Hello, We are using this very basic setting:
# Demo WMS Alias /wms-demo/usr/lib/cgi-bin/mapserver <Location /wms-demo> Deny from all # My network Allow from 10.133 SetHandler cgi-script Options ExecCGI SetEnv MS_MAPFILE /var/www/wms/wms-demo/wms-demo.map </Location> Cheers Marc Monnerat ----Message d'origine---- De: [EMAIL PROTECTED] Date: 20.10.2008 11:33 À: <[email protected]> Objet: Re: [mapserver-users] Access control for wms served from mapserver cgi Hello Rahkonen (and Stephan), This is an idea that I could make work...I'd have to lock-down mapserv itself from all connections (otherwise anyone could just replace wms*.exe in the URL with the original mapserv.exe), though I guess I should be doing that anyway. In response to Stephan Holl: I recognize there are other strategies that involve proxying the WMS requests. I was just hoping for something quick and easy that could be done with Apache more or less out-of-the-box using basic config files and/or modules like mod_rewrite. There have been a few cases where I needed to use mapserver on one machine to serve data using WMS to another server running mapserver as a WMS client. I just want to be able to do that with as little work as possible (i.e., if I can do it in Apache's config, then I can do it anywhere). Essentially, my ideal solution would be if I can get something like mod_rewrite to say "if a request to mapserv contains 'map=/path/to/somefile.map' in the query string, and the client is not equal to some IP address, return 403, otherwise allow the request". I just don't quite know how to get mod_rewrite to work like that for me (I found some promising examples online, but couldn't get them working). Thanks again, Mike Rahkonen Jukka wrote: > Hi, > > If it is easy to limit access to mapserv executable, then how about making a > few copies of the executable and tie each copy to its own mapfile in httpd.conf? > > SetEnvIf Request_URI "/cgi-bin/wms1.exe?" MS_MAPFILE=d:/ms4w/apps/wms1.map > SetEnvIf Request_URI "/cgi-bin/wms2.exe?" MS_MAPFILE=d:/ms4w/apps/wms2.map > > Just thinking, I do not know if this is secure at all. > > -Jukka Rahkonen- > > >> -----Alkuperäinen viesti----- >> Lähettäjä: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] Puolesta Mike Leahy >> Lähetetty: 20. lokakuuta 2008 3:58 >> Vastaanottaja: [email protected] >> Aihe: [mapserver-users] Access control for wms served from >> mapserver cgi >> >> Hello list, >> >> Does anyone on this list know of a simple strategy for >> configuring Apache to restrict access to specific mapfiles >> served as WMS through the cgi mapserv program? I'd like to >> do is restrict access to specific IPs for URLs like the following: >> http://host/cgi-bin/mapserv?map=/path/to/file.map[&;...]. >> >> It's easy enough to limit access to the mapserv executable >> itself, but I'd rather do it on a per-mapfile basis. I tried >> a couple things using mod_rewrite in apache, but anything >> I've tried so far doesn't seem to work. >> >> I know that this sort of question has been asked before, but >> after searching/tinkering for a while, I haven't found a >> solution that works for me yet. >> >> Thanks for any suggestions, >> Mike >> _______________________________________________ >> mapserver-users mailing list >> [email protected] >> http://lists.osgeo.org/mailman/listinfo/mapserver-users >> > _______________________________________________ mapserver-users mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapserver-users _______________________________________________ mapserver-users mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapserver-users
