[Mapbender-users] mod_fcgid, suexec, owsproxy

[Hr. Johannes Loose]

Hello List,

Has anyone tried to get mapbender running in a apache2 / mod_fcgid / suexec environment? 
Well, I have a mapbender 2.5 running here, but there are still some problems left.

1) OWSPROXY: The Proxy itself is running fine. The rewriting works and mapbender 
displays the maps. But the service is reachable directly, still. What is the recommended way 
to secure it, that owsproxy reaches the service, but that it's unreachable from the outside?

My configuration is like that: 
* vhost1: the mapbender site - running as user mapbender
* vhost2: the owsproxy module - running as user mapbender 
* vhost3: the mapserver cgi - running as user mapserver (handler is cgi_bin, it won't work 
with mod_fcgid)

To access a geodata service I call a script like that, for the encapsulation of the map= 

#!/bin/sh
MAPSERV="/var/www/mapserver/mapserv"
MAPFILE="/path/to/my/mapfiles/MyTest.map"
if [ "${REQUEST_METHOD}" = "GET" ]; then
  if [ -z "${QUERY_STRING}" ]; then
      QUERY_STRING="map=${MAPFILE}"
      else
      QUERY_STRING="map=${MAPFILE}&${QUERY_STRING}"
   fi
        exec ${MAPSERV}
else
        echo "Sorry, I only understand GET requests."
    fi
exit 1
  # End of Script


So, if mapbender calls the service via owsproxy, the user displaying the map is 'mapserver'. I 
can't lock mapserver out, 'cause it wohn' work from both siden then.
Well, can you give me a hint on how to make the service unaccessable directly, but 
accessable with owsproxy? I did not find that in the mapbender wiki...


2) Print_pdf

I triple checked my configuration, but I get an empty site all the time. Could that have 
something to do with mod_fcgid? Maybe the GET Request is not properly passed. Has 
anyone yet tried that configuration? Any help is appreciated!

Thanks in advance

Johannes