Christopher Schmidt wrote: > On Tue, Oct 13, 2009 at 10:56:26AM -0400, [email protected] wrote: >> >> I would like to control the access to this WMS, so people can use it via >> my application, but can not "call" the WMS to use it in their client >> application. The reason is there is a "context" that comes with this WMS. >> Without it the data can be misinterpreted. > > It sounds like what you want is user access controls. Using Apache, > it is possible to limit access to users with a username and password or > other similar functionality. Without this type of limitation, there really > isn't anything you can do to prevent other applications or users from > accessing the data directly if there really is a desire to spread the > data around. >
One option to explore may be to use a wrapper script for your MapServer WMS that checks the HTTP_REFERRER CGI environment variable value and ensures that the WMS requests come from your openlayers website. If the HTTP_REFERRER doesn't match the URL of the website hosting your openlayers app then the WMS request would be rejected. I am not 100% sure that an ill intentioned person could not bypass this protection, but that could at least be used to prevent general access. See the MapServer WMS HOWTO for examples of wrapper scripts for WMS requests to help you get started: http://mapserver.org/ogc/wms_server.html#more-about-the-online-resource-url Actually, it may be possible to use a SetEnvIf directive directly in the Apache config instead of a wrapper. The following (untested!) example may do the trick First add this to your Apache config: # Force MapServer to accept mapfiles refs only using env vars SetEnv MS_MAP_NOPATH "yes" # And set MYMAP only if the Referrer is coming from this site SetEnvIfNoCase Referer "www\.mydomain\.com" MYMAP=/path/to/mapfile.map Then your WMS requests should refer to the mapfile using "map=MYMAP" instead of a full path. If the referrer is not valid, then MYMAP will not be set and MapServer will spit out an error. For more info, see: http://trac.osgeo.org/mapserver/wiki/EnvironmentVariables and http://httpd.apache.org/docs/2.0/mod/mod_setenvif.html Daniel -- Daniel Morissette http://www.mapgears.com/ _______________________________________________ Users mailing list [email protected] http://openlayers.org/mailman/listinfo/users
