[Geoprisma-dev] Securing services

[Stephen Woodbridge]

Yves Moisan wrote:
> Hi List,
> 
> Did any of you folks secure MapServer, TileCache and FeatureServer using
> Apache directives and if so can I have "recipes" to do it efficiently ?

I have not done this yet, but my plan was very simple. Just make the 
services you want secured only available on localhost so that the proxy 
can access them but the remote client can not.

> Do I need an .htaccess file or just httpd.conf settings ?

I do not believe there is anything that can be put into a .htaccess file 
that can not alternatively be done in the http.conf or one of the 
vhost.conf files.

Really securing a server takes some thought, because if you have 
mapserver or other webservices running on it wide open for other 
applications these might be back doors into your data and like if know 
the path to your mapfile I might be able to access it via one of the 
other instances by specifying it directly. So if you are going to have a 
secure server then you probably want to avoid exposing the cgi-bin to 
the public ip address and you need to make sure you appropriate secure 
all web services that you proxy hits. One way to do this is only make 
those services available on a priviate ip or via localhost. I guess I'm 
trying to say you need to do two things:

1) secure you intended services
2) make sure other unsecured services can not be compromised to access 
your data

Just my two cents - this is a good question and probably should be 
discussed and written up in the wiki or docs somewhere.

-Steve W

> TIA,
> 
> Yves
> 
> 
> _______________________________________________
> Geoprisma-dev mailing list
> Geoprisma-dev at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/geoprisma-dev