[Mapbender-users] Secure a WMS

Hr. Johannes Loose loose at lwf.uni-muenchen.de
Wed Dec 3 07:27:59 EST 2008

Hello Ronald,

Thanks for your quick answer. Indeed I am using UMN Mapserver so my question is the 
related to that software. 

The possibility to capsulate the map= parameter is nice to hide the absolute path of the 
mapfile, but can not be seen as a way to secure a wms, because a user can call the wms 
through the wrapper, too. The mapfile itself is not viewable from the outside anyway.

To secure the WMS using the webserver configuration is a possibility if I want to make the 
wms accessible for certain IPs or networks only. In that case I  don't need the owsproxy at all. 
Am I wrong?

What I am looking for is a possibility to deny all direct accesses to the WMS, but allow the access via the owsproxy only. 
That way one could ensure that only verified users may use the service.

What I thought of is a way to use the linux file permissions (user /group) settings to achieve 
that. But I am not clear ernough how that could work.

Any suggestions?

Thank you


Am 3 Dec 2008 um 12:39 hat Ronald Woita geschrieben:

> Hi Johannes,
> in my opinion the only solution is to protect your ows services
> depending on the software you use.
> With mapserver UMN first you can hide the path details from your local
> file system by this instruction
> http://www.mapbender.org/Kapseln_der_MapServer_Konfigurationsparameter
> The second step is to protect the resulting cgi for the ows service
> with the functionality of your web server
> Here is an example for Apache :
> <FILES ows_map1>
>   order deny, allow
>   deny from all
>   allow from
> </FILES>
> Another interesting approach I'm testing at the moment is the
> layer-level-security by GeoServer.
> http://geoserver.org/display/GEOSDOC/Layer+level+security 
> greetings
> Ronald
> --
> Ronald Woita
> http://geoportal.rostock.de
> Hansestadt Rostock
> Kataster-, Vermessungs- und Liegenschaftsamt
> Holbeinplatz 14, 18069 Rostock
> email: ronald.woita at rostock.de 
> phone: +49 (0)381 - 381 6256
> >>> loose at lwf.uni-muenchen.de 03.12.2008 11:29 >>>
> Hello List,
> Maybe my mail some days ago has been too complex or too many questions
> in one thread, 
> so that there have been no replies so far. I'll try to ask my main
> question again, but shorter:
> What is the recommendet was to secure a geodata service (WMS)? The
> mapbender wiki 
> tells how to set up the owsproxy and use it to access a service. It
> also points out the 
> neccesity to secure the service for unauthorized access independet of
> the mapbender, but it 
> does not tell how that can be done.
> Could anyone point me to docs about that issue or give me a small
> example on how to 
> achieve that?
> Thanks in advance
> Johannes
> _______________________________________________
> Mapbender_users mailing list
> Mapbender_users at lists.osgeo.org 
> http://lists.osgeo.org/mailman/listinfo/mapbender_users
> _______________________________________________
> Mapbender_users mailing list
> Mapbender_users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapbender_users

More information about the Mapbender_users mailing list