[mapserver-dev] Enable/disable OWS layers by IP list

Tamas Szekeres szekerest at gmail.com
Wed Feb 13 07:18:48 PST 2013 

Hi Steve,

Thanks for the comments, using CIDR
notation<http://en.wikipedia.org/wiki/CIDR_notation>to define ranges
would be reasonable. This would allow to define subnets in
a single row. I think it would work with both ipv4 and ipv6 addresses.

Best regards,

Tamas



2013/2/13 Stephen Woodbridge <woodbri at swoodbridge.com>:
> On 2/13/2013 8:45 AM, Tamas Szekeres wrote:
>>
>> Hi Devs,
>>
>> I got a requirement from Faunalia (http://www.faunalia.it) to
>> establish option to Enable/disable OWS layers by IP list.
>> We need to add two new parameters to the WEB section of the mapfile,
>> and/or in the METADATA section of every single layer:
>>
>> 1. "ows_allowed_ip_list"
>> 2. "ows_denied_ip_list"
>>
>> Both should point to a file with a list of IP addresses.
>
>
> If you are pointing to a file then these should be
>
> ows_allowed_ip_file
> ows_denied_ip_file
>
> to avoid confusion. Using "list" implies that a item target should be a
list
> of ip addrs and not a file.
>
> These should not allow parameter substitution as that would be a simple
> defeat of the mechanism.
>
> Do you plan to support address ranges like:
>
> 192.168.1.1-192.168.1.10
> 192.168.1.0/24
>
> Otherwise looks fine.
>
> -Steve W
>
>> The aim is to let the admin to define list of users, identified
>> through their IPs to
>> allow or deny access to one or more specific WMS or WFS layers.
>>
>> I've prepared an implementation to this requirement which appears to
>> be a fairly simple addition to the code:
>>
>>
https://github.com/szekerest/mapserver/commit/4b7c203a1782cd56d01c34e1079a184c04e51207
>>
>> In my approach if both the allowed list and the denied list contains
>> the current endpoint IP then the denied list will take precedence.
>> If allowed_ip_list or ows_denied_ip_list is not specified or the
>> specified files are not readable then the current behaviour will
>> continue to work.
>>
>> Issue has also been added for this addition:
>> https://github.com/mapserver/mapserver/issues/4588
>>
>>
>> Let me know about your opinion whether this change is reasonable.
>> Would that require an RFC to be added?
>>
>> Deadline of this addition is close, so I'd prefer to include this as
>> soon as possible.
>>
>>
>> Best regards,
>>
>> Tamas
>> _______________________________________________
>> mapserver-dev mailing list
>> mapserver-dev at lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/mapserver-dev
>>
>
> _______________________________________________
> mapserver-dev mailing list
> mapserver-dev at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20130213/cf204823/attachment-0001.html>

More information about the mapserver-dev mailing list