[mapserver-dev] Enable/disable OWS layers by IP list

Tamas Szekeres szekerest at gmail.com
Wed Feb 13 05:45:23 PST 2013

Hi Devs,

I got a requirement from Faunalia (​http://www.faunalia.it) to
establish option to Enable/disable OWS layers by IP list.
We need to add two new parameters to the WEB section of the mapfile,
and/or in the METADATA section of every single layer:

1. "ows_allowed_ip_list"
2. "ows_denied_ip_list"

Both should point to a file with a list of IP addresses.

The aim is to let the admin to define list of users, identified
through their IPs to
allow or deny access to one or more specific WMS or WFS layers.

I've prepared an implementation to this requirement which appears to
be a fairly simple addition to the code:

In my approach if both the allowed list and the denied list contains
the current endpoint IP then the denied list will take precedence.
If allowed_ip_list or ows_denied_ip_list is not specified or the
specified files are not readable then the current behaviour will
continue to work.

Issue has also been added for this addition:

Let me know about your opinion whether this change is reasonable.
Would that require an RFC to be added?

Deadline of this addition is close, so I'd prefer to include this as
soon as possible.

Best regards,


More information about the mapserver-dev mailing list