Hello Rahkonen (and Stephan),
This is an idea that I could make work...I'd have to lock-down mapserv
itself from all connections (otherwise anyone could just replace
wms*.exe in the URL with the original mapserv.exe), though I guess I
should be doing that anyway.
In response to Stephan Holl: I recognize there are other strategies that
involve proxying the WMS requests. I was just hoping for something
quick and easy that could be done with Apache more or less
out-of-the-box using basic config files and/or modules like mod_rewrite.
There have been a few cases where I needed to use mapserver on one
machine to serve data using WMS to another server running mapserver as a
WMS client. I just want to be able to do that with as little work as
possible (i.e., if I can do it in Apache's config, then I can do it
anywhere).
Essentially, my ideal solution would be if I can get something like
mod_rewrite to say "if a request to mapserv contains
'map=/path/to/somefile.map' in the query string, and the client is not
equal to some IP address, return 403, otherwise allow the request". I
just don't quite know how to get mod_rewrite to work like that for me (I
found some promising examples online, but couldn't get them working).
Thanks again,
Mike
Rahkonen Jukka wrote:
Hi,
If it is easy to limit access to mapserv executable, then how about making a
few copies of the executable and tie each copy to its own mapfile in httpd.conf?
SetEnvIf Request_URI "/cgi-bin/wms1.exe?" MS_MAPFILE=d:/ms4w/apps/wms1.map
SetEnvIf Request_URI "/cgi-bin/wms2.exe?" MS_MAPFILE=d:/ms4w/apps/wms2.map
Just thinking, I do not know if this is secure at all.
-Jukka Rahkonen-
-----Alkuperäinen viesti-----
Lähettäjä: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Puolesta Mike Leahy
Lähetetty: 20. lokakuuta 2008 3:58
Vastaanottaja: [email protected]
Aihe: [mapserver-users] Access control for wms served from
mapserver cgi
Hello list,
Does anyone on this list know of a simple strategy for
configuring Apache to restrict access to specific mapfiles
served as WMS through the cgi mapserv program? I'd like to
do is restrict access to specific IPs for URLs like the following:
http://host/cgi-bin/mapserv?map=/path/to/file.map[&;...].
It's easy enough to limit access to the mapserv executable
itself, but I'd rather do it on a per-mapfile basis. I tried
a couple things using mod_rewrite in apache, but anything
I've tried so far doesn't seem to work.
I know that this sort of question has been asked before, but
after searching/tinkering for a while, I haven't found a
solution that works for me yet.
Thanks for any suggestions,
Mike
_______________________________________________
mapserver-users mailing list
[email protected]
http://lists.osgeo.org/mailman/listinfo/mapserver-users
_______________________________________________
mapserver-users mailing list
[email protected]
http://lists.osgeo.org/mailman/listinfo/mapserver-users
