[mapserver-users] Mapserver Security
Bill Thoen
bthoen at gisnet.com
Wed Jul 29 11:13:28 EDT 2009
Steve Lime wrote:
> Others may have different ideas but it seems to me you'll need to secure the wms binary
> rather than a directory. (I wouldn't store mapfiles and templates in a web accessible location
> anyway.) There are probably many ways to do this. One idea might be to have separate
> WMS binaries, one for password-protected stuff and another for public stuff, call 'em
> wms1 and wms2. Latest versions of MapServer allow you to set an env variable called
> MS_MAPFILE_PATTERN. This is used as a regex test against the requested mapfile and can
> help restrict what can be loaded. It's not fool proof but is a good start. You could ....
>
I thought I knew how regex worked but I guess not. Attempting to follow
your advice, I'm trying to run this file from a wrapper:
/var/www/mapfiles/MyMapfile.map
and in /etc/httpd/conf/httpd.conf, I've set the following line:
SetEnv MS_MAPFILE_PATTERN='^/var/www/mapfiles/.*$'
and restarted the httpd service.
But what's wrong with my regex? I'm getting this error:
msEvalRegex(): Regular expression error. String
(/var/www/mapfiles/MyMapfile.map) failed expression test.
More information about the mapserver-users
mailing list