.sid.inpe.br
# cd /etc/httpd/
# ls
# conf  conf.d  conf.modules.d  logs  modules  run
# /etc/httpd/conf/httpd.conf
				append httpd "
				    LogFormat \"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined
				    LogFormat \"%h %l %u %t \\\"%r\\\" %>s %b\" common
				    <IfModule mime_module>
					#	TypesConfig /etc/mime.types
						TypesConfig \"$apacheMimeTypesFilePath\"
				        AddType application/x-compress .Z
    					AddType application/x-gzip .gz .tgz
					 	AddDefaultCharset ISO-8859-1
					</IfModule>
					
					<IfModule mime_magic_module>
					#	MIMEMagicFile /etc/httpd/conf/magic
					    MIMEMagicFile \"$apacheMagicFilePath\"
					</IfModule>
				"
			} elseif {[regexp {2.4} $apacheVersion] && [string equal {Ubuntu} $linuxDistribution]} {
# urlibservice.eng.registro.br - Apache 2.4.18
				append httpd "
					LogFormat \"%v:%p %h %l %u %t \\\"%r\\\" %>s %O \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" vhost_combined
					LogFormat \"%h %l %u %t \\\"%r\\\" %>s %O \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined
					LogFormat \"%h %l %u %t \\\"%r\\\" %>s %O\" common
					LogFormat \"%{Referer}i -> %U\" referer
					LogFormat \"%{User-agent}i\" agent
					
					# Include generic snippets of statements
					# IncludeOptional /etc/apache2/conf-enabled/*.conf
					IncludeOptional /etc/apache2/conf-enabled/charset.conf
					IncludeOptional /etc/apache2/conf-enabled/serve-cgi-bin.conf
					IncludeOptional /etc/apache2/conf-enabled/localized-error-pages.conf
					IncludeOptional /etc/apache2/conf-enabled/security.conf
					
					# Include the virtual host configurations:
					# IncludeOptional /etc/apache2/sites-enabled/*.conf
					
					
				    # <IfModule mime_module>
				    #     TypesConfig /etc/mime.types
					# </IfModule>
					# the directive \"TypesConfig /etc/mime.types\" was already included while executing the directive IncludeOptional /etc/apache2/mods-enabled/*.conf (see above)

					# IncludeOptional /etc/apache2/mods-available/mime_magic.conf
					<IfModule mod_mime_magic.c>
#						MIMEMagicFile /etc/apache2/magic
					    MIMEMagicFile \"$apacheMagicFilePath\"
					</IfModule>

				"
			} else {
				append httpd "
					#<IfModule mod_mime.c>
					#	TypesConfig conf/mime.types
						TypesConfig \"$apacheMimeTypesFilePath\"
					#</IfModule>
					
					DefaultType text/plain
					
					<IfModule mod_mime_magic.c>
					#	MIMEMagicFile conf/magic
					    MIMEMagicFile \"$apacheMagicFilePath\"
					</IfModule>
					
					LogFormat \"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined
					LogFormat \"%h %l %u %t \\\"%r\\\" %>s %b\" common
					LogFormat \"%{Referer}i -> %U\" referer
					LogFormat \"%{User-agent}i\" agent
					
					ServerTokens Full
					
					Alias /icons/ \"$apacheIconDirectoryPath/\"
					
					<Directory \"$apacheIconDirectoryPath/\">
					    Options Indexes MultiViews
					    AllowOverride None
					    Order allow,deny
					    Allow from all
					</Directory>
					
					# IndexOptions FancyIndexing FoldersFirst ShowForbidden NameWidth=* IconsAreLinks SuppressDescription
					IndexOptions FancyIndexing NameWidth=* IconsAreLinks SuppressDescription
					
					[SetAddIcon]
					
					DefaultIcon /icons/unknown.gif
					
					ReadmeName README.html
					HeaderName HEADER.html
					IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
					
					[SetAddLanguage]
					
					<IfModule mod_negotiation.c>
						LanguagePriority en pt-br da nl et fr de el it ja kr no pl pt ru ltz ca es sv tw
					</IfModule>
					
					# ForceLanguagePriority Prefer Fallback
					
					 AddDefaultCharset ISO-8859-1
					# AddDefaultCharset utf-8
					
					[SetAddCharset]
					
					AddEncoding x-compress Z
					AddEncoding x-gzip gz tgz
					
					AddType application/x-compress .Z
					AddType application/x-gzip .gz .tgz
					
					AddType application/x-tar .tgz
					AddType image/x-icon .ico
					AddType text/html tcl
					AddType application/x-httpd-php .php
					
					# AddType application/x-httpd-php .php3
					# AddType application/x-httpd-php .php4
					# AddType application/x-httpd-php-source .phps
					
					AddHandler type-map var
					
					<IfModule mod_setenvif.c>
						BrowserMatch \"Mozilla/2\" nokeepalive
						BrowserMatch \"MSIE 4\.0b2;\" nokeepalive downgrade-1.0 force-response-1.0
						BrowserMatch \"RealPlayer 4\.0\" force-response-1.0
						BrowserMatch \"Java/1\.0\" force-response-1.0
						BrowserMatch \"JDK/1\.0\" force-response-1.0
					
						BrowserMatch \"Microsoft Data Access Internet Publishing Provider\" redirect-carefully
						BrowserMatch \"^WebDrive\" redirect-carefully
						BrowserMatch \"^WebDAVFS/1.\[012\]\" redirect-carefully
						BrowserMatch \"^gnome-vfs\" redirect-carefully
					</IfModule>
					
					<IfModule mod_ssl.c>
						$sslConf
					</IfModule>
				"
			}
		}

		if {($tcl_platform(platform) == "windows" && \
		[regexp {^(2.0|1.3)$} $apacheVersion]) || \
		$tcl_platform(os) == "SunOS"} {
			if [regexp {2.0} $apacheVersion] {
# Apache 2.0.44 and 2.0.54
				set SSLMutex {SSLMutex default}
			} else {
				set SSLMutex {SSLMutex  file:logs/ssl_mutex}
			} 

			set ssl \
"
Listen ${httpPort}1

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

$SSLMutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

<IfDefine SSL>
<VirtualHost *:${httpPort}1>

# SLL has not been tested
# SSLEngine on

# SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

# SSLCertificateFile conf/ssl/server.cert

# SSLCertificateKeyFile conf/ssl/server.key

</VirtualHost>
</IfDefine>
"
			Store ssl $serverRoot/conf/ssl.conf auto 0 w 1
		}
		set srm {}
		set access {}
	} elseif {$tcl_platform(os) == "FreeBSD" || \
	($tcl_platform(os) == "Linux" && [info exists linuxDistribution] && \
	[string compare {SuSE 8.2} $linuxDistribution] == 0)} {
# UNIX
# SuSE 8.2 distribution (lac - matrix)

#		foreach {User Group} [CreateUser&GroupDirectives] {break}

		set httpd \
"
ServerType standalone
ServerRoot \"$serverRoot\"
PidFile logs/httpd.pid
ScoreBoardFile logs/apache_runtime_status
Timeout 6000
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 30
#ThreadsPerChild 50

Redirect 503 /e/503
Redirect 504 /e/504

$LoadModule

#PassEnv

Port $httpPort

# <IfDefine SSL>
# Listen $httpPort
# </IfDefine>

$User
$Group
$ServerAdmin
ServerName $serverName2
DocumentRoot \"$homePath\"

<Directory $root>
    Options FollowSymLinks
#   AllowOverride None
    AllowOverride All
</Directory>

$access

# DirectoryIndex rep-/$loBiMiRep index.html index.php index.php3 form.php form.php
AccessFileName .htaccess

<Files ~ \"^\\.ht\">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>

UseCanonicalName On

<IfModule mod_mime.c>
#    TypesConfig conf/mime.types
	TypesConfig \"$apacheMimeTypesFilePath\"
</IfModule>

DefaultType text/plain

<IfModule mod_mime_magic.c>
#    MIMEMagicFile conf/magic
    MIMEMagicFile \"$apacheMagicFilePath\"
</IfModule>

HostnameLookups Off
ErrorLog logs/error.log
LogLevel crit

LogFormat \"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined
LogFormat \"%h %l %u %t \\\"%r\\\" %>s %b\" common
LogFormat \"%{Referer}i -> %U\" referer
LogFormat \"%{User-agent}i\" agent

CustomLog logs/access.log combined
ServerSignature On

Alias /icons/ \"$apacheIconDirectoryPath/\"

<Directory \"$apacheIconDirectoryPath/\">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

$RedirectMatch
$ScriptAlias
$AliasMatch
$ScriptAliasMatch

IndexOptions FancyIndexing

[SetAddIcon]


DefaultIcon /icons/unknown.gif
# ReadmeName README
# HeaderName HEADER
# IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

AddEncoding x-compress Z
AddEncoding x-gzip gz tgz

[SetAddLanguage]
[SetAddCharset]


<IfModule mod_negotiation.c>
    LanguagePriority en pt-br da nl et fr de el it ja kr no pl pt ru ltz ca es sv tw
</IfModule>

AddType application/x-tar .tgz
AddType application/x-httpd-php .php
# AddType application/x-httpd-php .php3
# AddType application/x-httpd-php-source .phps
AddType text/html tcl

<IfModule mod_setenvif.c>
    BrowserMatch \"Mozilla/2\" nokeepalive
    BrowserMatch \"MSIE 4\.0b2;\" nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch \"RealPlayer 4\.0\" force-response-1.0
    BrowserMatch \"Java/1\.0\" force-response-1.0
    BrowserMatch \"JDK/1\.0\" force-response-1.0
</IfModule>

<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
</IfDefine>
 
<IfModule mod_ssl.c>
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog      logs/ssl_engine_log
SSLLogLevel info
</IfModule>
"
		set srm {}
		set access {}
	} elseif {[info exists linuxDistribution] && \
	[string compare {Slackware 8} $linuxDistribution] == 0} {
# Slackware 8 distribution - apache 2.0
		set httpd \
"
ServerRoot \"$serverRoot\"

<IfModule !mpm_netware.c>
PidFile logs/httpd.pid
</IfModule>

Timeout 6000
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15

Redirect 503 /e/503
Redirect 504 /e/504

<IfModule prefork.c>
StartServers         5
MinSpareServers      5
MaxSpareServers     10
MaxClients         150
MaxRequestsPerChild  0
</IfModule>

<IfModule worker.c>
StartServers         2
MaxClients         150
MinSpareThreads     25
MaxSpareThreads     75 
ThreadsPerChild     25
MaxRequestsPerChild  0
</IfModule>

<IfModule perchild.c>
NumServers           5
StartThreads         5
MinSpareThreads      5
MaxSpareThreads     10
MaxThreadsPerChild  20
MaxRequestsPerChild  0
</IfModule>

<IfModule mpm_winnt.c>
ThreadsPerChild 250
MaxRequestsPerChild  0
</IfModule>

<IfModule beos.c>
StartThreads               10
MaxClients                 50
MaxRequestsPerThread       10000
</IfModule>    

<IfModule mpm_netware.c>
ThreadStackSize      65536
StartThreads           250
MinSpareThreads         25
MaxSpareThreads        250
MaxThreads            1000
MaxRequestsPerChild      0
</IfModule>

#PassEnv

Listen $httpPort

<IfModule !mpm_winnt.c>
<IfModule !mpm_netware.c>
User nobody
Group #-1
</IfModule>
</IfModule>

$ServerAdmin
ServerName $serverName2
UseCanonicalName On
DocumentRoot \"$homePath\"

<Directory $root>
    Options FollowSymLinks
    AllowOverride None
</Directory>

$access

# DirectoryIndex rep-/$loBiMiRep index.html
AccessFileName .htaccess

<Files ~ \"^\\.ht\">
    Order allow,deny
    Deny from all
</Files>

#TypesConfig conf/mime.types
TypesConfig \"$apacheMimeTypesFilePath\"

DefaultType text/plain

<IfModule mod_mime_magic.c>
#    MIMEMagicFile conf/magic
    MIMEMagicFile \"$apacheMagicFilePath\"
</IfModule>

HostnameLookups Off
ErrorLog logs/error.log
LogLevel crit

LogFormat \"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined
LogFormat \"%h %l %u %t \\\"%r\\\" %>s %b\" common
LogFormat \"%{Referer}i -> %U\" referer
LogFormat \"%{User-agent}i\" agent

CustomLog logs/access.log combined
ServerSignature On

Alias /icons/ \"$apacheIconDirectoryPath/\"

<Directory \"$apacheIconDirectoryPath/\">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

$RedirectMatch
$ScriptAlias
$AliasMatch
$ScriptAliasMatch

IndexOptions FancyIndexing VersionSort

[SetAddIcon]


DefaultIcon /icons/unknown.gif
# ReadmeName README
# HeaderName HEADER
# IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

AddEncoding x-compress Z
AddEncoding x-gzip gz tgz

[SetAddLanguage]

LanguagePriority en pt-br da nl et fr de el it ja kr no pl pt ru ltz ca es sv tw
ForceLanguagePriority Prefer Fallback
AddDefaultCharset ISO-8859-1

[SetAddCharset]


AddType application/x-tar .tgz
AddType text/html tcl

AddHandler type-map var

<IfModule mod_negotiation.c>
<IfModule mod_include.c>
    Alias /error/ \"$serverRoot/error/\"

    <Directory \"$serverRoot/error/\">
        AllowOverride None
        Options IncludesNoExec
        AddOutputFilter Includes html
        AddHandler type-map var
        Order allow,deny
        Allow from all
        LanguagePriority en es de fr
        ForceLanguagePriority Prefer Fallback
    </Directory>

    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
    ErrorDocument 410 /error/HTTP_GONE.html.var
    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
    ErrorDocument 415 /error/HTTP_SERVICE_UNAVAILABLE.html.var
    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

</IfModule>
</IfModule>

BrowserMatch \"Mozilla/2\" nokeepalive
BrowserMatch \"MSIE 4\.0b2;\" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch \"RealPlayer 4\.0\" force-response-1.0
BrowserMatch \"Java/1\.0\" force-response-1.0
BrowserMatch \"JDK/1\.0\" force-response-1.0
BrowserMatch \"Microsoft Data Access Internet Publishing Provider\" redirect-carefully
BrowserMatch \"^WebDrive\" redirect-carefully

<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
</IfDefine>
 
<IfModule mod_ssl.c>
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog      logs/ssl_engine_log
SSLLogLevel info
</IfModule>
"
		set srm {}
		set access {}
	} elseif {[info exists linuxDistribution] && \
	[string compare {SuSE 9.3} $linuxDistribution] == 0} {
# SuSE 9.3 distribution - apache 2.0
#		foreach {User Group} [CreateUser&GroupDirectives] {break}
		set httpd \
"
ServerRoot \"$serverRoot\"

Redirect 503 /e/503
Redirect 504 /e/504

$User
$Group

Include /etc/apache2/server-tuning.conf

Include /etc/apache2/sysconfig.d/loadmodule.conf

Listen $httpPort

Include /etc/apache2/mod_log_config.conf

# Include /etc/apache2/sysconfig.d/global.conf

Timeout 6000
ServerSignature on
UseCanonicalName on
ServerTokens OS
LogLevel crit

# Include /etc/apache2/mod_status.conf
# Include /etc/apache2/mod_info.conf

# Include /etc/apache2/mod_usertrack.conf

Include /etc/apache2/mod_autoindex-defaults.conf

TypesConfig \"$apacheMimeTypesFilePath\"
DefaultType text/plain
Include /etc/apache2/mod_mime-defaults.conf

Include /etc/apache2/errors.conf

Include /etc/apache2/ssl-global.conf

AccessFileName .htaccess

<Files ~ \"^\\.ht\">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>

# DirectoryIndex rep-/$loBiMiRep index.html index.php index.php3 form.php form.php

<Directory $root>
    Options FollowSymLinks
    AllowOverride None
</Directory>

$access

Alias /icons/ \"$apacheIconDirectoryPath/\"

<Directory \"$apacheIconDirectoryPath/\">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

$RedirectMatch
$ScriptAlias
$AliasMatch
$ScriptAliasMatch

$ServerAdmin
ServerName $serverName2
DocumentRoot \"$homePath\"
ErrorLog logs/error.log
CustomLog logs/access.log combined
HostnameLookups off

PidFile logs/httpd.pid
#PassEnv
# AcceptPathInfo on

"
		set srm {}
		set access {}
	}

# Set httpd and srm ++++++++++++++++++++++++++++++++++++++ - end

# Set access, httpd and srm -  end

if 0 {
	set htaccess \
"
#PassEnv
#	DirectoryIndex rep-/$loBiMiRep index.html index.php index.php3 form.php
	DirectoryIndex index2.html index.html index.php index.php3 form.php
#ScriptAlias
"
	Store htaccess $homePath/.htaccess auto 0 w 1
}
	if $createHTTPDFile {Store httpd $serverRoot/conf/httpd.conf auto 0 w 1}
	Store VirtualHost $serverRoot/conf/VirtualHost/$urlibPort auto 0 w 1
	set fileContent $serverAddress	;# banon-pc2:80
	Store fileContent $serverRoot/conf/VirtualHost2/$urlibPort auto 0 w 1
	Store srm $serverRoot/conf/srm.conf auto 0 w 1
	Store access $serverRoot/conf/access.conf auto 0 w 1


}

# CreateConfigurationFiles - end
# ----------------------------------------------------------------------
# SetAddIcon

proc SetAddIcon {} {
	return \
"
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
"
}

# SetAddIcon - end
# ----------------------------------------------------------------------
# SetAddLanguage

proc SetAddLanguage {} {
	return \
"
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .ee
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage he .he
AddLanguage it .it
AddLanguage ja .ja
AddLanguage kr .kr
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-br .pt-br
AddLanguage ltz .ltz
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cz .cz
AddLanguage ru .ru
AddLanguage tw .tw
AddLanguage zh-tw .tw
AddLanguage hr .hr
"
}

# SetAddLanguage - end
# ----------------------------------------------------------------------
# SetAddCharset

proc SetAddCharset {} {
	return \
"
AddCharset ISO-8859-1  .iso8859-1  .latin1
AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen
AddCharset ISO-8859-3  .iso8859-3  .latin3
AddCharset ISO-8859-4  .iso8859-4  .latin4
AddCharset ISO-8859-5  .iso8859-5  .latin5 .cyr .iso-ru
AddCharset ISO-8859-6  .iso8859-6  .latin6 .arb
AddCharset ISO-8859-7  .iso8859-7  .latin7 .grk
AddCharset ISO-8859-8  .iso8859-8  .latin8 .heb
AddCharset ISO-8859-9  .iso8859-9  .latin9 .trk
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5        .Big5       .big5
AddCharset WINDOWS-1251 .cp-1251   .win-1251
AddCharset CP866       .cp866
AddCharset KOI8-r      .koi8-r .koi8-ru
AddCharset KOI8-ru     .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-8       .utf8

AddCharset GB2312      .gb2312 .gb 
AddCharset utf-7       .utf7
AddCharset utf-8       .utf8
AddCharset big5        .big5 .b5
AddCharset EUC-TW      .euc-tw
AddCharset EUC-JP      .euc-jp
AddCharset EUC-KR      .euc-kr
AddCharset shift_jis   .sjis
"
}

# SetAddCharset - end
# ----------------------------------------------------------------------
# CreateUser&GroupDirectives

proc CreateUser&GroupDirectives {} {
	global environmentArray
	global tcl_platform

	if {$tcl_platform(platform) == "windows"} {return [list {} {}]}

# userName
# /usr/ucb/whoami (sunOS - hermes)
	if {[catch {exec whoami} userName2] && [catch {exec /usr/ucb/whoami} userName2]} {
		set User {User admname}
		set Group {Group urlib}
	} else {
		if [string equal {root} $userName2] {
# root
# when apache is executed by root, one must define an existing User and Group
# the User must not be root
#			foreach {userName groupName} [lrange [exec ls -l | grep post$] 2 3] {break}
			foreach {userName groupName} [lrange [exec ls -l post] 2 3] {break}	;# => -rwxrwxr-- 1 root banon 107 Nov 30 23:57 post
			if [string equal {root} $userName] {
# root - userName must be changed
				if [info exists environmentArray(spMailEntry)] {
					if [regexp {[^@]*} $environmentArray(spMailEntry) userName] {
						regsub -all {\.} $userName {_} userName	;# gerald.banon -> gerald_banon - . is not allowed in Linux - added by GJFB in 2016-08-03
						set User "User $userName"	;# administrator user name
					} else {
						set User {User admname}
					}
				} else {
					set User {User admname}
				}
if 0 {
# not tested and not used
				puts "changing group to $groupName ..."
				cd $homePath
				exec chgrp -R $groupName col
				cd $pwd
				puts {group changed}
}
			} else {
# not root - userName can be used
				set User "User $userName"
			}
			set Group "Group $groupName"
		} else {
# not root - User and Group are useless
			set User {}
			set Group {}
		}
	}
	return [list $User $Group]
}

# CreateUser&GroupDirectives - end
# ----------------------------------------------------------------------
# ComputeAccess
# computes the access permissions from the repositoryProperties array
# forAccessFile value is 0 or 1
# 1 means that the result of the access computing is for setting the access file
# administratorUserName not used (it is not an easy task to update the access files when the administator user name changes)
# returns docPermission downloadPermission in the format for mounting the htaccess file content
# defaultAuthenticationFlag == environmentArray(spUseUserAuthentication)
# ipAddress not used

proc ComputeAccess {
	rep administratorUserName defaultAuthenticationFlag
	spDocAccessPermission spDownloadAccessPermission ipAddress {forAccessFile 0}
} {
# runs with post
	global repositoryProperties
	global loCoInRep

# authDirectives
	if [info exists repositoryProperties($rep,authenticatedusers)] {
		set authenticatedUsers $repositoryProperties($rep,authenticatedusers)
if 0 {
		if {[set i [lsearch -exact $repositoryProperties($rep,authenticatedusers) {administrator}]] != -1} {
# administrator is alias for administrator user name - add administrator user name
			lappend authenticatedUsers $administratorUserName
			set authenticatedUsers [lsort -unique $authenticatedUsers]
		} elseif {[set i [lsearch -exact $repositoryProperties($rep,authenticatedusers) $administratorUserName]] != -1} {
# administrator user name is alias for administrator - add administrator
			lappend authenticatedUsers administrator
			set authenticatedUsers [lsort -unique $authenticatedUsers]
		}
}
		set authDirectives \
"
    Require user $authenticatedUsers"
	} else {
#		if $defaultAuthenticationFlag #	;# commented by GJFB in 2018-07-21
		if {$defaultAuthenticationFlag && !$forAccessFile} {	;# added by GJFB in 2018-07-21 - "Require valid-user" directive should not be added in the .htaccess file - this file is used only when defaultAuthenticationFlag is 0 (when the option Use User Authentication is disabled)
			set authDirectives \
"
    Require valid-user"
		} else {
			set authDirectives {}
		}
	}

# docPermission and downloadPermission
	set documentState [GetDocumentState $rep]
# puts $documentState
	if !$documentState {
# $rep doesn't contain the original document
		if [info exists repositoryProperties($rep,mirrorsites)] {
			set mirrorSites $repositoryProperties($rep,mirrorsites)
		} else {
			set mirrorSites {}
		}
		set documentState [expr [lsearch -exact $mirrorSites $loCoInRep] != -1]
	}

	if $documentState {
# the host collection is the current local collection
# or the current site is a mirror site
# doc
		if [info exists repositoryProperties($rep,docpermission)] {
# puts --$repositoryProperties($rep,docpermission)--
			if {$defaultAuthenticationFlag && !$forAccessFile} {
				if [string equal {allow from all} $repositoryProperties($rep,docpermission)] {
#					set docPermission "allow from $ipAddress"	;# important for http::geturl used by the URLib server
#					set docPermission "deny from all"	;# added by GJFB in 2014-06-21 in order to avoid access from $ipAddress when the URLib local collection is in the cloud
					set docPermission ""	;# added by GJFB in 2014-06-23 - the "Require valid-user" directive is enough
				} else {
					set docPermission $repositoryProperties($rep,docpermission)
				}
			} else {
				set docPermission $repositoryProperties($rep,docpermission)
			}
if 0 {
# commented by GJFB in 2015-04-19
			if {![string equal {allow from all} $docPermission] || \
			![string equal {allow from all} $spDocAccessPermission]} {
#				if [string equal {} $authDirectives] #
					set docPermission "
    $docPermission"
#				# else #
#					set docPermission "
#    $docPermission
#    Satisfy any"
#				#
			} else {
				set docPermission {}	;# must be avoided - by GJFB in 2015-04-19 - "allow from all" must be preserved - needed when pressing the Reload button in the URLibService main window otherwise the readpermission is lost
			}
} else {
# added by GJFB in 2015-04-19 - "allow from all" must be preserved - needed when pressing the Reload button in the URLibService main window otherwise the readpermission is lost
			set docPermission "
    $docPermission"
}
		} else {
			set docPermission {}
		}
# download
# puts [info exists repositoryProperties($rep,downloadpermission)]
		if [info exists repositoryProperties($rep,downloadpermission)] {
# puts --$repositoryProperties($rep,downloadpermission)--
			if {$defaultAuthenticationFlag && !$forAccessFile} {
				if [string equal {allow from all} $repositoryProperties($rep,downloadpermission)] {
#					set downloadPermission "allow from $ipAddress"	;# important for http::geturl used by the URLib server
#					set downloadPermission "deny from all"	;# added by GJFB in 2014-06-21 in order to avoid access from $ipAddress when the URLib local collection is in the cloud
					set downloadPermission ""	;# added by GJFB in 2014-06-23 - the "Require valid-user" directive is enough
				} else {
					set downloadPermission $repositoryProperties($rep,downloadpermission)
				}
			} else {
				set downloadPermission $repositoryProperties($rep,downloadpermission)
			}
if 0 {
# commented by GJFB in 2015-04-19
			if {![string equal {allow from all} $downloadPermission] || \
				![string equal {allow from all} $spDownloadAccessPermission]} {
#				if [string equal {} $authDirectives] #
					set downloadPermission "
    $downloadPermission"
#				# else #
#					set downloadPermission "
#    $downloadPermission
#    Satisfy any"
#				#
			} else {
				set downloadPermission {}
			}
} else {
# added by GJFB in 2015-04-19 - to work the same as docPermission
			set downloadPermission "
    $downloadPermission"
}
		} else {
			set downloadPermission {}
		}
	} else {
# the host collection is neither the current local collection nor a mirror site
# doc
		if [info exists repositoryProperties($rep,docremotepermission)] {
			if {$defaultAuthenticationFlag && !$forAccessFile} {
				if {[string compare {allow from all} $repositoryProperties($rep,docremotepermission)] == 0} {
#					set docRemotePermission "allow from $ipAddress"	;# important for http::geturl used by the URLib server
#					set docRemotePermission "deny from all"	;# added by GJFB in 2014-06-21 in order to avoid access from $ipAddress when the URLib local collection is in the cloud
					set docRemotePermission ""	;# added by GJFB in 2014-06-23 - the "Require valid-user" directive is enough
				} else {
					set docRemotePermission $repositoryProperties($rep,docremotepermission)
				}
			} else {
				set docRemotePermission $repositoryProperties($rep,docremotepermission)
			}
# puts "docRemotePermission = $docRemotePermission"
if 0 {
# commented by GJFB in 2021-06-21
			if [string equal {allow from all} $docRemotePermission] {
				set docPermission {}
			} else {
#				if [string equal {} $authDirectives] #
					set docPermission "
    $docRemotePermission"
#				# else #
#					set docPermission "
#    $docRemotePermission
#    Satisfy any"
#				#
			}
} else {
# added by GJFB in 2021-06-21 - required to maintain the original setting 
			set docPermission "
    $docRemotePermission"
}
		} else {
if 0 {
# not easy to deal with in the case of use of access files and changes of ip address
			set docPermission "
    deny from all
    allow from $ipAddress"
} else {
			set docPermission "
    deny from all"
}
		}
# download
		if [info exists repositoryProperties($rep,downloadremotepermission)] {
			if {$defaultAuthenticationFlag && !$forAccessFile} {
				if {[string compare {allow from all} $repositoryProperties($rep,downloadremotepermission)] == 0} {
#					set downloadRemotePermission "allow from $ipAddress"	;# important for http::geturl used by the URLib server
#					set downloadRemotePermission "deny from all"	;# added by GJFB in 2014-06-21 in order to avoid access from $ipAddress when the URLib local collection is in the cloud
					set downloadRemotePermission ""	;# added by GJFB in 2014-06-23 - the "Require valid-user" directive is enough
				} else {
					set downloadRemotePermission $repositoryProperties($rep,downloadremotepermission)
				}
			} else {
				set downloadRemotePermission $repositoryProperties($rep,downloadremotepermission)
			}
if 0 {
# commented by GJFB in 2021-06-21
			if ![string equal {allow from all} $downloadRemotePermission] {
#				if [string equal {} $authDirectives] #
					set downloadPermission "
    $downloadRemotePermission"
#				# else #
#					set downloadPermission "
#    $downloadRemotePermission
#    Satisfy any"
#				#
			} else {
				set downloadPermission {}
			}
} else {
# added by GJFB in 2021-06-21 - required because the default for the download directory is deny for all (see set access) 
			set downloadPermission "
    $downloadRemotePermission"
}
		} else {
			set downloadPermission "
    deny from all"
		}
	}

	return [list $authDirectives $docPermission $downloadPermission]
}

# ComputeAccess - end
# ----------------------------------------------------------------------
# ComputeDefaultAccess
# forAccessFile value is 0 or 1
# 1 means that the result of the access computing is for setting the access file

proc ComputeDefaultAccess {ipAddress {forAccessFile 0}} {
# runs with post and start
	global homePath
	global loCoInRep
	global environmentArray
	
if 0 {
# commented by GJFB in 2014-06-22
	if {[file exists $homePath/col/$loCoInRep/auxdoc/@passwords.txt] \
	&& [info exists environmentArray(spUseUserAuthentication)] \
	&& $environmentArray(spUseUserAuthentication)} {
		set defaultAuthenticationFlag 1
	} else {
		set defaultAuthenticationFlag 0
	}
} else {
# simplifyng
	ConditionalSet defaultAuthenticationFlag environmentArray(spUseUserAuthentication) 0
}

	if {$defaultAuthenticationFlag && [regexp {deny from all} $environmentArray(spDocAccessPermission)]} {
		set spDocAccessPermission "allow from all"	;# added by GJFB in 2023-01-08 to avoid the display twice of pop-up login/password window - when spDocAccessPermission is 'deny from all' and defaultAuthenticationFlag is 1 then the default authentication prevails over the doc access permission
	}
	
	if {$defaultAuthenticationFlag && !$forAccessFile} {
		if [string equal {allow from all} $environmentArray(spDocAccessPermission)] {
#			set spDocAccessPermission "deny from all"
			set spDocAccessPermission "allow from $ipAddress"	;# allow access required to allowed repository like: dpi.inpe.br/banon/1999/06.19.22.43 - this is important to allow access to mirrorStandard.css for example from the "Resultado da Pesquisa"
		} else {
#			set spDocAccessPermission $environmentArray(spDocAccessPermission)	;# commented by GJFB in 2023-01-08 - see above
		}
		if [string equal {allow from all} $environmentArray(spDownloadAccessPermission)] {
			set spDownloadAccessPermission "deny from all"
		} else {
			set spDownloadAccessPermission $environmentArray(spDownloadAccessPermission)
		}
		set directivesForCGI "deny from all
    AuthName \"URLib Repository Content\"
    AuthType Basic
    AuthUserFile \"$homePath/col/$loCoInRep/auxdoc/@passwords.txt\"
    Require valid-user
    Satisfy Any"
	} else {
		set spDocAccessPermission $environmentArray(spDocAccessPermission)
		set spDownloadAccessPermission $environmentArray(spDownloadAccessPermission)
		set directivesForCGI "allow from all"
	}
	return [list $defaultAuthenticationFlag $spDocAccessPermission $spDownloadAccessPermission $directivesForCGI]
}

# ComputeDefaultAccess - end
# ----------------------------------------------------------------------

# </PRE>