Re: [mapserver-users] ows_denied_ip_list is working ?
Forgot the link: https://mapserver.org/development/rfc/ms-rfc-90.html. From: Lime, Steve D (MNIT) Sent: Monday, August 12, 2019 10:23 AM To: Andrea Peri Cc: mapserver-users@lists.osgeo.org Subject: RE: [mapserver-users] ows_denied_ip_list is working ? The original RFC that proposed the feature addition does reference using CIDR notation for ips. I’ve not tested that specifically though… From: Andrea Peri [mailto:aperi2...@gmail.com] Sent: Monday, August 12, 2019 5:56 AM To: Lime, Steve D (MNIT) mailto:steve.l...@state.mn.us>> Cc: mapserver-users@lists.osgeo.org<mailto:mapserver-users@lists.osgeo.org> Subject: Re: [mapserver-users] ows_denied_ip_list is working ? This message may be from an external email source. Do not select links or open attachments unless verified. Report all suspicious emails to Minnesota IT Services Security Operations Center. Hi Steve, thx for your test. I do more test to try to understand better what I'm wrong. Just to do a better with an more large IP range. Is possibile to use the IP/CIDR sintax to describe the IP range or need to list all the IP denied ? A. Thx, Il giorno mer 31 lug 2019 alle ore 23:50 Lime, Steve D (MNIT) mailto:steve.l...@state.mn.us>> ha scritto: Hi Andrea: I just tested with MapServer 6.4 and 7.4 and it works as expected, at least with WMS GetMap requests. My process was: 1. Make a WMS request and check the logs to confirm the IP I was showing up as. 2. Edit the mapfile and add “ows_denied_ip_list” “my IP” to the WEB METADATA section. 3. Perform the same WMS request in the browser – result was a WMS exception. 4. Edit the mapfile and change the ip slightly so it shouldn’t match but leaving the directive in place. 5. Perform the same WMS request in the browser – result was a PNG image. I did tried multiple IPs in the list, with and without my IP and everything worked as expected. I did not try using an external file. I did notice with my IP in the list a GetMap request was blocked, a GetCapabilities request was not. I didn’t try a GetFeature… request. Makes me wonder if you have the right IP for your test setup? --Steve From: Andrea Peri [mailto:aperi2...@gmail.com<mailto:aperi2...@gmail.com>] Sent: Tuesday, July 30, 2019 2:30 PM To: Lime, Steve D (MNIT) mailto:steve.l...@state.mn.us>>; mapserver-users@lists.osgeo.org<mailto:mapserver-users@lists.osgeo.org> Subject: Re: [mapserver-users] ows_denied_ip_list is working ? Hi, I was using a compiled version from a recent clone of master . I try to apply ot to WEB-> METADATA section section using this kind of values: I try to use a list of IP directly listed using a space as separator "ows_denied_ip_list" "xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz" or using a file where there is the same list one IP for line "ows_denied_ip_list" "file:/path-to-file/file-with-ip-list.txt" The values listed are the possibly values of our proxy. So I guess setting them as denied IP mapserver should refuse to give a map to every client wms using them. Instead the map are still showed. I'm using QGIS as wms client to test it. A. Il mar 30 lug 2019, 04:21 Lime, Steve D (MNIT) mailto:steve.l...@state.mn.us>> ha scritto: I will test and reply back. What specific version, config and tests did you try on your end? From: mapserver-users mailto:mapserver-users-boun...@lists.osgeo.org>> on behalf of Andrea Peri mailto:aperi2...@gmail.com>> Sent: Saturday, July 27, 2019 9:02:07 AM To: mapserver-users@lists.osgeo.org<mailto:mapserver-users@lists.osgeo.org> mailto:mapserver-users@lists.osgeo.org>> Subject: [mapserver-users] ows_denied_ip_list is working ? Hi, I see my version of mapserver don't work the ows_denied_ip_list. I see ths other mex: http://osgeo-org.1560.x6.nabble.com/ows-allowed-ip-list-ows-denied-ip-list-not-working-td5202667.html<https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fosgeo-org.1560.x6.nabble.com%2Fows-allowed-ip-list-ows-denied-ip-list-not-working-td5202667.html&data=02%7C01%7Csteve.lime%40state.mn.us%7C564cd4ee969a496b496208d71f13b9d6%7Ceb14b04624c445198f26b89c2159828c%7C0%7C0%7C637012041888127305&sdata=qbq9hlhRcfYQ7FdObWXGxM5w%2BYfjxLUxWc7tD8jRnYs%3D&reserved=0> I try all the same option but nothing is work. So I guess that instead that the ows_denied_ip_list was dismissed. Is this confirmed ? Thx. A. -- - Andrea Peri . . . . . . . . . qwerty àèìòù - -- - Andrea Peri . . . . . . . . . qwerty àèìòù - ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] ows_denied_ip_list is working ?
The original RFC that proposed the feature addition does reference using CIDR notation for ips. I’ve not tested that specifically though… From: Andrea Peri [mailto:aperi2...@gmail.com] Sent: Monday, August 12, 2019 5:56 AM To: Lime, Steve D (MNIT) Cc: mapserver-users@lists.osgeo.org Subject: Re: [mapserver-users] ows_denied_ip_list is working ? This message may be from an external email source. Do not select links or open attachments unless verified. Report all suspicious emails to Minnesota IT Services Security Operations Center. Hi Steve, thx for your test. I do more test to try to understand better what I'm wrong. Just to do a better with an more large IP range. Is possibile to use the IP/CIDR sintax to describe the IP range or need to list all the IP denied ? A. Thx, Il giorno mer 31 lug 2019 alle ore 23:50 Lime, Steve D (MNIT) mailto:steve.l...@state.mn.us>> ha scritto: Hi Andrea: I just tested with MapServer 6.4 and 7.4 and it works as expected, at least with WMS GetMap requests. My process was: 1. Make a WMS request and check the logs to confirm the IP I was showing up as. 2. Edit the mapfile and add “ows_denied_ip_list” “my IP” to the WEB METADATA section. 3. Perform the same WMS request in the browser – result was a WMS exception. 4. Edit the mapfile and change the ip slightly so it shouldn’t match but leaving the directive in place. 5. Perform the same WMS request in the browser – result was a PNG image. I did tried multiple IPs in the list, with and without my IP and everything worked as expected. I did not try using an external file. I did notice with my IP in the list a GetMap request was blocked, a GetCapabilities request was not. I didn’t try a GetFeature… request. Makes me wonder if you have the right IP for your test setup? --Steve From: Andrea Peri [mailto:aperi2...@gmail.com<mailto:aperi2...@gmail.com>] Sent: Tuesday, July 30, 2019 2:30 PM To: Lime, Steve D (MNIT) mailto:steve.l...@state.mn.us>>; mapserver-users@lists.osgeo.org<mailto:mapserver-users@lists.osgeo.org> Subject: Re: [mapserver-users] ows_denied_ip_list is working ? Hi, I was using a compiled version from a recent clone of master . I try to apply ot to WEB-> METADATA section section using this kind of values: I try to use a list of IP directly listed using a space as separator "ows_denied_ip_list" "xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz" or using a file where there is the same list one IP for line "ows_denied_ip_list" "file:/path-to-file/file-with-ip-list.txt" The values listed are the possibly values of our proxy. So I guess setting them as denied IP mapserver should refuse to give a map to every client wms using them. Instead the map are still showed. I'm using QGIS as wms client to test it. A. Il mar 30 lug 2019, 04:21 Lime, Steve D (MNIT) mailto:steve.l...@state.mn.us>> ha scritto: I will test and reply back. What specific version, config and tests did you try on your end? From: mapserver-users mailto:mapserver-users-boun...@lists.osgeo.org>> on behalf of Andrea Peri mailto:aperi2...@gmail.com>> Sent: Saturday, July 27, 2019 9:02:07 AM To: mapserver-users@lists.osgeo.org<mailto:mapserver-users@lists.osgeo.org> mailto:mapserver-users@lists.osgeo.org>> Subject: [mapserver-users] ows_denied_ip_list is working ? Hi, I see my version of mapserver don't work the ows_denied_ip_list. I see ths other mex: http://osgeo-org.1560.x6.nabble.com/ows-allowed-ip-list-ows-denied-ip-list-not-working-td5202667.html<https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fosgeo-org.1560.x6.nabble.com%2Fows-allowed-ip-list-ows-denied-ip-list-not-working-td5202667.html&data=02%7C01%7Csteve.lime%40state.mn.us%7C564cd4ee969a496b496208d71f13b9d6%7Ceb14b04624c445198f26b89c2159828c%7C0%7C0%7C637012041888127305&sdata=qbq9hlhRcfYQ7FdObWXGxM5w%2BYfjxLUxWc7tD8jRnYs%3D&reserved=0> I try all the same option but nothing is work. So I guess that instead that the ows_denied_ip_list was dismissed. Is this confirmed ? Thx. A. -- - Andrea Peri . . . . . . . . . qwerty àèìòù - -- - Andrea Peri . . . . . . . . . qwerty àèìòù - ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] ows_denied_ip_list is working ?
Hi Steve, thx for your test. I do more test to try to understand better what I'm wrong. Just to do a better with an more large IP range. Is possibile to use the IP/CIDR sintax to describe the IP range or need to list all the IP denied ? A. Thx, Il giorno mer 31 lug 2019 alle ore 23:50 Lime, Steve D (MNIT) < steve.l...@state.mn.us> ha scritto: > Hi Andrea: I just tested with MapServer 6.4 and 7.4 and it works as > expected, at least with WMS GetMap requests. My process was: > > > > 1. Make a WMS request and check the logs to confirm the IP I was > showing up as. > > 2. Edit the mapfile and add “ows_denied_ip_list” “my IP” to the WEB > METADATA section. > > 3. Perform the same WMS request in the browser – result was a WMS > exception. > > 4. Edit the mapfile and change the ip slightly so it shouldn’t > match but leaving the directive in place. > > 5. Perform the same WMS request in the browser – result was a PNG > image. > > > > I did tried multiple IPs in the list, with and without my IP and > everything worked as expected. I did not try using an external file. I did > notice with my IP in the list a GetMap request was blocked, a > GetCapabilities request was not. I didn’t try a GetFeature… request. > > > > Makes me wonder if you have the right IP for your test setup? > > > > --Steve > > > > *From:* Andrea Peri [mailto:aperi2...@gmail.com] > *Sent:* Tuesday, July 30, 2019 2:30 PM > *To:* Lime, Steve D (MNIT) ; > mapserver-users@lists.osgeo.org > *Subject:* Re: [mapserver-users] ows_denied_ip_list is working ? > > > > Hi, > > I was using a compiled version from a recent clone of master . > > > > I try to apply ot to WEB-> METADATA section section using this kind of > values: > > > > I try to use a list of IP directly listed using a space as separator > > "ows_denied_ip_list" "xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy > zzz.zzz.zzz.zzz" > > or using a file where there is the same list one IP for line > > > > "ows_denied_ip_list" "file:/path-to-file/file-with-ip-list.txt" > > > > The values listed are the possibly values of our proxy. > > So I guess setting them as denied IP mapserver should refuse to give a map > to every client wms using them. > > Instead the map are still showed. > > > > I'm using QGIS as wms client to test it. > > > > A. > > > > > > Il mar 30 lug 2019, 04:21 Lime, Steve D (MNIT) > ha scritto: > > I will test and reply back. What specific version, config and tests did > you try on your end? > -- > > *From:* mapserver-users on > behalf of Andrea Peri > *Sent:* Saturday, July 27, 2019 9:02:07 AM > *To:* mapserver-users@lists.osgeo.org > *Subject:* [mapserver-users] ows_denied_ip_list is working ? > > > > Hi, > > I see my version of mapserver don't work the ows_denied_ip_list. > > I see ths other mex: > > > http://osgeo-org.1560.x6.nabble.com/ows-allowed-ip-list-ows-denied-ip-list-not-working-td5202667.html > <https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fosgeo-org.1560.x6.nabble.com%2Fows-allowed-ip-list-ows-denied-ip-list-not-working-td5202667.html&data=02%7C01%7CSteve.Lime%40state.mn.us%7Ca2bef76fd62f471db1e608d715245908%7Ceb14b04624c445198f26b89c2159828c%7C0%7C0%7C637001118169695729&sdata=PWJxX4BJMhOodJ7FadppgR%2F3XAk9lLW%2FHJadeWehSRQ%3D&reserved=0> > > > > I try all the same option but nothing is work. > > > > So I guess that instead that the ows_denied_ip_list was dismissed. > > Is this confirmed ? > > > > Thx. > > > > A. > > > > > -- > > - > Andrea Peri > . . . . . . . . . > qwerty àèìòù > - > > -- - Andrea Peri . . . . . . . . . qwerty àèìòù - ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] ows_denied_ip_list is working ?
Hi Andrea: I just tested with MapServer 6.4 and 7.4 and it works as expected, at least with WMS GetMap requests. My process was: 1. Make a WMS request and check the logs to confirm the IP I was showing up as. 2. Edit the mapfile and add “ows_denied_ip_list” “my IP” to the WEB METADATA section. 3. Perform the same WMS request in the browser – result was a WMS exception. 4. Edit the mapfile and change the ip slightly so it shouldn’t match but leaving the directive in place. 5. Perform the same WMS request in the browser – result was a PNG image. I did tried multiple IPs in the list, with and without my IP and everything worked as expected. I did not try using an external file. I did notice with my IP in the list a GetMap request was blocked, a GetCapabilities request was not. I didn’t try a GetFeature… request. Makes me wonder if you have the right IP for your test setup? --Steve From: Andrea Peri [mailto:aperi2...@gmail.com] Sent: Tuesday, July 30, 2019 2:30 PM To: Lime, Steve D (MNIT) ; mapserver-users@lists.osgeo.org Subject: Re: [mapserver-users] ows_denied_ip_list is working ? Hi, I was using a compiled version from a recent clone of master . I try to apply ot to WEB-> METADATA section section using this kind of values: I try to use a list of IP directly listed using a space as separator "ows_denied_ip_list" "xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz" or using a file where there is the same list one IP for line "ows_denied_ip_list" "file:/path-to-file/file-with-ip-list.txt" The values listed are the possibly values of our proxy. So I guess setting them as denied IP mapserver should refuse to give a map to every client wms using them. Instead the map are still showed. I'm using QGIS as wms client to test it. A. Il mar 30 lug 2019, 04:21 Lime, Steve D (MNIT) mailto:steve.l...@state.mn.us>> ha scritto: I will test and reply back. What specific version, config and tests did you try on your end? From: mapserver-users mailto:mapserver-users-boun...@lists.osgeo.org>> on behalf of Andrea Peri mailto:aperi2...@gmail.com>> Sent: Saturday, July 27, 2019 9:02:07 AM To: mapserver-users@lists.osgeo.org<mailto:mapserver-users@lists.osgeo.org> mailto:mapserver-users@lists.osgeo.org>> Subject: [mapserver-users] ows_denied_ip_list is working ? Hi, I see my version of mapserver don't work the ows_denied_ip_list. I see ths other mex: http://osgeo-org.1560.x6.nabble.com/ows-allowed-ip-list-ows-denied-ip-list-not-working-td5202667.html<https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fosgeo-org.1560.x6.nabble.com%2Fows-allowed-ip-list-ows-denied-ip-list-not-working-td5202667.html&data=02%7C01%7CSteve.Lime%40state.mn.us%7Ca2bef76fd62f471db1e608d715245908%7Ceb14b04624c445198f26b89c2159828c%7C0%7C0%7C637001118169695729&sdata=PWJxX4BJMhOodJ7FadppgR%2F3XAk9lLW%2FHJadeWehSRQ%3D&reserved=0> I try all the same option but nothing is work. So I guess that instead that the ows_denied_ip_list was dismissed. Is this confirmed ? Thx. A. -- - Andrea Peri . . . . . . . . . qwerty àèìòù - ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] ows_denied_ip_list is working ?
Hi, I was using a compiled version from a recent clone of master . I try to apply ot to WEB-> METADATA section section using this kind of values: I try to use a list of IP directly listed using a space as separator "ows_denied_ip_list" "xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz" or using a file where there is the same list one IP for line "ows_denied_ip_list" "file:/path-to-file/file-with-ip-list.txt" The values listed are the possibly values of our proxy. So I guess setting them as denied IP mapserver should refuse to give a map to every client wms using them. Instead the map are still showed. I'm using QGIS as wms client to test it. A. Il mar 30 lug 2019, 04:21 Lime, Steve D (MNIT) ha scritto: > I will test and reply back. What specific version, config and tests did > you try on your end? > -- > *From:* mapserver-users on > behalf of Andrea Peri > *Sent:* Saturday, July 27, 2019 9:02:07 AM > *To:* mapserver-users@lists.osgeo.org > *Subject:* [mapserver-users] ows_denied_ip_list is working ? > > > *This message may be from an external email source.* > Do not select links or open attachments unless verified. Report all > suspicious emails to Minnesota IT Services Security Operations Center. > > > > Hi, > I see my version of mapserver don't work the ows_denied_ip_list. > I see ths other mex: > > http://osgeo-org.1560.x6.nabble.com/ows-allowed-ip-list-ows-denied-ip-list-not-working-td5202667.html > <https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fosgeo-org.1560.x6.nabble.com%2Fows-allowed-ip-list-ows-denied-ip-list-not-working-td5202667.html&data=02%7C01%7Csteve.lime%40state.mn.us%7C90724c9fc7d94d42158308d7129b0d4e%7Ceb14b04624c445198f26b89c2159828c%7C0%7C0%7C636998329472766840&sdata=TSVAPD7mBaTxr0tsTapcB8n7s7VJ%2BP%2B1hZ14zaEMndI%3D&reserved=0> > > I try all the same option but nothing is work. > > So I guess that instead that the ows_denied_ip_list was dismissed. > Is this confirmed ? > > Thx. > > A. > > > -- > - > Andrea Peri > . . . . . . . . . > qwerty àèìòù > - > ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] ows_denied_ip_list is working ?
I will test and reply back. What specific version, config and tests did you try on your end? From: mapserver-users on behalf of Andrea Peri Sent: Saturday, July 27, 2019 9:02:07 AM To: mapserver-users@lists.osgeo.org Subject: [mapserver-users] ows_denied_ip_list is working ? This message may be from an external email source. Do not select links or open attachments unless verified. Report all suspicious emails to Minnesota IT Services Security Operations Center. Hi, I see my version of mapserver don't work the ows_denied_ip_list. I see ths other mex: http://osgeo-org.1560.x6.nabble.com/ows-allowed-ip-list-ows-denied-ip-list-not-working-td5202667.html<https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fosgeo-org.1560.x6.nabble.com%2Fows-allowed-ip-list-ows-denied-ip-list-not-working-td5202667.html&data=02%7C01%7Csteve.lime%40state.mn.us%7C90724c9fc7d94d42158308d7129b0d4e%7Ceb14b04624c445198f26b89c2159828c%7C0%7C0%7C636998329472766840&sdata=TSVAPD7mBaTxr0tsTapcB8n7s7VJ%2BP%2B1hZ14zaEMndI%3D&reserved=0> I try all the same option but nothing is work. So I guess that instead that the ows_denied_ip_list was dismissed. Is this confirmed ? Thx. A. -- - Andrea Peri . . . . . . . . . qwerty àèìòù - ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
[mapserver-users] ows_denied_ip_list is working ?
Hi, I see my version of mapserver don't work the ows_denied_ip_list. I see ths other mex: http://osgeo-org.1560.x6.nabble.com/ows-allowed-ip-list-ows-denied-ip-list-not-working-td5202667.html I try all the same option but nothing is work. So I guess that instead that the ows_denied_ip_list was dismissed. Is this confirmed ? Thx. A. -- - Andrea Peri . . . . . . . . . qwerty àèìòù - ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
