[mapserver-dev] Enable/disable OWS layers by IP list

Stephen Woodbridge woodbri at swoodbridge.com
Wed Feb 13 06:28:09 PST 2013 

On 2/13/2013 8:45 AM, Tamas Szekeres wrote:
> Hi Devs,
>
> I got a requirement from Faunalia (​http://www.faunalia.it) to
> establish option to Enable/disable OWS layers by IP list.
> We need to add two new parameters to the WEB section of the mapfile,
> and/or in the METADATA section of every single layer:
>
> 1. "ows_allowed_ip_list"
> 2. "ows_denied_ip_list"
>
> Both should point to a file with a list of IP addresses.

If you are pointing to a file then these should be

ows_allowed_ip_file
ows_denied_ip_file

to avoid confusion. Using "list" implies that a item target should be a 
list of ip addrs and not a file.

These should not allow parameter substitution as that would be a simple 
defeat of the mechanism.

Do you plan to support address ranges like:

192.168.1.1-192.168.1.10
192.168.1.0/24

Otherwise looks fine.

-Steve W

> The aim is to let the admin to define list of users, identified
> through their IPs to
> allow or deny access to one or more specific WMS or WFS layers.
>
> I've prepared an implementation to this requirement which appears to
> be a fairly simple addition to the code:
> https://github.com/szekerest/mapserver/commit/4b7c203a1782cd56d01c34e1079a184c04e51207
>
> In my approach if both the allowed list and the denied list contains
> the current endpoint IP then the denied list will take precedence.
> If allowed_ip_list or ows_denied_ip_list is not specified or the
> specified files are not readable then the current behaviour will
> continue to work.
>
> Issue has also been added for this addition:
> https://github.com/mapserver/mapserver/issues/4588
>
>
> Let me know about your opinion whether this change is reasonable.
> Would that require an RFC to be added?
>
> Deadline of this addition is close, so I'd prefer to include this as
> soon as possible.
>
>
> Best regards,
>
> Tamas
> _______________________________________________
> mapserver-dev mailing list
> mapserver-dev at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-dev
>

More information about the mapserver-dev mailing list