<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-15">
<META content="MSHTML 6.00.2900.3243" name=GENERATOR></HEAD>
<BODY style="MARGIN: 4px 4px 1px">
<DIV>Hi Marc</DIV>
<DIV> </DIV>
<DIV>Where do you set this? Is it somewhere in httpd.conf?</DIV>
<DIV> </DIV>
<DIV>Many thanks,</DIV>
<DIV> </DIV>
<DIV>Robert Sanson<BR><BR>>>> "marc.monnerat@bluewin.ch" <marc.monnerat@bluewin.ch> 21/10/2008 4:21 a.m. >>><BR>Hello,<BR><BR>We are using this very basic setting:<BR><BR># Demo WMS<BR>Alias /wms-demo/usr/lib/cgi-bin/mapserver<BR><Location /wms-demo><BR> Deny from all<BR> # My network<BR> Allow from 10.133<BR> SetHandler cgi-script<BR> Options ExecCGI<BR> SetEnv MS_MAPFILE /var/www/wms/wms-demo/wms-demo.map<BR></Location><BR><BR>Cheers<BR><BR>Marc Monnerat<BR><BR>----Message d'origine----<BR>De: mgleahy@alumni.uwaterloo.ca<BR>Date: 20.10.2008 11:33<BR>À: <mapserver-users@lists.osgeo.org><BR>Objet: Re: [mapserver-users] Access control for wms served from mapserver cgi<BR><BR>Hello Rahkonen (and Stephan),<BR><BR>This is an idea that I could make work...I'd have to lock-down mapserv <BR>itself from all connections (otherwise anyone could just replace <BR>wms*.exe in the URL with the original mapserv.exe), though I guess I <BR>should be doing that anyway.<BR><BR>In response to Stephan Holl: I recognize there are other strategies that <BR>involve proxying the WMS requests. I was just hoping for something <BR>quick and easy that could be done with Apache more or less <BR>out-of-the-box using basic config files and/or modules like mod_rewrite. <BR> There have been a few cases where I needed to use mapserver on one <BR>machine to serve data using WMS to another server running mapserver as a <BR>WMS client. I just want to be able to do that with as little work as <BR>possible (i.e., if I can do it in Apache's config, then I can do it <BR>anywhere).<BR><BR>Essentially, my ideal solution would be if I can get something like <BR>mod_rewrite to say "if a request to mapserv contains <BR>'map=/path/to/somefile.map' in the query string, and the client is not <BR>equal to some IP address, return 403, otherwise allow the request". I <BR>just don't quite know how to get mod_rewrite to work like that for me (I <BR>found some promising examples online, but couldn't get them working).<BR><BR>Thanks again,<BR>Mike<BR><BR>Rahkonen Jukka wrote:<BR>> Hi,<BR>> <BR>> If it is easy to limit access to mapserv executable, then how about making a few copies of the executable and tie <BR>each copy to its own mapfile in httpd.conf?<BR>> <BR>> SetEnvIf Request_URI "/cgi-bin/wms1.exe?" MS_MAPFILE=d:/ms4w/apps/wms1.map<BR>> SetEnvIf Request_URI "/cgi-bin/wms2.exe?" MS_MAPFILE=d:/ms4w/apps/wms2.map<BR>> <BR>> Just thinking, I do not know if this is secure at all. <BR>> <BR>> -Jukka Rahkonen-<BR>> <BR>> <BR>>> -----Alkuperäinen viesti-----<BR>>> Lähettäjä: mapserver-users-bounces@lists.osgeo.org <BR>>> [mailto:mapserver-users-bounces@lists.osgeo.org] Puolesta Mike Leahy<BR>>> Lähetetty: 20. lokakuuta 2008 3:58<BR>>> Vastaanottaja: mapserver-users@lists.osgeo.org<BR>>> Aihe: [mapserver-users] Access control for wms served from <BR>>> mapserver cgi<BR>>><BR>>> Hello list,<BR>>><BR>>> Does anyone on this list know of a simple strategy for <BR>>> configuring Apache to restrict access to specific mapfiles <BR>>> served as WMS through the cgi mapserv program? I'd like to <BR>>> do is restrict access to specific IPs for URLs like the following: <BR>>> <A href="http://host/cgi-bin/mapserv?map=/path/to/file.map[&...].">http://host/cgi-bin/mapserv?map=/path/to/file.map[&...].</A><BR>>><BR>>> It's easy enough to limit access to the mapserv executable <BR>>> itself, but I'd rather do it on a per-mapfile basis. I tried <BR>>> a couple things using mod_rewrite in apache, but anything <BR>>> I've tried so far doesn't seem to work.<BR>>><BR>>> I know that this sort of question has been asked before, but <BR>>> after searching/tinkering for a while, I haven't found a <BR>>> solution that works for me yet.<BR>>><BR>>> Thanks for any suggestions,<BR>>> Mike<BR>>> _______________________________________________<BR>>> mapserver-users mailing list<BR>>> mapserver-users@lists.osgeo.org<BR>>> <A href="http://lists.osgeo.org/mailman/listinfo/mapserver-users">http://lists.osgeo.org/mailman/listinfo/mapserver-users</A><BR>>><BR>> <BR>_______________________________________________<BR>mapserver-users mailing list<BR>mapserver-users@lists.osgeo.org<BR><A href="http://lists.osgeo.org/mailman/listinfo/mapserver-users">http://lists.osgeo.org/mailman/listinfo/mapserver-users</A><BR><BR><BR><BR>_______________________________________________<BR>mapserver-users mailing list<BR>mapserver-users@lists.osgeo.org<BR><A href="http://lists.osgeo.org/mailman/listinfo/mapserver-users">http://lists.osgeo.org/mailman/listinfo/mapserver-users</A><BR><BR></DIV><br><br><table bgcolor=white style="color:black"><tr><td><br>------------------------------------------------------------------<br>
The contents of this email are confidential to AsureQuality. If you have received this communication in error please notify the sender immediately and delete the message and any attachments. The opinions expressed in this email are not necessarily those of AsureQuality. This message has been scanned for known viruses before delivery. AsureQuality supports the Unsolicited Electronic Messages Act 2007. If you do not wish to receive similar communications in future, please notify the sender of this message.<br>
------------------------------------------------------------------</td></tr></table><br><br>
<P align=center><FONT style="BACKGROUND-COLOR: #ffffff">This message has been scanned for malware by SurfControl plc. </FONT><A href="http://www.surfcontrol.com/"><FONT style="BACKGROUND-COLOR: #ffffff" color=#000000>www.surfcontrol.com</FONT></A></P>
</body></HTML>