It's tricky though using the same webserver instance. If you have separate instances (e.g. different ports, names or whatever) on the same box you can use the MS_MAP_PATTERN environment variable (given as a regex) to restrict allowable mapfile patterns. If you had in separate directories (e.g. internal/appname/foo.map and external/appname/foo.map) you could limit things that way too. Be careful though because back references (../../..) can be hard to catch.
Steve -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jörg Thomsen Sent: Tuesday, February 19, 2013 10:04 AM To: [email protected] Subject: Re: [mapserver-users] MapServer .map file security question Hello Mark, have a look at http://mapserver.org/ogc/wms_server.html#changing-the-online-resource-url If using 'Apache SetEnvIf' you could redirect to different cgi-directories and there use allow-from / deny-from rules. Regards, Jörg Am 19.02.2013 16:45, schrieb Mark Volz: > Hi, > > I have a server that I would like to run both internal and external > applications on it. I know I can use apache to limit who can access internal > web pages. However, is there any mechanism to stop an external user from > drawing an internal actual .map file? For example, what would stop someone > from changing the requested map from: > http://myserver/cgi-bin/mapserv.exe?map=External.map. To: > http://myserver/cgi-bin/mapserv.exe?map=Internal.map. > > I could see this as an issue if I want to enable wms. > > Thanks > > Mark Volz > GIS Specialist > > > _______________________________________________ > mapserver-users mailing list > [email protected] > http://lists.osgeo.org/mailman/listinfo/mapserver-users > _______________________________________________ mapserver-users mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapserver-users _______________________________________________ mapserver-users mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapserver-users
