[MapServer-users] Fwd: Setting up authorization for Mapserver access using Apache2 .htaccess
Neil Underhill
neil.underhill at gmail.com
Wed Nov 16 12:00:16 PST 2022
Posting here as I didn't yet get a reply to the same query on StackOverflow
(
https://stackoverflow.com/questions/74309087/setting-up-authorization-to-mapserver-using-apache2-htaccess
).
I am running a website with Apache/2.4.53 (Debian) and Mapserver 7.6.2. I
have set up a 'secure' part of the web site following instructions here:
https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04
.
I would now like to display some geospatial data held in Mapserver via an
Openlayers WFS map on the secure site. The challenge I have is that once a
user logs in, they can see the MapServer access details in the Openlayers
script so have the server URL and mapfile name, and can access this outside
the secure site i.e. without going through Apache authentication.
There was some discussion about securing access MapServer 11 years ago (
https://gis.stackexchange.com/questions/5686/securing-wms-against-unauthorized-access)
but this didn't seem applicable.
As I understand it Mapserver is accessed through a CGI to which requests
are redirected through Apache. Would moving the /usr/bin/mapserv executable
into a folder managed by Apache2 work? (as seems to be suggested here:
https://stackoverflow.com/questions/51850322/cgi-bin-htaccess-or-apache2-config-rules-bring-up-password-dialog-but-cgi-exec
Any advice appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-users/attachments/20221116/10dab29b/attachment.htm>
More information about the MapServer-users
mailing list